I've created a package from an app using productbuild and signed it using
productsign --sign 'Developer ID Installer: MyName (XXXXXX7RBW)' /Users/Desktop/my_app.pkg /Users/Desktop/my_app_signed.pkg
I then checked the signature via
pkgutil --check-signature /Users/Desktop/my_appsigned.pkg
I uploaded the package for notarization, which subsequently failed. The error log indicated two binaries were not signed with a valid developer ID certificate. The names were QtWebSockets and QtQmlModels.
While I've encountered similar obstacles in the past, they usually arose when folder names contained periods. I simply deleted the folders from the package, which seemed to have no effect on its functionality.
This error is altogether new for me though.