Fixing the updater
- can be broken by third parties, if they provide signed jars but don't change the game name
- does not allow updates of the updater
- can break if jar files are missing in the update change (e. g. stendhal-0.90.jar with only stendhal-diff-0.92-0.93.jar) because of NullPointerExceptions on missing resources
- requires new complete download on signature expire
- version number in start is missleading
- Have only a very small signed package that requests the webstart permissions.
- do the update and startup handling in another, updatable package
- use own signing of .jar files with a certificate that does not expire in a year.
- verify signature before adding a .jar to the classpath to prevent third parties from breaking the update
- if a resource does not exist, don't return null but throw a LinkageException