https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23975 --- Comment #22 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- (In reply to Jonathan Druart from comment #21)
My feeling is that we should maintain a list of "accepted"/"validated" plugins, and so have a WS serving (on a Koha community server) that list.
I did initially think the same and intended to write such a service.. however I have come around to this approach as it reduces the need build, host and maintain another system, not to mention maintaining the data. I have added followup bugs that request we add signatures to plugin releases and a way from inside Koha itself to validate those. Once we have those I think we pretty much have what you are suggesting.. we can update the default config we ship to only include a pointer to the community gitlab and as we as a community deem a plugin to have reached a level of maturity we are happy with we can suggest an adoption of it into our gitlab and thus sign subsequent releases. Hope that makes sense. -- You are receiving this mail because: You are watching all bug changes.