Comment by brusselsprout
2 days ago
I hope I'm speaking as a minority but when I first started using Obsidian the Youtube videos I watched encourage the usage of community plugins, even with these warnings I would enable the community plugins. You may very well have good actors that eventually turn bad for these plugins and users won't know.
Maybe I just also have a higher personal risk appetite, but even as a dev and knowing these risks I would have enabled the community plugin option. Again, hope I'm just the minority here and not most user behaviour.
One issue seems to be also that there are means dead plugins, not updated for years but still available. Does that mean they are especially stable or just no longer maintained? I don't know but ili applied the same rule I would for FDroid or the play store - not to install anything that isn't actively maintained.
Also I can't tell how to prevent plugin updates. As long as you rely on a known safe version I guess there is never any real risk.