Request Review

waciuma · 9 April 2023 16:54

Joplin has a set of Recommended Plugins. How can community members request reviews of useful plugins? (In particular, I would hope to see the Space Indenter plugin reviewed and added to the list of recommended applications)

Daeraxa · 9 April 2023 23:43

It is less about if they are useful and more about if they can be trusted as safe and unlikely to ever be modified in a malicious manner which is why the current batch are mostly Joplin maintainers or long standing community members.

waciuma · 10 April 2023 00:00

That makes sense. I could imagine a world where a plugin author creates something of use, donates it to Joplin, and then feels welcome to contribute pull requests for improvements in the future. Is there a process for plugins to migrate from community maintenance to Joplin maintenance? How can users say "This is a feature valuable enough for Joplin"?

Daeraxa · 10 April 2023 00:10

Honestly fairly unlikely simply because there is already a shortage of resource on that front anyway but ultimately it would be up to Laurent. There are already some plugins which have been mostly unmaintained since GSoC. In a perfect world you should still be able to see and trust what you are looking for based on download numbers etc. without requiring an official stamp of approval.

laurent · 10 April 2023 08:51

Yes we don't really have a solution for adding new Recommended plugins for now. If we make a plugin recommended, we more or less commit to review every single version after that, and that doesn't scale.

Well Mozzilla does it but they have automated tests too, better defined plugin permissions and more staff. Maybe that's where we should start, by restricting what a plugin can do. For example if it can only work on local data (and can't make http requests), we'll know it's safer.

waciuma · 13 April 2023 06:01

For example if it can only work on local data (and can't make http requests), we'll know it's safer.

This would be helpful. Having some framework for the risk profile is important for a notes app. At the moment my framework is, "I should assume that the author of any plugin can read every note that I've written in Joplin." Which makes plugins a bit of a non-starter.

ajay · 15 April 2023 14:01

This reminds me of a problem I only discovered lately (I think it didn't exist in v2.9):
on Joplin 2.10.13 under OSX, when I goto settings -> plugins and type e into the search field (every name has an 'e'), the recommended status / symbol is no longer shown for any plugin coming up. When and how did this happen ?

lukasl · 18 April 2023 23:05

Thanks. Wasn't aware of the space indenter plugin. Just what I needed

Topic		Replies	Views
How do folks here handle security, when it comes to plugins? Lounge	3	602	9 March 2023
Plugin updates Lounge	5	867	30 December 2020
Pre-release 1.3 with plugin support is now available! (Updated 31/10/20) Beta Testing	58	6155	9 November 2020
Improvement request: Check for plugin updates when checking for app updates Features	2	385	25 October 2021
Joplin for programmers only now? If so, what about the future? Features	4	1430	10 November 2020

Request Review

Related Topics