Is it mandatory to staple the ticket to the binary/pkg?
Not currently, but it is strongly recommended.
On 10.14.5, notarisation only kicks in during Gatekeeper checks, that is, on the first launch of a newly downloaded app or on installation of an installer package [1]. If Gatekeeper can’t find a notarisation ticket stapled to the item, it attempts to get that ticket from the Apple notarisation servers. Assuming the Mac is online, this typically works and thus the Gatekeeper check succeeds.
However, if you don’t staple the ticket to the package and the Mac is offline during the Gatekeeper check, this access will fail )-:
My experience is that stapling is the easiest part of this whole process, so I’m curious as to why you’d want to skip it?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
[1] The system also checks notarisation on kernel extensions (KEXTs), but I’m presuming that’s not relevant to your case.