# Remix Plugin Brainstorm 4:00pm in Room B5, 6th Floor Date: Thurs Oct 10 Time: 16:00 Room: B5 ## Part 1 A brainstorming session about ideas for plugins: What developer experience problem in the ecosystem could be solved with a remix plugin? What external tools or project would you like to see as a plugin in Remix IDE ? ## Part 2 In reorganizing remix’s architecture, we have opened up the remix development process to the community, we have some governance and curation issues. A malicious plugin can modify the source code of a contract for example, or send a transaction on a testnet on behalf of the user. 1. How should we organize the governance for curating the list of plugins and do we have to do it? - Getting a plugin to appear in our list of plugins Warning users about a plugins actions? Plugin code auditing Some of you may not feel like you have much to add to part 1 or to part 2. Let me know if you don't feel engaged by the subject or don't feel you have much to add. Also here are some additional questions - for part 2 of the discussion. I probably won't ask these questions - or present these ideas - it's just what we are thinking about. Could there be various warnings a plug has before it is deemed totally approved? How do we decide what plugins make it to the plugin list? How do we insure that the code that was approved is the code that is in the plugin? How do we organize the auditing of the code? If a user approves a plugin’s edits to a solidity file and something bad happens - who is responsible? How is responsibility handled in NPM or EthPM- especially in light of the NPN hack that hit a bitcoin wallet a year ago. What happens if the audited code turns out to be bad? Penalize the auditors? Could a curation market help? Or a reputation management system. What about just getting users to give a "like"? How do we not over engineer the approval process?