We currently find the notarization process and requirements confusing.
Mostly due to those parts of the documentation :
You can notarize several different types of software deliverables, including:
Non-app bundles, such as kernel extensions
Disk images (UDIF format)
Flat installer packages
Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.
1. The notarization documentation doesn't refer to AudioServerPlugin bundles.
Do they need to be notarized in order to be loaded by coreaudiod ?
It says that we CAN notarize, not that we MUST... Sound confusing to us.
Moreover, this important notice is not clear either :
Our AudioServerPlugin is not a kernel extension BUT is a "non-app bundle", so what is the requirement here ?
2. "all software from developers new to distributing with Developer ID"
This part is also confusing.
We currently distribute and sign our app with a Developer ID for months.
Does this mean notarization is not a requirement for the current Developer ID, and will only be required when the certificate will be renewed ?
It is not clear what must be done to deliverables in order to run.
Will notarization be a requirement in order to run development builds ?
Will a QA team always have to test a notarized deliverable on macOS > 10.14.5 ?
Will a QA team have to disable GateKeeper in order to test a non notarized deliverable ?
We tried non notarized app and CoreAudioPlugin on 10.14.5 and everything runs fine.
So it's currently quite confusing to know which conditions will put our deliverables in a non runnable state :/
Thank you very much for your inputs regarding this topic and any help regarding our (mis)understanding of the notarization requirements