Yes the jDeploy installer is codesigned and notarized. The same installer is reused for every app. It figures out the specific app to be installed from a code in the installer name, so that, when run, the installer installs the correct app.

With a pkg I would need a different pkg for every app - which would need to be codesigned. Then we're back at the "need a mac to build mac app" issue. I wanted jDeploy fulfill WORA to whatever extent possible.