Currently the signed addons are a hardship for both server admins and players. Chances of a full match between a public server's keys and a player's keys are quite small, so the choice is between having a server that isn't checking keys or playing addon/modless.
I'm staff member of ECL (a PvP league for ArmA), and we've brought out an addon pack consisting of various addons from the community as well as a few home made ones. To prevent the problem with gathering keys from the addons we include in the pack and having server admins install those, we (re-)signed the keys with one key. This way we make life easier for the server admins, and we have control over the addons actually used during a match (if you include an addon maker's key, you allow every single addon made and signed by this addon maker, instead of just the addon you want to include).
You could consider a similar system for public play, and that was what my suggestion was about. Advantages would be that you have a single source for your addon signatures (and only one server key). You could simply add the key to your server as server admin, and thus only trust the addons that were signed by the signing authority (OFPEC e.g.) instead of trusting the addon maker (and every single addon he has produced and will produce). No more choice between allowing all mods & addons (with the risks involved) and having an empty server because nobody wants to play with plain vanilla ArmA.
The main requirement would be (as Q stated) for addons to be cheat free. You would need
- proper criteria as to what cheat free really is (e.g. a mod that changes an M4 from burst to full auto mode: Not intended as cheating, but changing game play considerably and perhaps even crashing servers, should that pass?)
- volunteers checking addons (unpacking, reviewing the contents against the stated criteria) and approving these addons
- a limited number of people able to sign the addons and release them as such.
You could even consider a few stages in approval: Create two keys, one for 'we think the addon is OK, but we need to test it' and one for 'fully approved'. Server admins that like to live on the edge could install both keys and allow people to test out those 'we think it's OK' addons, server admins that want to be safe would only install the 'approved' key.
Anyway, if such a system is considered useful, I'm definitely willing to help out.
HitmanFF.