Without notarization, you can still `codesign --timestamp` to have Apple co-sign your app, which validates that your certificate was valid when you signed the app, even if your certificate later expires.
Notarization is an advanced version of this where Apple adds to the signature "we have scanned the app for vulnerabilities and will continue to do so"
Notarization is an advanced version of this where Apple adds to the signature "we have scanned the app for vulnerabilities and will continue to do so"