Dear all, we are implementing a number of plug ins to our NC setup but are anxious to know what others have found looking at the code and vetting it.
Is there a vetting- procedure or exchange of comments on plug ins in the NC community?
Thanks!
Yours
Fredrik Laurin
There is the Bug Bounty program on hackerone: https://hackerone.com/nextcloud
You can see the activity in the past, which plugins are included, also those included in enterprise support are probably part of some internal review processes.
For other 3rd-party app, I would be careful. There are usually repositories of each app, so you can probably check for some no-gos yourself (are commits reviewed, how many contributors, possibly with NC experience, participate, loading of external content, …).
Thx!
If we find issues/identify weaknesses where should we report them? Here on help? As a new topic?
Yours
(/F