We discussed this on Slack last night, and this morning I updated the plugin directory design notes. One of the most important issues is that we don’t do anything that will tempt someone to point lawyers in our direction - hopefully @timkaye will have some comments later.
One other thing to note: we’re building a directory, not a repository - there’s been much discussion about that on other threads.