My view point should be taken with a grain of salt since we're also affected by these practices from a business perspective, but I'd still like to share my point of view:
In general, depending on your plan level, we offer installation of arbitrary Redmine plugins on Planio. Unfortunately, this often leads to confusion and disappointment since clients take the screenshots and descriptions of the plugin directory on redmine.org for granted and believe that every plugin out there is of the same high quality/stability/state of maintainedness (is that a word?) as the core Redmine code base itself.
As we all know, this is - unfortunately - not always the case for plugins.
Thus, before we install a plugin at Planio we thoroughly vet it from a stability, code quality and security perspective. In many cases this leads to us having to fix/patch it in which case we contribute that back to the community (by the way, we have working forks of many - otherwise unmaintained, unstable or insecure - plugins; see Curated list of production-ready Redmine Plugins & feel free to use them). In a large number of cases it also leads to us declining a plugin altogether, be it for stability/security or (as is the case for EasyRedmine, e.g.) licensing reasons.
In those cases, we're often in the unfavourable position to have to explain clients that a plugin is not fit for production use, even though it is listed on redmine.org.
The addition of ratings to the plugin directory are already a great improvement over the previous plugin list!
From my point of view, I would really like some additional form of classification like commercial vs. free and also maybe some form of "authoritative review". For instance, it could be implemented as a score, or simply a yay/nay flag which only the Redmine maintainers/contributors (or whoever is knowledgeable and willing to) would be allowed to set. And yes, I would volunteer to help set these flags, or give these ratings, since we're doing it already if our clients request plugins.
So regarding the statements you requested, Jan:
- Remove all plugins that only work in some kind of fork
Agree, or at least mark them as such.
- Mark all commercial plugins with a very, very big "$" sign - or remove them from the index
Agree. I think marking is fine. In addition maybe we should tell people that over the top advertising with big red buttons and such as on http://www.redmine.org/plugins/redmine_luxury_buttons is not okay... In that case, I think they should buy Google AdWords which in turn at least benefits Redmine financially.
In addition I would propose to introduce a flag/icon/tag/whatever that says something like "Fit for production" with an explanation like "This plugin has been reviewed by a Redmine team member and seems fit for production use with regards to security/stability.", maybe with the addition of "No warranty, since it's open source, etc."
As I said, these are just my two cents. And my views are somewhat biased since we're not only a Redmine community member but are also taking part in a "commercial" way... If you disagree with my points, or have questions, please let me know.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by Toshi MARUYAMA 
Updated by