Hy.
I'm planning on developing a web manager to keep organized my servers and to allow some users to turn them on and off without giving access to my machine. The point is that I wanted to allow some trusted people to create the servers but, although I trust them enough to know that they won't upload any malware intentionally, I am pretty sure they can end doing that unintentionally. Because of this, I was thinking in three options:
Making the app to download the server
Having a set of available servers (I can let the admin, ie. me, to upload the files needed for creating them) and the user choose from the list
Allowing the user to upload the installer and checking the sha1 or md5.
The option 2 would be the most beneficial for me in the long run as this will let me to expand pretty easy to another games and I could reuse to avoid security problems with the mods. My concern is that, with this option (and with the first), it may seem that I'm the owner of Forge. In my use case, all users knows what this is but I plan to upload the code to a public repository so that, if somenone finds it useful, they can download it. Also, I feel that this would stop the people from visiting the Forge page and that would make LexManos to earn less money (Forge is a truly amazing piece of work and I'm pretty sure it doesn't gets all the money he deserves). What would be the best way to address this issues? Or will be better to go with the third option?