But I've been in one, where a customer offered "patches", despite our software not being open for contributions. Not only were they inconsistent with our standards, they were hard to read and had some subtle security issues on careful review. I'm still suspecting it was an attempt to plant a backdoor.
In any case, even if legit, it was a lot of work on our side to just review and clean it. Far more than if we just did it ourselves.
This is different for OSS, which should have external contributions as main workflow. Ours wasn't prepared for external contributions.
But I've been in one, where a customer offered "patches", despite our software not being open for contributions. Not only were they inconsistent with our standards, they were hard to read and had some subtle security issues on careful review. I'm still suspecting it was an attempt to plant a backdoor.
In any case, even if legit, it was a lot of work on our side to just review and clean it. Far more than if we just did it ourselves.
This is different for OSS, which should have external contributions as main workflow. Ours wasn't prepared for external contributions.
Maybe the same is with Plausible?