Community plugins: "Thorough research before..." Yeah, but how?

[guermantes]

"This is a Community plugin.... Thorough research is strongly recommended before installing or using an unofficial plugin. "
I never understood how this is thought to work in practice. After installing, sure I can audit the plugin best I can, but before? There is not a single piece of information about what is going to be installed, how it has been tweaked, or from where it originates. There are no links to github project pages or the like.

A more true statement would be: "This is a Community plugin.... Thorough research is strongly recommended before installing or using an unofficial plugin, although we recognize you have absolutely zilch possibility to research anything before installing."

Am I missing something? Isn't this a very insecure process?

 

[sretalla]

The starting point is to look in /mnt/<yourpool>/iocage/.plugins/github_com_ix-plugin-hub_iocage-plugin-index_git for the intended plugin and check what pkgs it will install.

You can also look at each of the individual plugins under here:

FreeNAS

The FreeNAS Open Source Storage Appliance. FreeNAS has 81 repositories available. Follow their code on GitHub.

github.com

Look for repos starting with iocage-plugin-... then look at the scripts that will be run and satisfy yourself that they don't do anything you're not happy to have happen on your server.