You used to be able to sign your code with a self-signed certificate. It's close to not signing it at all, but the user could then agree to trust you for ever more. I have a few webstart apps publicly available, and more at work. Soon they will stop working. My choices will be:
- pay hundreds of dollars for a proper certificate (extremely unlikely)
- persuade the users to install "Deployment Rule Sets" to allow my stuff to run (almost as unlikely)
- get the users to run the code locally without webstart (completely insecure, and I'll probably need to make an installer)
