Java Web Start makes dealing with a mix of signed and unsigned jars a horrible mess -- since everything within a given JNLP file must have the same code signer. We either have to write server-side code to sort jars by their signer and dynamically produce JNLP files for each signer or we have to produce a separate JNLP file for each signer. Either way this is a real mess that appears to be completely unnecessary. Even if we re-sign all 3rd-party jars with our own certificate (please note many others do for Java Web Start which seems quite inappropriate), when developers are developing new features they self-sign the jars since they don't have access to the official certificate. Rebuilding/resigning all the jars with the self-signed certificate is impractical in this case -- so we need to be able to handle a mix of jars from different signers, where the signer for each jar is not known prior to runtime.