There’s pros and cons to this but I’m curious what people think.
A few pros would be that it’s easier for people to edit the entry for their plugins and would stop the current list from being a target for malicious actors. Since it’s on pidgin.im they’ve used it to try and build credibility to phish/con people.
A big con is that search-ability isn’t great, but maybe we could fix that with tags? Or maybe a pinned “mega post” or something to help group them?
I’m sure there are lots of other things I’m not considering so please chime in.
I worry that we’ll have the same problems with it being posted in discourse as with being on the main pidgin.im site. Sure, we can delete posts and ban the poster, but it’s still an attack avenue.
Oh for sure that’s always something we’ll have to deal with, but it will avoid casual end users from being conned as most of them won’t know what imfreedom is and thus won’t trust the domain.
One of the issues with the ss-otr incident was that they used the pidgin.im/plugins URL to look “more official” and I have no idea how many people fell for it, but it’s something we need to make harder and using discourse should help with that.
Also I really need to do that write up one of these days.
I am afraid, not having a list of protocol plug-ins will hurt Pidgin’s reputation as a multi-protocol messenger.
Looking at the only active competition I know, About Miranda NG | Miranda NG is pretty much “look at all the protocols” right away. It is similar with bridges, where protocols are even more important:
https:// wiki.bitlbee org/FrontPage
https:// matrix org/ecosystem/bridges/
https:// slidge im/
If I was coming across Pidgin and was presented with a list of topics in the discourse forum some of which are about advertising protocol plug-ins, some are other plug-ins, some are discussions, some are outdated or inactive, I would be deterred from even trying Pidgin.
Thanks for you input and I understand where you’re coming from. However I’ve written about this topic in the past here and I’m not sure any that having a list of protocol plugins on the website tackles any of the issues mentioned in that post nor does it stop it from being a target of malicious individuals.
Maybe we end up listing the “trusted” authors like we have in the current plugin list on the site? There is also the option to add them to the flatpak and binaries for windows and mac, but then we have to do co-ordinated releases and stuff, and that’s not fun either.
I like the plugin list how it currently is and would find a list in discourse sub-optimal. Alternatively, I could see a plugins page on an actual wiki work too, but of course there’ll be additional effort involved in setting up and maintaining a wiki. Not sure if that would gain you anything.
