Notarizing and signing are actually separate things on MacOS, signing the app or checking the signature of the dmg are orthogonal to the issue described and the popup in that report. Notarization is sending the app (zipped) to apple's notarization service so they can check it doesn't use any apis that it shouldn't or something, then the .app needs to be "stapled" with the notarization before putting it into the dmg. That said iirc signing the app is a requirement before submitting the app to apple's notarization service in the first place.