Heya. I'm having a bit of trouble understanding how one script self-updates; Can anyone explain it to me? (searches on google made me even more confused)

Both Greasemonkey and TamperMonkey handle script updates automatically. All the script author needs to do is increment the @version metadata value when uploading a new version.

Re: @sizzle:
is there a way I can make sure of this? I tried lowering the version at my script and refreshing to see if it would increment back up again to no avail..

Re: @moshmage:
When you alter an script, you lock the script from updating. If this didn't happen, all updated you manually did to the script will be lost every time a new version was released.
In Greasemonkey you can override the locked state, by right-clicking the script in the addons tab and selection the item "Forced find updates".
Anyways the update feature in Greasemonkey and TamperMonkey has been there for many years already, so it's very thorough tested.
If you still want to check if incremental updating works, you have to host your userscript somewhere, install that version and then update the @version metadata of the hosted version.

Re: @sizzle:

I still don't understand how this works.
Can you EDIT the script in the openuserjs inline editor and increment the version? or will this lock the script from updating like @jerone mentioned?
or do you have to re-upload the updated script with an incremented version?

Re: @quacku:

Can you EDIT the script in the openuserjs inline editor and increment the version?

Yes.

... or will this lock the script from updating like @jerone mentioned?

Jerone's statement is if you edit the script locally on your machine in the gm_scripts folder either directly or through the .user.js engine UI. Greasemonkey (GM) 3.7+ has a visual display now on what can and can't be updated automatically (see greasemonkey/greasemonkey#2358)... still twiddling with this testing wise.

For example if you open up the AOM and right click one of the User Scripts... edit it... and save it... then you lose automatic updating capabilities for that edited script... at least with GM/GM Port. e.g. not the OpenUserJS.org (OUJS) remote editor. GM 3.7+ also now prevents disabled scripts from updating. I haven't tried any of this with any other .user.js engine to see what happens on local edit.

So the answer to this half of your compound question is no.

do you have to re-upload the updated script with an incremented version?

This is one option. There is editing the script online, uploading a new version, or the webhook/import from GH... remotely... all of which you may increment your @version.

I still don't understand how this works.

Better?

Re: @Marti:

I have another question, if for example a script installs with @include http://siteA.com, is it possible for the author to later update it and have @include http://siteB.com?

if so, isn't this a security risk, since the initial installation didn't include siteB?

Re: @quacku:

... is it possible for the author to later update it and have @include http://siteB.com?

Yes.

... isn't this a security risk... ?

See also:

Sidenote: Please try your best to use back ticks (the back apostrophes surrounding your inline code) for inline code snippets and/or code fences for multi-line with highlighting (see Frequently Asked Questions#Q: How do I ensure the correct syntax highlighting of my code snippets?). I've corrected it in your last post.

If you need a guide for markdown syntax there is GitHubs (GH) and one of the originals of Daring Fireballs markdown syntax... plus there is always the toolbar in this comment window to help you out... the </> button is the symbol to assist helping you get used to it. The Preview button is everyone's friend too. :) We support many of those options in our markdown support... but not every one of GH's. Thank you for this courtesy in advance. :)

I suspect that's rather the question to @arantius ...
As for now, is there any sense in writing meta-tags @downloadURL, @updateURL and their ilk?

Re: @trespassersW:

As for now, is there any sense in writing meta-tags @downloadURL, @updateURL and their ilk?

Absolutely... consolidation is the main factor. The minification routines are exposing these flat out in the UI now and how it interacts with a script source. Being cautious of a target is good however that doesn't negate effective, uncrippled, usage... which leads to the paranoia aspect... don't install it if you don't trust it.

Network of Trust is something I've been mentioning off and on for over a decade now with Userscripts.