[Qgis-developer] Plugins without source code

[Martin Dobias]

Hi

I have just found out there is a plugin "Vgi2Shp" in QGIS plugin
repository, all of its functionality is in a .pyc file - compiled
python module, with no source code (.py). Also the code repository on
GitHub is completely empty. I believe this is not allowed under the
terms of GNU GPL - and probably we do not want to allow such code in
the repository (basically it is an opaque binary blob). What are your
opinions?

I think we could create a list of unwanted python extensions which
should not be allowed, e.g.:
- .pyc (compiled .py)
- .pyo (optimized .pyc)
- .pyd (compiled module)

It is clear that this cannot serve as a real security measure as it is
easy for malicious code to work that around anyway - I think it should
be merely a warning to the developers that they may be doing something
wrong. (Packaging a .pyc file is normally useless and just inflates
package size - the .pyc will be created automatically by the
interpreter).

The question is whether to allow also other binary executables /
libraries, such as:
- .exe
- .dll
- .bat
- .com
- .scr (windows screensaver - same as .exe)
- .so

[1] https://plugins.qgis.org/plugins/Vgi2ShpConverter/

Regards
Martin