I do kind of like Tom Hendrikx idea of putting cloning the folder into somewhere in /usr/local/etc and putting a modified pre file in /etc/spamassassin/. But it's true it's not perfect.
Yes. Tom's idea is correctish; perhaps a more "true" solution for some. ZERO-TRUST. SpamAssassin is equally insecure no matter where you run it; like 3.4.5 is the end of it?
The next step in this I suppose could be to build a deb or rpm file around these contributed modules. But I doubt people are going to want to build and maintain packages for each of the different unix/linux/other OSs out there.
Not to be a bubble-buster or anything, but perhaps you're seeking a solution for a problem that doesn't exist? Seriously, nobody is breaking down doors to get a plugin.
Maybe just recommending module developers to put in a simple Makefile with an install and uninstall target? I don't know if that's the right answer. It does feel like this should be a bit more admin friendly, by that I mean it should be more than lore to know the right way to install spamassassin modules in a maintainable way with a system.
What is maintainable about third-party plugins? Hell, what is the average life-span of a third-party plugin? Not long.
Thanks all for the answers here.
No problem. This is one list's 537 opinions!