[Qgis-developer] Plugin [1102] AequilibraE approval notification.

Matthias Kuhn matthias at opengis.ch
Mon Dec 19 00:40:49 PST 2016 

Hi all

What's the main goal? Code availability? Security? Platform independency?
Just curious.

All the best
Matthias

On December 19, 2016 9:25:29 AM GMT+01:00, Luigi Pirelli <luipir at gmail.com> wrote:
>Hi Pedro,
>
>Nothing personal, your case is a common case due the fact to many
>cases where to integrate external executables or shared objects.
>
>we can have a way to certificate this binary (e.g. signing process but
>could become harder develop plugins, checksums). In the meantime, I
>strongly suggest to a have a two phase plugin. A first phase that
>prepare running environment downloading so or dll from someware with
>the user consensous, and then the running phase.
>
>in this way you can facilitate users to access plugin thanks to qgis
>repo, and turn around plugin limitations that community gave for user
>security.
>
>regards
>Luigi Pirelli
>
>**************************************************************************************************
>* Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
>* LinkedIn: https://www.linkedin.com/in/luigipirelli
>* Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
>* GitHub: https://github.com/luipir
>* Mastering QGIS 2nd Edition:
>*
>https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
>**************************************************************************************************
>
>
>On 19 December 2016 at 08:25, Pedro Camargo <veigacamargo at gmail.com>
>wrote:
>> Hi Luigi and Paolo,
>>
>>            I corrected the problems you pointed out with AequilibraE
>and
>> re-uploaded it.
>>
>> Luigi's concern with malicious code is a very valid one, and I would
>> actually appreciate to have a manner to have it checked. However, I
>would
>> appreciate if we could find a solution that does not prevent us from
>having
>> plugins that are compiled.
>>
>> As Luigi pointed out, the code is written in Cython to increase
>performance
>> of the software, but it is still 5.5x slower than the proprietary
>software
>> that I used as a benchmark. In a nutshell, if it cannot be compiled,
>it will
>> never fly. So I would ask you guys to be considerate of this point.
>>
>> My concerns might not even be valid, and I do apologize if that is
>the case.
>> I just must admit that, as an amateur software developer, I miss some
>of the
>> jargon used here when talking about more technical issues on software
>> development.
>>
>> Cheers,
>> Pedro
>>
>> On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli <luipir at gmail.com>
>wrote:
>>>
>>> Hi List
>>>
>>> The Binary problem (?):
>>> In this recently added plugin I can find cython modules precompiled
>in
>>> forms odf pyd, or so. (and relative cython code)
>>> Following the presentation in:
>https://www.youtube.com/watch?v=zz3jbM_JBTo
>>> I understand that the reason is performance, but how to prevent
>>> loading malicious shared objects?
>>>
>>> * probably we should start to plan a safe infrastructure to allow
>>> uploading plugin with compiled modules... any idea other than a
>simple
>>> checksum?
>>>
>>> The license problem (?):
>>> other question is regarding the cython algorithm. I can read in
>>>
>>>
>https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23
>>> "Codes for route ennumeration, DAG construction and Link nesting
>were
>>> written by Pedro Camargo (2013) and have all their rights reserved
>to
>>> the author"
>>>
>>> Obviously the author has right reserved, an in the same code the
>>> author refer to the LICENSE.txt that is a standard GPL license:
>>> here:
>>>
>https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18
>>> and here:
>>> https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT
>>>
>>> how should we have to read the "right reserved" sencence by the
>author?
>>>
>>> regards
>>> Luigi Pirelli
>>>
>>>
>>>
>**************************************************************************************************
>>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT
>com
>>> * LinkedIn: https://www.linkedin.com/in/luigipirelli
>>> * Stackexchange:
>http://gis.stackexchange.com/users/19667/luigi-pirelli
>>> * GitHub: https://github.com/luipir
>>> * Mastering QGIS 2nd Edition:
>>> *
>>>
>https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
>>>
>>>
>**************************************************************************************************
>>>
>>>
>>> On 18 December 2016 at 14:28,  <noreply at qgis.org> wrote:
>>> >
>>> > Plugin AequilibraE approval by pcav.
>>> > The plugin version "[1102] AequilibraE 0.3.3" is now approved
>>> > Link: http://plugins.qgis.org/plugins/AequilibraE/
>>> > _______________________________________________
>>> > Qgis-developer mailing list
>>> > Qgis-developer at lists.osgeo.org
>>> > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>> > Unsubscribe:
>http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>>
>_______________________________________________
>Qgis-developer mailing list
>Qgis-developer at lists.osgeo.org
>List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20161219/eea6b68f/attachment-0001.html>

More information about the Qgis-developer mailing list