[ejonesss]

i dont know if this is the right place for this suggestion but you mods can move it to the right place.

seeing kodi in the news regarding malicious kodi plugins i wanted to suggest.

maybe closing the development ecosystem not to the point of going proprietary but to the level like mozilla did with netscape and some other developers.

where you have to get a development kit witch contains a runtime plugin like what microsoft does with the msvcrtv.dll with visual basic  so kodi would provide a development kit for free and it would install a plugin similar in function as  msvcrtv.dll and then you have to send the source code to kodi to be compiled into a full plugin.

apple does similar for ios apps you get a developer kit and apple takes the source code and gives you an executable app.

yes it may mean hiring more volunteers or staff.

or you could automate the compiling of the plugins and if there is a complaint your database would spit out an emergency update that removes or disables offending plugin or even quarantines the plugin so it will only run in a protected zone.

[black_eagle]

Except, all addons in the official repo have already been checked by the team.  Malicious addons therefore can only come from third-party repos etc over which the team have no control.

In my opinion, it's up to the individual user to decide whether or not to install an addon, much the same as deciding whether or not to install a program on their OS.  It's not Microsoft's fault if you install something containing a rootkit, neither is it Kodi's fault if you install a malicious addon.

[Klojum]

yes it may mean hiring more volunteers or staff.

You say this as if this has not been an ongoing quest already. It is.