I've just tested an unsigned
JWS JOGL application and (surprise...) it works !
Well, may be I'm the only one to be surprised, but if there are others like me, here's what i've done :
my JNLP file :
- <security/> (no permissions)
- external jnlp file (https://jogl
....) for JOGL extension.
- my jars (sandboxed)
And on the start, Java Web Start just asked me if I trusted the JOGL certificate issued by a valid provider - Java Game Technology - without the ugly warning message ("we urge you not to accept this certificate...").
That means we can distribute JOGL applications without the need of a certificate !!
==> one more thing : if we had a hook in jogl.jar to set a fullscreen window, that would be perfect (this is the only major thing missing in this context, as we cannot do that from our untrusted jar).
What do you think of it ?