I know it has been said that most plug-ins are "probably" safe, but "new users might like the plugin recommendation" label found recently for the "safer" (meaning reviewed) plugins. That is why this feature has been implemented to begin with. So I'd like to know ...
Once a plugin is recommended by the devs, and is later changed (by the author, or a hacker) ...
is it reviewed again ? and if not ...
does the recomm label stay ?
or is it automatically revoked ?
If I missed it, and it's been discussed before, please just point me to the thread.
There is just one thing I am trying to figure out. Assuming that the recommendation of a plugin seems important to me, in other words the reviewing process adds value (and I think it does), can anybody sneak code into the plugin after it has been recommended, and turn it malicious ?
If I thought plugins couldn't do any damage ever / at all, then I wouldn't ask about it, and the devs wouldn't have come up with the idea in the first place I guess.
Yes, because no full review is made of the plugins.
This was discussed in the topic plugin recomendation and generally at the plugin implementation.
In order to do this, the plugin would have to be reviewed ever time a new relase is published , but manpower is lacking for this and the plugin would not be allowed to be published until it has been reviewed.
And yes any plugin can contain malicious code, recomendet or not.
Ok, just to give a slight peace of mind, most recommended plugins are developed by regular contributors of Joplin core itself or with their direct supervision. As security is all about whom you trust, in that sense you trust the same people as you did before, but a lil more.
On the point of security and malicious code pushed in the further updates, it would be good to see how other projects are doing it. So far, seeing the example of large app/extension stores, it fairly tricky to achieve complete control over malicious code of external extension even for corporations like Apple or Google. As of now, with hundreds of security experts hired by the platform, when browsing Google play market you can find apps that use cryptominers, spam user with ads notifications, sell user data to undisclosed partners etc etc.
From the point of individual security, you can run automatic analysis tools on plugin's source code before every update and personally review all the warnings. This way you can achieve the level of personal security that's unreasonable to expect from the store owner.
The biggest security issues probably come from transitive third-party npm-dependencies contributors choose to include in their plugin.
I claim it is mostly not about trust in Joplin contributors them selves and their direct plugin code.