I’m not convinced that automated checks will be able to reliably assess whether a plugin is malicious.
I think the best (only?) way to solve the plugin security problem would be to properly sandbox them with an explicit API and permission system.
varun_ch•16m ago
Obviously this wouldn’t be compatible with existing plugins, so I’d separate legacy plugins and new plugins, and add a lot of friction to install the legacy plugins, which will be deprecated at some point.
kepano•5m ago
Did you read through the blog post? A permissions system is planned in addition to the automated scans.
varun_ch•19m ago
I think the best (only?) way to solve the plugin security problem would be to properly sandbox them with an explicit API and permission system.
varun_ch•16m ago
kepano•5m ago