https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23890
--- Comment #8 from Katrin Fischer <[email protected]> --- I think the discussion is not if the users can install plugins themselves or not - they already can. This is a discussion on how to make sure they get better information about the plugins and if they are trustworthy. Also allowing admins to whitelist certain repositories... and I think those are good ideas. I like the idea for the plugins to provide some general information about them. Maybe if we had plugins that were limited to only using what the APIs offer, we could have a list of what they use as an indicator of potential damage. But as our plugins can do 'anything', it's much harder. We could maybe ask developers to include information about data that will be changed by their plugin in some way? A list of core methods and hooks used? I always liked how the DokuWiki system for plugins worked. They are listed in the DokuWiki DokuWiki, with their repository/zip URLs. Then you can search that from within your own installation, get info and also download and install if a URL has been provided, alternatively, you can still upload zip files manually for installing plugins provided elsewhere. (https://www.dokuwiki.org/plugins) So maybe we could have a central directory of available plugins with descriptions etc. This would allow us to add a form of rating, QA and similar in the future, but still allowing people to do development using their preferred tool. The DokuWiki directory also allows you to see how often a plugin has been installed by others, as an indicator of those that are popular/widely used. This could be an easy way to have a first indicator of 'quality'. They also include a 'report bugs' link in their directory that is helpful. As another security measure we could allow admins to 'whitelist' plugins or sources in the directory locally and block the upload of zip files, so users get a limited view of plugins supported/checked by their admins/providers. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
