Why don't we have a marketplace for all Plone and Collective add-ons?

Every CMS has a marketplace where you can find and install add-ons. Why doesn't Plone have a marketplace?

too complicated, little practical use, technically complicated, too much effort to implement and maintain for a niche CMS.

https://pag.derico.tech/ or GitHub - collective/awesome-plone: Add-ons and resources for the CMS Plone

1 Like

I guess, he is talking about something clickable inside Plone without manual interaction...

At least 10 years ago, there was a project to do something like this.

When I started with Plone, there was somewhere (maybe on the front page or another page) where 'new add-ons/updates' were published. I found it very useful.

What might be nice is if add-ons listed on github, included standard things (e.g. screenshots, video demo and overview). Then a uniformed listing of add-ons could be derived from that.

Because Plone it is a CMS developing framework with an app. It is true that now with pip install you can install the addon but, due to the nature of python, the application is not aware of it (need to add to the python path in the instance start script and need a restart).

I see the main problem in the instance start script, path are hard coded there and came from the process of picked up dependencies. Basically, you run a script to build the app, this script find all the egg dependencies and write the path of eggs in the script.

I think Django just use a config file for addons other than the core, but basically it is the same: pip install + write somewhere the addons is to be added to the path + restart

When Python is running, it is like a big program, while php is like a script that load what is needs at the time.

You need a python solution (and more featured and robust than plone.reload).

1 Like

ah... thanks for the explaination... i got the answer... thanks @yurj

Security. Once you allow installation of random software from the web through the web it is impossible to keep the site secure. You open an new attack vector, once it is possible to inject code through the web UI.

Having all this handling in code/filesystem-configuration and with the need of someone actively having access to the servers/build-process, pinned down to versions in file-system/GIT makes everything explicit, enables audits and makes it much safer.

1 Like

I understand your pov

Not saying it's a good idea but an example of something with python plugins that can be loaded at runtime is kodi. However it runs every plugin in it's own interpreter and in fact it unloads them most of the time until you click on something that needs that plugin. And this is one reason its pretty slow.
Just pointing out it has been done.
I hadn't thought of it before but potentially python 3.12 fast sub-interpreter support could make this less of an painful option. And there are now things like PythonMonkey that let you bring sandboxed js into python using WASM.

But yes, generally TTW installing plugins is something a serious CMS setup would avoid but I can see it making a CMS more attractive for beginners.