[QGIS-Developer] Fwd: Question about a plugin. POC attached.

Sat Apr 15 15:06:13 PDT 2023

Dear Tim,

It seems that 99% of developers were asking themselves the same question
and hesitated to examine the code.

Regardless, I think it's already good to have shared this small proof of
concept with the community, demonstrating an integration between Django and
QGIS, especially considering that it has been implemented with a rather
robust certificate verification mechanism.

So, rest assured, my question does not hide an intention contrary to GPL
policy, but I remain curious to understand the boundary between a process
considered external and a process considered internal to QGIS, and
therefore subject to the same GPL license. If I ever present a project to a
client, I would like to be able to tell them that I applied a defense
mechanism (albeit simple, such as compilation) to prevent the leakage of
endpoints called by the REST APIs.

However, I think I have answered myself: after researching the issue
online, I found that calling QGSTask in a function is considered an
internal process to QGIS and thus subject to GPL. The subsequent question
that emerged and that I still cannot answer is: would it be acceptable if
only the run() function or a subsequent function were compiled, just enough
to close the REST parameters? There probably isn't a definitive answer;
could that portion of code be considered an extension of pycurl+certifi?
Maybe yes, maybe no. It matters little, I guess.

Thank you for the time you spent writing this request for clarification.

Best regards,

Giordano Cetti

CTO @ByCloudSRL

pec: bycloud at pec.it
giordano.cetti at bycloud.eu
https://bycloud.eu

Il giorno sab 15 apr 2023 alle 22:39 Tim Sutton <tim at kartoza.com> ha
scritto:

> Hi
>
> I havent looked at your code, but perhaps you could add to your original
> message an explanation of why you don't just distribute it as a py /
> uncompiled python source file?
>
> Regards
>
> Tim
>
> On Tue, Apr 11, 2023 at 6:48 PM Giordano Cetti via QGIS-Developer <
> qgis-developer at lists.osgeo.org> wrote:
>
>> Greetings to QGIS developers,
>>
>> I would greatly appreciate it if someone could check if the attached
>> plugin complies with the licenses compared to the imported modules.
>>
>> In this specific attached plugin, all the source code is open, but the
>> question is: what if it comes with the following file:
>> *'djangorest/include/djangorest_compiled.py'* really compiled as a .pyd
>> file? Would it violate the GPL license terms or is it just enough to be
>> considered as an acceptable external process?
>>
>> The .pyd will just import QgsTask from qgis.core and use a session_path
>> received as a text created by the open source part of the plugin
>> using QgsProcessingUtils.
>>
>> The attached one is a very simple plugin made for this demonstration, you
>> can click on the button, just type google.it, and it will download the
>> 404 page found ( because it appends some string that google doesn't serve
>> as content ). For user and password fields: just type anything, they are
>> not used in the POC but there's still a check active on fields population.
>> The only action the plugin will do is just a single pycurl GET request to
>> the address specified.
>>
>> Any advice will be appreciated.
>> Thanks
>>
>> *ATTACHMENT BLOCKED BY GOOGLE SCAN BECAUSE IT INCLUDES PYCURL AND CERTIFI
>> LIBRARY SO I SHARE USING GOOGLE DRIVE LINK. I TESTED IT ONLY ON QGIS 3.10*
>>
>> *https://drive.google.com/file/d/1qS7h3LaZ6BlBAW3AItEjM5swpDocHbue/view?usp=sharing
>> <https://drive.google.com/file/d/1qS7h3LaZ6BlBAW3AItEjM5swpDocHbue/view?usp=sharing>*
>>
>> _______________________________________________
>> QGIS-Developer mailing list
>> QGIS-Developer at lists.osgeo.org
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>
>
> --
>
> ------------------------------------------------------------------------------------------
> 
>
> Tim Sutton
> Kartoza Co-Founder
> Visit http://kartoza.com to find out about open source:
>  * Desktop GIS programming services
>  * Geospatial web development
> * GIS Training
> * Consulting Services
> Tim is a member of the QGIS Project Steering Committee
>
> -------------------------------------------------------------------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20230415/4d187ff4/attachment.htm>