if we use his idea not as a method for approving add-ons (whether the community wants "Script_SuperBackdoor_Eval_Hac k.zip" or not doesn't make a diffierence - if it's a dud or malicious add-on we can't let it loose) but rather a method for judging whether people want an add-on, it'll work perfectly.
If a mod attempts to package or overwrite BAM functionality, it should be instantly set to Code red. This is highly suspicious behavior which may be legitimate, but protecting the integrity of BAM should be a priority.
Add-ons that download arbitrary code or have an auto-updater of their own should be blocked.
I'm serious - slayer is perfectly fine, but the auto updating mechanism should be removed for use with BAM. it's a hole in the security model. no offense meant to greek2me by any means, but assuming we have that as a rule, we can't really go lax for certain people. it's a little draconian, or something, i guess, but still. I think he'll understand. admittedly, security is a joke among blockland add-ons, but think of it this way: if a user never downloads a mod outside of BAM then we can protect them totally from malicious add-ons. I'm not even joking. If a user does download a mod that hasn't passed through the review process, they have only themselves to blame.
Additionally, if a mod is set to Code red or whatever crazy high level of review, and it still gets approved, future updates (thanks to the DIFF functionality for mod reviews) can be sent through normal channels. If a mod modifies it's already suspicious functionality, then it can go Code red again.