[hhh]

I appreciate the context.

> Caddy is owned by a large company so they should be able to pay maintainers for their most security-critical plugins.

this is the most critical part to me, onboarding your highest used plugins is probably a good idea.

[francislavoie]

We definitely don't have the resources to do that. Matt receives some funding from ZeroSSL which helps cover his expenses, and the rest is from sponsorships https://github.com/sponsors/mholt. It's not yet enough to hire any help. That's something Matt would like to do though, as soon as enough companies sponsor.

In fact, while I'm a top contributor, I don't receive anything for my work. I do it as a volunteer. Matt has told me repeatedly he'd like to pay me for my efforts, but I have a full time job already and Caddy is a hobby for me, so I'm not looking to get paid.

But either way, we wouldn't onboard a plugin with such a wide scope as caddy-security. It would take way too much effort for us, and it would bloat the standard distribution with features only a small part of the userbase would need. We're already spread thin as it is, our time is best spent improving and maintaining the existing core feature set.