Let's take another example that should be closer to your community: Omen. I know it's been mentioned before but you probably only considered distribution of updates. I'm asking why does everyone have to have Omen installed in the first place? Wouldn't it be enough to have one user download the latest version and send a small stub to everyone else in the raid that is able to display bars and data in a window? That single user could calculate threat values and send them to everybody else which would drastically reduce the number of packets that have to be sent. It would also save memory (and maybe even CPU time on the whole) because only one user has to have the threat library installed on their system. Granted, you can also do that using a client/master approach where all other users need to have at least a small client installed.
Don't you think developers will be glad if they don't have to wait a couple of months until people finally notice how useful their addon is. With my idea, all it takes is just one guy in a raid or even only one guy on an entire server who has the addon to make it immediately work for everyone else he comes in contact with! There's no better promotion for your addon than others seeing it in action. With Omen, there's just nothing to see unless you have it.
I'm an enchanter and want to advertise my wares. If a user is interested, why can't I just send them a graphical window that will pop up on their screen and display all I have to offer including prices and such? Yes, it also works via the chat but not as well. The client has it all, boxes and whatever, they're just not available to another user.
Your examples 2 and 3 are very bad. Let me explain:
A) The default UI in WotLK now comes with a threat meter, with threat values supplied directly from Blizzard servers. No longer will Omen be needed.
B) Even if the above is not the case, Omen is required to be installed on every single person's wow, because there are a lot of spells and effects that are only detectable on your own wow that nobody else can detect. This comes down to the fact that the combat log is incomplete, does not show refreshing of debuffs (for eg, refreshing polymorph or sunder armor doesn't show up in combat log but still causes threat), you couldn't scan talents of other players (until 2.3.0), and many many other issues involving race conditions. Have you seen the combat log report reflected damage from spell reflect (warrior skill) before the actual spell reflect spell is shown in the combat log? I have. Detecting many spells require using SPELL_CAST_SUCESS (the actual event, not the combat log one). As one of the people maintaining Omen/Threat-2.0, I can assure you that the issues are far more complex than you dreamed.
To put it down simply, every person needs to have the threat library installed as there are many spells, equipment and talent specific stuff that only the player himself knows that is not detectable by anyone else (did I mention player pets?). If it were possible with just 1 master 24 clients, wouldn't you think we would have done it that way already? (p.s. DiamondThreatMeter tries to do this, one person calculating 25 people's threat. It is no way near accurate at all.)
Your example 3 is even worse and shows that you have not paid attention to WotLK development. In WotLK, you can now link your profession directly as a tradeskill link... it will just be a clickable yellow link that looks like [Enchanting] and anyone else clicking it would open up a tradeskill window that shows what that person can make/craft/enchant. Right in the default UI.
Example 1 is the only one that is credible. But fails at the original assumption of "Lets assume that every WoW user had my base addon installed." On my server Blackrock-US, there are only 3 addons that a majority players have installed on a universal basis (I'm only considering addons that perform inter-user addon communication here):
1. Omen threat meter (even random non raiders from pugs have this)
2. Preform AV Enabler (this used to be Stinkyqueue)
3. Bigwigs or Deadly Boss Mods (there's about 25 Illidan killing guilds on my server, 18 of which have killed Brutallus)
Even Craftlist2 is becoming a very popular one, over half the trade channel /2 advertisements now include some variation of "whisper me !gem !craft !enchant for xyz wares" because it is just so much easier not to have to search through a long list to link the materials.
Remember, players install addons for their own convenience/advantages. The advantages offered by DEM is minimal at best and more than offset by the myriad disadvantages of security issues. As I pointed out earlier, RDX tried this (a smaller scale version of DEM that aimed only at code snippets targeted at boss mods) and it wasn't very popular.
IMO, very very very few addons could bennifit from this. First thing that comes to mind is Bossmods... bout it
RDX tried to do this. It was considered successful from the viewpoint of distributing code digitally in-game for immediate execution, but it never really took off or was accepted into mainstream community because
A) RDX was a pay-to-use addon. Free alternatives were available - mainly bigwigs, deadly boss mods and ct-boss mods.
B) It allowed the raid leader/officers arbitrary and complete control of your wow.exe and almost every aspect of your character - this is important, all it takes is one malicious person to distribute malicious code and bam, you could very well mail away all your gold next visit to the mailbox automatically, or self-delete every piece of gear in your bags.
While (A) obviously won't be an issue, (B) will remain an issue for any code distributing mechanism without peer review. All it takes again is one compromised account by a hacker to distribute malicious code, and unsuspecting members (not knowing the account was compromised) accept the code and run it. While a website distributing addons like wowace/curse/wowui/curseforge/wowi can suffer the same issue, they have tighter reviews and security measures and need to maintain the confidence of users to visit their websites.
While the original poster suggests code signing and stuff via a website, and users then obtain signed code from said website which is considered "trustworthy" for ingame distribution so that others need not visit the addon website regularly for updates (to overcome (B)), I still see this as a cumbersome method for all the reasons I listed in my previous post. The one I feel most strongly about is the almost impossibility of code debugging a loadstring()ed piece of code.
This just makes addons far more needlessly complex. If I make addon A that interacts with addon B (optionaldep) and it has a dependency on library X and Y, i would need to distribute A and X and Y via this method you are proposing, and make sure A loads AFTER B (if B exists) via code, and make sure X and Y gets loaded first before A, and so forth and so on.
There needlessly needs to be a whole addon internal system of accounting for all these dependencies and loading order because the entire system is to load addons via loadstring() and there exists all sorts of complications when it comes down to debugging these addons. Particularly, because the addon is loaded as a single string via loadstring(), there is only 1 line of code and all errors if traceable on the stack just traces itself to line 1 to an anonymous function.
Now lets say my addon A now requires a savedvariable, since we don't have a TOC file so to speak for my addon A as it is distributed via ingame transmission strings (bittorent if you will), the host security addon that does all this transmission/receiving has to handle savedvariables of all its subaddons distributed this way directly. Now lets go a step further, if my addon A wants to include some graphic, mp3, wav file or other form of media, this isn't even possible with Data Exchange Manager.
In fact distribution of addons in game in this manner may not be something Blizzard wants to encourage, if it eventually leads to data exchange via bittorent p2p style exchanges and causes network/bandwidth issues. Already, addons like Omen, transmit 25x24 messages every 2 seconds to update threat to everyone else in the same raid and these addons do take up a significant amount of net traffic having to handle 600 addon messages per 2 seconds per raid.
Lenja, while what you say is all possible, it introduces a whole new slew of issues and problems that are already handled by the default wow.exe and game UI (loading dependencies, optional/reqdeps, savedvariables). It also cannot handle any addons that wish to use its own media (sound, graphics), and it has security issues as mentioned in the posts above, and is not a better system that an addon reviewed manually on a website like wowinterface, other than via the ease of distribution. Again, debugging such addons from a end-user perspective without any useful stack trace (due to loadstring()) again hinders development of the addon to the addon developer when an error that occurs cannot be easily traced from a user report.
Please think carefully what you are proposing, and consider again if what you are suggesting is worth the effort at all. While DEM might be useful for exchanging and spreading small code snippets, it will never replace real addons that are more than just 10 lines of trivial code.
No to this. All it takes is for one malicious addon to modify the code executing permission code (that asks the user whether to execute code or not) for that one compromised person to start spreading code that modifies the code executing permission code.
As with most internet worms/viruses, most of them are obtained voluntarily downloading stuff that is already compromised (cracks, etc) and many unaware users will simply just click YES to execute code just because it came from someone on your friends list.