Script/plugin and polluted(?) sources


I recently had trouble installing the ssl_requirement plugin.
script/plugin said it couldn’t find ssl_requirement.

I “solved” this by running “script/plugin discover” and accepting the
addition of a bunch of other repositories. The script could then
discover and install ssl_requirement.

BUT: It wasn’t the same version of ssl_requirement that I’d installed
(and worked well with) on other projects. The version I got, in
SslRequirement::ensure_proper_protocol, made use of a module called
UserSystem, which I didn’t have installed.

My guess (am I right?) is that someone modified the plugin for his own
use and then put it into a public repository.

How can I set script/plugin so that it pulls in only generally-released
versions of the plugins?

— F