Well, I could, but it doesn’t seem very robust to me… It’d be perfectly reasonable for a plugin to do something that sets an error code (e.g. try to open a file, to see if it exists), and that’d give you a false alarm.
And I don’t really see why it’d be particularly useful, anyway?
I understand, and that’s really what I should ask:
What should be my plugin scanning heuristic?
I’ve been thinking about this issue for quite some time now, whether I should do a shallow scanning or a deep scanning.
On one hand, If I’ll be able to successfully filter out nasty plugins, my host will be much more stable => much better user experience.
On the other hand, thorough scanning is a big headache, I doubt if anybody ever got it performing right.
I’ll be happy to hear any comment about this issue.