Quoting Slide <slide.o....@gmail.com>:
How will this work in regards to plugins that might have security issues? Will the same pull request system be done so that the plugin maintainer can manage the releases and repo content?
I'd suggest, that if a security report was submitted for a plugin, the first action of the security team should be to directly contact the maintainer of the plugin.
The maintainer is likely to be in the best position to understand and fix the issue.
