@Beatrix W @Sam Rowlands: you are doing something wrong :-) . My favourite application besides Xojo is unsigned and runs fine on Mojave.
That's good to know; I guess I'll have to purge 10.14 from it and re-install.
@Christoph Dnbsp;Vocht What if you want to distribute your app with a .dmg and .zip (for example with a updater tool line Kagi)?
In that case you need to notarize the dmg and zip separately.
Firstly, I would recommend considering the Apple installer as part of the update process. It adheres to Apple's current security underpants and has the added advantage that it WILL replace your application where-ever it is on the hard disk.
Secondly; from my understanding of the documentation, stapling is not actually required. When a Notarized application is launched, the macOS phones home to check the security of the application. What stapling does is attaches a sorta security badge (on top of all the other security protocols applied), which is used in that moment. The macOS will still phone home, it just doesn't prevent you from launching the application until it's gotten a response.
Now; the biggest problem with Notarization, is not that Apple doesn't trust us 3rd Party developers, nor that they look at the byte code of your application to determine what it's doing, it's the "Hardened Runtime". This applies a far stricter set of security rules to the application, that has already caused some developers to have to remove features from their apps. So PLEASE PLEASE make sure you thoroughly test your application once it's been code signed.
p.s. You probably want to make sure that you don't have any function names that Apple might take offense to, I know of one developer who got into trouble because Apple didn't like his function names and thought he was doing something suspicious.