I believe it's worth considering the option of reviewing in hindsight rather than screening everything beforehand. We would still check plugins when they are first added, meaning someone malicious would need to develop and upload a legitimate plugin, then later introduce malicious content through an update.
It seems to me that the potential for abuse is pretty low, and if we adopt a three-strikes system,
Strike 1: Warning
Strike 2: Plugin removed
Strike 3: Author blocked
I feel confident that we won't get many, if any, people looking to abuse the system.
This would also free up a lot of maintenance requirements so we could then look into implementing systems that make adding a plugin easier, so we'd be making things easier for the 99% of good actors who just want to share their plugin, while introducing a small risk of malicious content being listed on "official" sources for a short time before it's reported and removed.
I can't imagine anyone would consider that insufficient.
Originally posted by @Hecter94 in #1781
Originally posted by @Hecter94 in #1781