So I'm sure most know what this is stemming from. I think this is a good time to start discussion around what xF's controls could/should be, if anything at all. Disclaimer: I know & I've read, repeatedly, that xF doesn't audit any add-on code, doesn't host it, doesn't have the time/money/resources, etc etc etc. My question is around what could/should xF do to help their own community close this gap? SCENARIO 1 Some FOSS scripts offer "add-ons" that are held to set standards, and approved by qualified community volunteers before being released: https://www.phpbb.com/extensions/junior-validators/ https://www.phpbb.com/extensions/team-overview/ This eliminates the concern of xF developers being "pulled away" from core duties and not having "enough time" to keep up with it. The linked example doesn't handle it first party, its a community effort, and it works for them. CONCERN: What about paid add-on's? RESPONSE: A paid add-on developer could simply provide an "official" team member access to the add-on for the purpose of inspection. CONCERN: Giving free access to my paid add-on?!? PIRACY! RESPONSE: The example linked above are of a team is vetted & contained within the xF.com site. I don't think 1 free copy to 1 "internal" team to be reviewed will noticeably increase the risk of piracy. CONCERN: But I don't trust these people. What makes the qualified anyways? RESPONSE: edit: and of course these arent random members of the community. look at phpBB's selection process for example SCENARIO 2 I will share a personal example: I bought an add-on for IPB. As we know, IPB hosts its payments and files all in-house at their site. The add-on I purchased flat out did not perform a function it advertised. I repeatedly contacted the author, posted in the support topic, referred to the add-on sales page, and pursued a solution. I never got anywhere, so after much effort and time opened a Marketplace support ticket with IPB. I explained the situation, and gave copies/proof of all the communication with the author, the add-on selling page (which still listed it), the support posts, etc. IPB refunded my purchase price of the add-on (as an in-store credit), and I was satisfied. Had it not been for IPB, I would've been out 100% of my money with 0% of the product I paid for. This also provides IPB customers a very robust 1-stop shop for add-ons. Add-ons have their own support topic generated (linked within the sales page). Authors still have the option of hosting their own site for sales/support if they so choose. CONCERN: IPB takes a cut of the sales. RESPONSE: A very valid point. A hit to developers, and likely a hit to end-users as they pass that cost on to us. CONCERN: xF doesn't currently have a commerce solution. RESPONSE: Very true What are some other options/ideas to close the gap? Should this even be considered? Should something (anything) be done to be proactive? Or do we leave the process reactive (as it is today)? Maybe we really don't need this?