Plugin authenticity - grails/grails-core GitHub Wiki

The Challenge

Can you trust the plugins that you download and use in your project? Can you tell whether a plugin contains malicious code? Who even packaged and released the plugin? In an untrustworthy world, these questions need answers.