For macOS (which is what we're talking about in a topic about notarization), you can sell your software any way you want outside of the App Store, without the 30% cut. There's still a $100/year developer account fee to be able to notarize new builds of your app.
This is not iOS where the App Store is the only way to install an app.
This comment is not an endorsement of any aspect of Apple's business model, I'm just correcting a factual error in your comment.
That is correct, but that is a special discount program you have to apply for, wait for judgement, and get approved for in advance. It's not the default.
It was a great step forward, but I don't understand why they made it so complicated with an approval process, when Google did the same thing afterwards and could just say "the first million dollars a year is 15%, after that it's 30%".
The total revenue difference for the different companies is probably negligible.
(or... outside of the App Store you can sign up for a PayPal account and accept payments at a 3% rate instantly)
They review applications because they want to make sure big developers with many apps aren't dividing their apps across lots of different developer accounts so as to get around the total sales cap. (The application form asks questions about other accounts you have, related businesses etc.)
If you are a small dev with just one developer account, you'll sail through the applicaton process.
The cheapest base code signing certificate will be via a Sectigo (formerly Comodo, although they allow resellers to advertise either brand) reseller. I'm not affiliated with this site beyond being a customer, but the website 'codesigncert.com' is the absolute cheapest i've found for Windows signing (EV 3 years: $219/yr [0] / regular 3 years: $59/yr [1]).
Note that this landscape might change in the future. Microsoft is working on Azure Code Signing, which will mean Microsoft themselves manages issuing the certificate, doing the identity verification, etc - the only catch being that they probably don't want to have to deal with any lost keys or improperly stored keys, so they don't let you generate your own cert and you can only sign certs via the API or other integrations. All of this info is available via this talk [2] and it's the only public information available on this service that i've found.
Wasn't for me. That site's renew button simply starts an order for a new one (as renewal is really just replacing with a new, extended certificate) and sectigo themselves re-did all the company verification, after which my cert was issued. Went smoothly except for waiting ~24 hours for it. If you were trying to get an EV certificate, the process is supposed to be more strenuous on making you prove your operation (sometimes) as well as prove that your certificate infrastructure is secure enough.
This is not iOS where the App Store is the only way to install an app.
This comment is not an endorsement of any aspect of Apple's business model, I'm just correcting a factual error in your comment.