alt Hacker NewsI can't speak for other platforms but neither option you propose seems right for Obsidian. I think the right approach for us is somewhere in between.
If we were too controlling there wouldn't be the freedom of exploration that we see in the Obsidian community. There are so many niche use cases. Plugins can target a minuscule number of users, and that's a great thing. That's why malleability is one of our core principles: https://obsidian.md/about
I also believe in treating users with intelligence. Obsidian has always skewed towards giving you the maximum freedom at the cost of letting you shoot yourself in the foot.
It's impossible to guarantee that software has no bugs and no vulnerabilities, especially not third-party plugins. However that doesn't mean that we shouldn't try to detect dangerous or malicious behaviors. Any transparency we can provide in this regard seems helpful if it can be presented in a way that helps users make their own informed decisions.
Replies
Thanks. I think it's likely I'm seeing this as a binary situation when actually it doesn't need to be that way.
Why not both?
Have the reviewed / approved plug-ins in the directory, whatever that's not a wild west free-for-all-malware, then have two other levels, alpha channel (submitted) and beta channel (machine-reviewed only, not yet approved).
Display only the main channel by default, but make it easy for the user to click through the earning(s) and indemnity message, and enable either of these two.
So I could have stable, slow moving, sanitised plug-ins, but someone else could instantaneously get access to the most recent ones.