Fixing the updater

Current issues

• can be broken by third parties, if they provide signed jars but don't change the game name
• does not allow updates of the updater
• can break if jar files are missing in the update change (e. g. stendhal-0.90.jar with only stendhal-diff-0.92-0.93.jar) because of NullPointerExceptions on missing resources
• requires new complete download on signature expire
• version number in start is missleading

Approaches

• Have only a very small signed package that requests the webstart permissions.
• do the update and startup handling in another, updatable package
• use own signing of .jar files with a certificate that does not expire in a year.
• verify signature before adding a .jar to the classpath to prevent third parties from breaking the update
• if a resource does not exist, don't return null but throw a LinkageException