For mental health safety reasons, I'd strongly suggest going for the post-review process.
i.e.: (1) author gets to upload plugin directly, (2) any users (or maybe a limited group of users, but not 'Customize team' :P) get to try it out and share comments or give a rating, (3) in case any issues (security mostly) are found, report to moderators.
It would be more... realistic. Although in the beginning, I should assume there'll be less plugins to play with.
I should add, I split this off from the plugin interfaces topic, it's more relevant here.
I can see it both ways, but I sort of need to make the decision now because it's all part of the DB structure.
On the one hand, pre-review means there is a better than nothing chance of preventing nasties. It also creates more work, primarily for me. But I know how long it takes to vet plugins, and there's all kinds of neat tricks that can be done to help with that. We can do all kinds of fun like validating plugins on upload, checking the plugin-info.xml file is valid, we can check the hooks that it requires, we can check the files for syntax errors, you name it, it's all doable.
And that's before we even get to human review. In fact, I think I'd be inclined to enforce that even if we go to post review so that nothing appears on the site to regular users if it hasn't at least passed a basic validation.
Pre-review does also put some weight on whoever is reviewing to do a decent job, but it does require also discipline in doing it regularly, not to mention having naturally high skill requirements.
Post-review lowers the workload considerably, of course, plus removes the liability ("but the team should have checked for that") but it raises the chance of someone getting something nasty through the doors.
I'm reasonably amenable to either, though in the case of post-review, I would make it clear that I would be moderating after the fact and reserve the right to remove plugins that are dangerous, and I suspect I will even be doing some post reviews at some point myself, to validate what's going on. Of course, that leads to having some kind of badge related to 'vetted by' status to provide some kind of stability to people who want that kind of thing.
Of course, plugins pushed out under the team banner (i.e. official plugins) will automagically have something special to indicate it.
OK, so let's go with the theory of post-review rather than pre-review. What should happen with beta plugins? Plugins that people want others to test prior to going live, that is - should they automatically just push them to the main repo, but perhaps with a 'beta' tag on them?
