Currently users who want to secure their Matomo installation as much as possible need to follow recommendations in https://matomo.org/docs/security-how-to/
as part of this guide, it would make sense if could add one more step which would be to Prevent Super Users from installing or activating new plugins from the Marketplace. Without this step, any super user could install any plugin from the marketplace which wouldn't necessarily be secure. (to be very secure, one company may decide to individually review plugins before enabling them. super users shouldn't be able to install plugins from marketplace ideally).
enable_plugin_upload = 0by default which prevents new plugins from being "uploaded" manually, but still the marketplace can be used
So ideally we need a new feature/INI setting for example:
enable_install_plugin_from_marketplace set to
1 by default, but when set to
0 then the feature to download the code from marketplace would be disabled (with a popup explaining why and which setting to change if needed).