Per WWDC 2018 Session 702, that Apple is amending the seemingly over simplified development process by injecting the "Apple Notary Service", such that developers would need to sign and notarize the ready-to-be-distributed package in dmg or zip, etc. formats, before distributing via website. How would this work with non-developers, such as product managemers, internal QA, or even selected customers, to access the daily/alpha/beta/rc builds that are yet to be final for our customers?
Similarly, how would this work with the same software but customized for customers? We used to allow our customers to customize the official released package with licensing information, and user accessible/editable contents specific to their institutions, before they distribute to their users. The release of macOS Sierra (10.12) broke the entire workflow because a lot of them don't have Developer ID Application to sign the customized package, and they can't customize site-specific contents because they live outside the app, which is subjected to the path randomization protection. We winded up inheriting the customizations. How would the Apple Notary Service work with this scenario? Do we need to notarize these customized disk images too, because a zip file in the installer application's Resources folder is updated with non-executable contents. We have the practice to update these package to the latest version whenever we make a public release, do we need to notarize these (~10K) packages every time that happens?
Thanks in advance.