So Apple’s latest effort to make software downloads safer while simultaneously making life more difficult for us software vendors is something they called app “notarization”.
Has anyone been through this process yet? How was it? Should I tremble in fear and despair? Any tips?
Yes. Documentation is not great. But otherwise it is not too bad. I wrote up my experiences here:
Thanks @Andy
it is not easy to fully automate in a script
That is a pity. Here’s hoping Apple eventually makes this easier.
I think I’ll hold notarizing my releases until Apple make it absolutely essential.
I’ve been using an app from someone who is well known in the Xojo community. My stuff is written in Xojo and I have one app in the MAS. https://www.ohanaware.com/appwrapper/
Works well. v3.9 will cover notarization, the beta went well apparently, not sure when he will formally release. The app can be written in xCode, Xojo or others, AppWrapper doesn’t care.
Cross platform, including macOS, development is a pain. Because Apple appears to insist you use their software for everything, it makes producing a one-click or automated build that can be run from other computers very difficult.
In my case, because I’ve not found a solution to allow me to sign a DMG or .app from Linux, I have to ssh in, do a bunch of frigging about, then copy the resulting signed app back to the build server. A right pain in the a**e!
And I expect this will just make it more difficult. The assumption of having XCode installed… 
My cross-platform desktop app is written in Java. I use a tool called install4j to create, package, and sign the macOS-specific and Windows-specific installers. install4j works well and can be run on any OS - including Linux. No need for Xcode.
Java might not be a great choice for a desktop app, but in this regard it has worked out well for me.
But notarization is possibly going to destroy my little Java utopia. 
Can you describe how you sign the macOS installer?
And then maybe add an answer to https://stackoverflow.com/questions/11736368/how-to-sign-a-mac-os-x-application-in-linux which I can accept as the answer…
Can you describe how you sign the macOS installer?
Good question. But I don’t know the answer. install4j does the code signing. Perhaps the team that make install4j has re-implemented the macOS code signing in Java.
From install4j’s website:
Integrated code signing on Windows and Mac OS X . In the “General Settings” section, install4j now has a “Code signing” tab where you can configure code signing certificates for Windows and Mac OS X. Code signing will be applied to all launchers and installer applications in the corresponding media files. The implementations for code signing are cross-platform, so you can sign Windows and Mac OS X media files from a Linux build server, for example.
Ok, that’s an interesting data point… it must be technically possible, therefore.