What is the “right” way to use the jogl jars? Should I be pointing off to Sun with this?
<extension href="https://jogl.dev.java.net/webstart/jogl.jnlp" name="jogl"/>
Or should I be rebuilding the jars and signing them myself?
Does it really matter?
The intention is that you should be able to use that jogl.jnlp file and the associated jars. Because they are structured as a signed extension, your application doesn’t need to be signed.
Does this mean that these libraries are updated as new releases come out? That concerns me a little since I may wish to control the version of jogl my app runs with. This would be much in the same way one might wish to ensure a particular JRE.
Yes, these libraries are updated for each new release. In theory we should have backward compatibility between releases but in practice some of the bug fixes that have gone in have caused problems for certain applications. If you could file an RFE with the JOGL Issue Tracker to preserve old versions of the webstart jars then we could have two options, specifying a specific version (e.g. jogl-1.1b07.jnlp) or specifying the latest version (e.g. jogl.jnlp).