As it stands, developers are granted the ability to ‘Develop your own plugin’ and ‘Install an unverified plugin’. However, it appears that not all users are afforded the same level of access. I am curious to understand the rationale behind this decision. Would it not be more beneficial to provide all users with access to both features, or at the very least, the ability to install unverified plugins?
In my line of work, I frequently create retriever-based plugins that I prefer not to list on the Plugin Store. My intention is to share these plugins exclusively with my colleagues, but the current system does not seem to support this. As it stands, my colleagues are unable to install the plugins I have developed, which seems like an oversight.
While I appreciate the security provided by the authentication setup, I am seeking a more private solution. I would like my plugins to remain undiscoverable to the general public, with installation access granted only to those with whom I have shared a specific link.
I believe that implementing these changes would greatly enhance the user experience and provide developers with more control over their creations. I look forward to your thoughts on this matter.
I do not agree with your viewpoint. Only developers with ChatGPT plugin developer permissions can install and use unverified plugins. This is a very reasonable decision. If everyone could use unverified plugins, it would create chaos in plugin management and could even lead to serious security and privacy issues.
In addition, unverified plugins are only allowed to be installed by 15 developers, also for security reasons. ChatGPT is a product that caters to the whole world, and it needs to consider more factors. Please don’t only consider the issue from a personal perspective; that would be unreasonable.
I appreciate your perspective and the concerns you’ve outlined, particularly the potential for chaos in plugin management and security risks if everyone were allowed to install unverified plugins. However, I believe that a more nuanced approach could address these issues while also accommodating the needs of developers like myself.
Let me clarify that my suggestion doesn’t advocate for unrestricted access to unverified plugins for all users. Instead, I’m proposing a more flexible system that empowers developers to distribute their plugins privately and securely to a defined group of users. This approach would not only reduce the risk of unregulated plugin usage but also foster innovation and collaboration.
Addressing your points:
Plugin Management Chaos: A system that allows developers to share their unverified plugins with specific users wouldn’t necessarily result in chaos. It’s not about opening the floodgates for everyone to install any unverified plugin, but rather about creating a controlled environment where developers can share their work with their colleagues or clients safely and efficiently.
Security and Privacy Issues: A key element of my proposal involves keeping the plugins undiscoverable to the general public. Only users with a specific link, provided by the developer, would be able to install the plugin. This would help mitigate the risk of malware dissemination and maintain the integrity of the system.
Developer Limitations: The limit of 15 developers who can install unverified plugins seems arbitrary and restrictive. Instead, a vetting process or a tiered developer system could be implemented to allow for more flexibility while maintaining security standards.
Global Product Considerations: While ChatGPT indeed caters to a global audience, it’s essential to remember that its user base comprises various roles, including developers, researchers, and end-users. It’s crucial to accommodate the needs of all these stakeholders while maintaining security and privacy.
My viewpoint is not a personal perspective but an attempt to identify gaps in the current system and propose solutions that could benefit the entire developer community. I believe it’s essential to find a balance between maintaining system integrity and enabling developers to innovate, collaborate, and contribute to the platform’s growth.
I do agree and I can see OpenAI coming out with this in the future ChatGPT plugins is still relatively new, even though the developers have had it for a while.
As of right now the plug-in store itself seems to be a work in progress as they said themselves. HTTP user auth/service auth is still in its development stages. The plug-in store interface itself seems to still be in its early stages. They said they are trying to develop a way to make plug-in verification quicker and more safer.
I also do agree that, but I believe that the need for plugin authentication is due to the official’s intention to establish standards and security. I understand the official’s actions and hope that the efficiency of plugin launches in the official store can be improved in the future.
ChatGPT Plugins waitlist you need to be accepted.
I guess they want to make sure the plugins won’t be used to hurt anyone. I mean you could build fraudulent plugins and advertize them somewhere.
E.g. invest into our crypto autotrader here. Just invest 500$ using gift cards…
I guess you know what I mean. Openai is checking the plugins manually atm.
I’ve been on the waitlist for plugins since they were announced and have built and deployed the retrieval API for semantic search and news feed aggregation. The Pincone index is live and growing. I paid for ChatGPT plus thinking I could install my own but it appears like I only have access to install other peoples’.
Although I understand that a limited release allows you to iteratively improve the plugin SDK and behavior to ensure all developers have a great experience, I think all developers should have access, even if there are constraints or guardrails around it. For example, I’m only looking to build a proof-of-concept right now, so having it point to a plugin running on localhost is sufficient for me.
Until I receive access to develop plugins, I have to resort to using langchain (neat library BTW), and twisting myself into a pretzel to chain together custom tools and unnecessarily creative prompt generation techniques
+1 one for this request - I am mostly looking to experiment with my plugin. Perhaps “Publishing a Plugin” to the store could require a different permission from “Develop your own Plugin”?
Absolutely this would be great. I’ve posted about my plug-in, that will fetch the code you’re working on so you don’t have to give it context. But it’s hobbled by not having an obvious way (or necessarily a desire) to monetise it
