Author Topic: OFPEC hosting & signing orphaned Addons  (Read 748 times)

0 Members and 1 Guest are viewing this topic.

Offline hoz

  • OFPEC Site
  • Administrator
  • *****
OFPEC hosting & signing orphaned Addons
« on: 09 Jan 2008, 16:34:40 »
There has been a little bit of discussion over at the BI forums about OFPEC hosting and signing addons. I opened this topic so we could discuss what it would take for OFPEC to do this, benefits, and any pitfalls of performing such a function.

To summarize that particular thread two things are being asked...

Responsibility for community created content lies within the community. I do think it's a good idea in the sense that a well established ArmA community site - like for example OFPEC - could (re-)sign addons that are tested and proven to be working and cheat free with one key. This way you could have a single 'trusted' key that server owners could install on their server; all addons that are considered trustworthy by the community could be used by the community on servers.

So would the OFPEC team be willing to inspect and sign orphan addons ?

Xbox Rocks

Offline kju

  • Members
  • *
    • PvPScene - The ArmA II multiplayer community
Re: OFPEC hosting & signing orphaned Addons
« Reply #1 on: 09 Jan 2008, 17:54:33 »
It would be great, yet one should not underestimate the work for the requirements:
  • tested
  • proven to be working
  • cheat free

So it would be too easy to say that OFPEC should just take over.
Instead OFPEC could be that patron of the project and technical host, yet the effort needs to be shared in my view.

Instead the requirement should be rather:
  • cheat free
« Last Edit: 09 Jan 2008, 18:01:39 by PROPER.Q »

Offline HitmanFF

  • Moderator
  • *****
Re: OFPEC hosting & signing orphaned Addons
« Reply #2 on: 11 Jan 2008, 12:48:33 »
Currently the signed addons are a hardship for both server admins and players. Chances of a full match between a public server's keys and a player's keys are quite small, so the choice is between having a server that isn't checking keys or playing addon/modless.

I'm staff member of ECL (a PvP league for ArmA), and we've brought out an addon pack consisting of various addons from the community as well as a few home made ones. To prevent the problem with gathering keys from the addons we include in the pack and having server admins install those, we (re-)signed the keys with one key. This way we make life easier for the server admins, and we have control over the addons actually used during a match (if you include an addon maker's key, you allow every single addon made and signed by this addon maker, instead of just the addon you want to include).

You could consider a similar system for public play, and that was what my suggestion was about. Advantages would be that you have a single source for your addon signatures (and only one server key). You could simply add the key to your server as server admin, and thus only trust the addons that were signed by the signing authority (OFPEC e.g.) instead of trusting the addon maker (and every single addon he has produced and will produce). No more choice between allowing all mods & addons (with the risks involved) and having an empty server because nobody wants to play with plain vanilla ArmA.

The main requirement would be (as Q stated) for addons to be cheat free. You would need
- proper criteria as to what cheat free really is (e.g. a mod that changes an M4 from burst to full auto mode: Not intended as cheating, but changing game play considerably and perhaps even crashing servers, should that pass?)
- volunteers checking addons (unpacking, reviewing the contents against the stated criteria) and approving these addons
- a limited number of people able to sign the addons and release them as such.

You could even consider a few stages in approval: Create two keys, one for 'we think the addon is OK, but we need to test it' and one for 'fully approved'. Server admins that like to live on the edge could install both keys and allow people to test out those 'we think it's OK' addons, server admins that want to be safe would only install the 'approved' key.

Anyway, if such a system is considered useful, I'm definitely willing to help out.

bellum pacis pater