The phrasing in that quote is unclear. It could be read to mean Debian 13 installs the stardict-gtk package and enables the bad plugin if you install stardict yourself, rather than meaning that any of this is included as part of the default Debian installation.
I think this would indeed happen if you installed stardict yourself, because the stardict package depends on stardict-gtk, which recommends the stardict-plugin package, and the recommends relationship is treated as a dependency by default.
The questions on my mind are:
Is stardict installed by default in a new Debian 13 installation, or does this only affect people who install it themselves?
When will this malicious plugin be fixed or removed, not just in Debian, but in all distros that have it?
When will the package maintainer who defended the plugin’s behavior be dealt with?
The phrasing in that quote is unclear. It could be read to mean Debian 13 installs the stardict-gtk package and enables the bad plugin if you install stardict yourself, rather than meaning that any of this is included as part of the default Debian installation.
I think this would indeed happen if you installed stardict yourself, because the stardict package depends on stardict-gtk, which recommends the stardict-plugin package, and the recommends relationship is treated as a dependency by default.
The questions on my mind are: