(2022-02-16, 11:28 PM)Matt Wrote: As far as I’m aware, the approved developer setting was supposed to allow you to upload to that Extend site without approval.
Approved Developer should be able to post their thread in Plugin Releases without the thread needing to be approved. I am not certain if this is currently done as I haven't released a new plugin in quite some time.
Matt Wrote:But I don’t think we require approval for anything any more, so it’s usefulness is limited.
The problem with this approach is now users have to be more cautious of what they download. If no checking is taking place, it is a lot easier for a vulnerable submission to be added to the Extend section. By the time the vulnerability is discovered, there is the chance for hundreds of downloads to have taken place.
I strongly urge the staff to require approvals again for plugins if the author is not an approved developer. I understand that sometimes submissions might not always be approved the same day, but it helps keep everyone secure. One of the main duties I performed in my time as staff was trying to manage the queue of extensions. Perhaps Approved Developers could assist in the task of checking plugins. If you would rather it be done by official members of the team, then create a position for Extend Section Auditor. Members can then apply for it who do have the time and knowledge to check thoroughly.