We provide our software on a single dmg that contains several pkgs that are then used individually on customer computers. That is, the installers will usually not be run directly from the dmg. So I think the correct approach is to notarize and staple each pkg before creating the dmg. In this case, is it unnecessary to notarize the dmg?
And a similar question / request for clarification: I understand that notarizing a pkg will also notarize the apps contained therein, but is it the case that we only have to staple the pkg, and this will include whatever is needed for the apps as well?
Thanks for any insights,
Mark