Verified publishers: take your repository reviews public
Repository reviews have always been private to you, and by default they still are. But if your plugin lives outside the moodle.org directory (internal, closed source, or simply unlisted), there was no way to show anyone what your review found. Now there is: become a verified publisher and publish those reviews on a public page, under a publisher name you choose, whether that is you, your team, or your company.
Verified identity, per-plugin approval
Publication is a trust feature, so it is gated twice. First we verify who you are: request publication from any repository review, we check your details by hand, and you receive a public publisher handle. Then each repository and plugin combination needs a one-time publication approval; once granted, you can publish any review of that plugin, current and future, without asking again. Both gates exist to protect plugin authors: nobody can stand up public reviews of code they don't control, and everything that goes public is backed by an identity we have verified.
Full report, or just the grade
Every publication picks a disclosure level. Full report publishes the whole review, findings and fix guidance included, just like a community review. Summary publishes only the grade and whether any security issues were found, and nothing else: all findings stay private to you. That is the option for closed-source plugins that want credible proof of a security review without exposing any internals.
For public repositories, a summary still pins down exactly which code the review covered: branch or tag, commit, the commit's date, and the scope in files and lines, so a grade can never quietly refer to different code. Private repositories disclose even less: the reviewed-code details are left off the summary entirely, revealing nothing about your repository, branches, or commits.
A page and a badge for every plugin
Every verified publisher gets a public page listing their published plugins, and every published plugin gets its own page with the full history of published reviews. The security badge always shows the grade of your latest published review, ready to embed in your README, your website, or your sales page.
Publishing stays a deliberate act: nothing goes public without you clicking Publish, each new review is published on its own, and you can unpublish at any time.
To get started, open any repository review in your dashboard and hit Request publication. Plugins listed on moodle.org keep their existing community flow (verify ownership, publish free), and pre-release reviews remain private, always.
One more nicety shipping alongside: repository and pre-release reviews now show your plugin's real display name, read from its language strings at review time, instead of only the frankenstyle.