Yea, I started thinking of asking them to download the update.
yeah definitely do not have silent updaters. you'll probably get yourself banned after the mod is revealed as essentially being a backdoor - think about it
you make the silent updater, everybody downloads it
suppose you want eval on a given server
have the silent update backend (on the webserver side) server different versions of the mod depending on ip address - one is backdoored, the other isn't.
normal users getting it from add-ons do not get the backdoored copy, only specific targets do.
the specific targets cannot conclusively prove that they were served a malicious copy - the mod they have
is malicious, but maybe they doctored it to frame you???
experienced modders will point out that the mod could potentially be vulnerable to this kind of attack, but no one will be able to prove anything - it'll be their word against yours
unfortunately this scenario is plausible even with a non-silent updater, but it runs the risk of something like this happening
> you release mod
> people get mod
> you want eval
> target user gets malicious copy, no one else receives an update
> target user posts (thanks to the placebo effect and a well doctored changelog about "bugfixes and improvements") that this new update is amazing
> no one else gets update
> oops
even that scenario is easily fixed - just release a legitimate update, change some program flow, throw the backdoor in one and have a legit copy in the other. honestly, no one in this community actually isolates all the differences between the different versions of all add-ons every version
you couldn't do it manually, you would need an automated system, and i know of no one with that kind of skill doing so. (there aren't that many that could pull it off out of these... what, 1000 active users?)
so now that i've gone so far down this tangent, i may as well throw the solution out: BAM, or another content curation service like RTB or whatever. admittedly, if someone were to, say, bribe BAM to do the above, that might still work - however, BAM has so many loving reviewers they would have to bribe a lot of people, plus you would have to bribe them enough to be willing to throw their reputations away. reputation is valuable in this community.
it's still inherently better than just one guy with a private updater though.