@sergiusens - maybe it isn’t different, but maybe it is (that is what I’d like to have a formal statement on). My understanding of editors downloading plugins is that they are for that editor to use. If the snap is classic, yes, that is implicit trust in the plugin, but if strict, then that code runs within the confinement of the editor (which would be ok in my mind). For a games installer, it is plopping code on the system to run unconfined so there is implicit trust in that code. For yarn, it is downloading code to be used by nodejs, which may or may not be confined (if confined, ok in my mind, but if not then implicit trust in the code).
To @Evan’s point-- @elopio is vetted as a publisher, yes, and I have no issue granting classic to the snap for him. The question isn’t about the snap though; it is about the code that this snap plops on the system for use outside of confinement which @elopio hasn’t touched.
I consider it part of my role as gatekeeper to protect users and preserve the store’s reputation, so in that spirit I am raising these points for an architect to rule on so we can have clear direction going forward (for plugins, for language packages, for game/binary installers, …).