Whelp, this post became much longer than anticipated but I hope I've adressed all your concerns beside the fact that you can archive (and restore) your installed mods.
The fact that it is meant to entirely preempt the old decentralized system of download and store on your own is bothersome.
Before Knossos came along everything was uploaded on FSMods, MediaFire or GDrive. (Or as a forum attachment and promptly lost.) It's "better" in the sense that only individual mods are lost and not everything at once. However, with Knossos and Nebula, every uploaded mod is stored on two different servers with reliable backups. So far, we haven't lost a single mod. IMO that's better than the previous system.
What if something catastrophic happens, and the server(s) it runs off of are lost? What if there is a cease-and-desist legal wrangle targeting Knossos?
The files are hosted on two physically separate servers controlled by two different legal entities and the main server is backed up daily. The possibility that we suffer an unrecoverable loss is extremely unlikely. If you want to make it even more likely, I'd be happy to add more mirrors to Nebula, you'd just need to provide me a suitable server to upload the files to (anything in Asia or Australia would probably be good since we already have NA and Europe covered
).
What if the guy(s) that manage it decide they want to just take their toys and go home?
Well, I think it's silly for me to say it since I'm the one who manages the main server (and develops Knossos) but if the HLP admins WANTED TO, they could back up the datacorder thus making it impossible for me to wipe out all of Nebula. For that matter... if you want to, I could explain how YOU could backup all of the publicly available mods on Nebula (not the private mods obviously though the HLP admins could back up those, too). After all, the download links are all available in a neat JSON file.
What if ($Deity forbid) they unexpectedly DIE?
Why, yes. I've though about that though I have to admit that while the plan is finished it hasn't been completely implemented (time constraints and RL). Since the downloads are already accessible by a third-party (see the datacorder), I'd consider them safe enough. The only thing missing is a database backup (which I won't make public since it contains sensitive data). I'm planning on storing that on the datacorder as well, that way, the HLP admins should be able to access it if it became necessary and I can automatically update it daily. Finally, the source code for both Nebula and Knossos is already public (open source), the only thing missing is a manual on how to restore the database and get Nebula running.
Currently (since the plan hasn't been implemented, yet) everything but private mods and user accounts should already be recoverable.
OK, so where do I download the Knossos compatible mods, and how would I point Knossos to them so they can be installed or would I have to install any such mods manually?
There's no point to that. If you can download them manually, Knossos can download them as well.
What if I want to install everything from scratch on a machine with no internet access? Will Knossos support local archival and restore of mods I download with it?
You use a copy of a previous install (as pointed out in the last two posts). I know those posts came after yours, I just don't want to repeat them.
What if the servers Nebula uses get "Megauploaded" and unexpectedly have all of their resources locked permanently?
Highly unlikely. In any case, both servers are controlled different people living in different countries. If anything were to happen, most likely one server would go down first, leaving us time to act. Also, at least one of the two servers is backed up daily (both the database and mod files). The backups are encrypted, signed and stored off-site (feel free to ask if you want details).
How does Nebula prevent a mod stored on it (or Knossos itself) from being updated with (or otherwise somehow infected with) a virus or other malware, and said malware is then automatically distributed as an update to everyone downstream?
It doesn't. However, Knossos only launches binaries from engine uploads which (for now) are only FSO and FSO Multilock. AFAIK FSO can't launch binaries by itself so even if someone would try and distribute a virus with their mod, the only way to do that would be by distributing a new build. New uploads are announced on Discord and I check all uploaded builds (which so far has been very easy since it's just two). I realize that this isn't a highly secure measure but I encourage you to share your solution if you've got a better one.
That aside, what prevents someone from uploading a virus-infected FSO build on the forum and claim that it's a new test build?
Are the binaries for Knossos digitally signed?
No and neither are the binaries for FSO. I'm wondering why you mention that since IMO that has nothing to do with any of the other points you brought up. The downloads are served over https so it's very unlikely that the binaries are modified. You can still build it from source if you don't trust the official downloads. However, those are also built from source by an automated script (which is open source as well).
For the record, I'd like to sign the Knossos binaries. There are just two reasons why I don't: a) I'm not exactly keen showing everyone who installs Knossos my full name and b) the necessary certificates are too expensive IMO for the benefit that they offer.
These things are either not an issue under the Launcher system, or are mitigated by time (not everyone checks for updates every day, and damage from an outbreak of malware would be limited by time until discovered).
I don't see how that changes with Knossos. Updates are only installed when a user clicks the Update button. Users might check more often (since it's more convenient) but that's about it. I'd also rather try and prevent malware from being released at all than hope that it's discovered in time (which in my experience is very unreliable).