Avoiding specifying a download site in wyBuild?

I'd like to not have to specify a download site in wyBuild - simply say "I'll give you that info on the command line always".

It sounds like I would do that by specifying:

%updatepath%/%file%

As the only Download site?

Would I mark that as "both server & update site", "Just a server site", or "Just an update site"?

I want to distribute updates online, but I want to specify where they come from on the command line - such as:

wyupdate -server "http://www.ourhost.com/long/path/for/this/product/series"

And that would be where both the *.wys and *.wyu files are stored (So I assume I'd use "both server & update.." above?)

-----

Additional Question: I assume that unless the .wyp file is generated new for each project, it would be possible for someone with rudimentary skills to now force an update from an update location that isn't really authorized for them by executing wyupdate -server "url-to-newer-version" unless the newer version was generated from a completely different .wyp (which has a hash-key or some such to avoid cross-updates between products)?

---

And I am also still under the impression that there isn't any way to create .wyp from the command line? I know we can add versions to one using command line + xml files, but then I'm still stuck with having to ask the end-user to manually create a new project file for each distinct update-series in order for each to have its own hash-key? (i.e. I'll be able to avoid having to enter the download site for each .wyp, but unless I create each .wyp fresh, they'll share the hash-key if they're copied over & over).

GenericProject.wyp -> Product A 1.x Series.wypGenericProject.wyp -> Product A 2.x Series.wyp

Product A 1.x could potentially update using Product A 2.x updates if wyupdate is forced to update from the product A 2.x URL? And only by creating a new .wyp for each series instead of copying from a generic common source would that be avoided?