To avoid addon abuse in Multiplayer one needs to have the signature system active.
Currently every addon creator is meant to create his key and sign files to be
used by the players and server admins.
Instead an automated system to create the necessary files and provide them
to the players and admins could make everyone's life much easier.
- Addon makers do sign their addons at times.
- The process is complicated and annoying.
- One mass download and upload source for end users.
- No need to mess with the files. Just press dl all/update.
- Only need to add this one additional Modfolder with zillion of bisign files on the client.
- There is a server or set of server one can send any pbo to.
- The upload process would be best to open to anyone. If abuse is a problem,
probably restricted ability to a given group of people might be the alternative.
- The server automatically looks into his database if the addon was already processed.
- If not the server generates a new key file based on the pbo name and signs the pbo with it.
- The pbo file is dropped. So this server does NOT act as a pbo download server.
- Instead the server ONLY provides the key and sign files.
- Now there is a client application to download all sign files in a very simple
process. That is all for the client. He only needs to sync with the server
before every game session (in which he wants to use addons).
- The server administrators have an access to the CSS to easily filter, select
and download or sync the key files of their choice with their server.
- Client: Can easily download all sign files for any addon out there (and
signed by the CSS). As sign files are very small, there is no problem to download thousands or more of em.
- Server: Admins have a central place to look for key files and easy access.
- Addon creator: There is no longer the need to worry about the sign process.
Only needs to submit his work to the CSS for every release.
- The CSS server. The server hardware to host the system.
- As sign and key files are very small, the download traffic should be minimal.
- The upload interface could be a bottleneck and abuse needs to be ruled out.
- The sign process is simple, however it needs CPU power. That said the
number of PBOs is limited. So mainly spikes in CPU use, not overall huge load.
- Group of people to code the upload interface.
- Group of people to code the server admin interface to find, filter, select and
download the key files of choice.
- For the client Yoma Addon Sync or Sickboy's git updater are already available.
- Group of people to code the backend processing
- filter out already known PBOs via a hash check
- dump the information about known pbos into a DB (hash, name, date, sign and key file)
- interaction to upload interface and admin key file interface
- Both pbo has and file name could be used to find PBO files at community download sites.
- This system does NOT handle the problem of addons needed by a server or
mission. This is a separate problem. Tools are in development to allow this.
To be asked first.
Thoughts, feedback and participation in the CSS project is very welcome!