<html><head></head><body>Hi all<br>
<br>
What's the main goal? Code availability? Security? Platform independency?<br>
Just curious.<br>
<br>
All the best<br>
Matthias<br><br><div class="gmail_quote">On December 19, 2016 9:25:29 AM GMT+01:00, Luigi Pirelli <luipir@gmail.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Hi Pedro,<br /><br />Nothing personal, your case is a common case due the fact to many<br />cases where to integrate external executables or shared objects.<br /><br />we can have a way to certificate this binary (e.g. signing process but<br />could become harder develop plugins, checksums). In the meantime, I<br />strongly suggest to a have a two phase plugin. A first phase that<br />prepare running environment downloading so or dll from someware with<br />the user consensous, and then the running phase.<br /><br />in this way you can facilitate users to access plugin thanks to qgis<br />repo, and turn around plugin limitations that community gave for user<br />security.<br /><br />regards<br />Luigi Pirelli<br /><br />**************************************************************************************************<br />* Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com<br />* LinkedIn: <a
href="https://www.linkedin.com/in/luigipirelli">https://www.linkedin.com/in/luigipirelli</a><br />* Stackexchange: <a href="http://gis.stackexchange.com/users/19667/luigi-pirelli">http://gis.stackexchange.com/users/19667/luigi-pirelli</a><br />* GitHub: <a href="https://github.com/luipir">https://github.com/luipir</a><br />* Mastering QGIS 2nd Edition:<br />* <a href="https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition">https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition</a><br />**************************************************************************************************<br /><br /><br />On 19 December 2016 at 08:25, Pedro Camargo <veigacamargo@gmail.com> wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Hi Luigi and Paolo,<br /><br /> I corrected the problems you pointed out with AequilibraE and<br />
re-uploaded it.<br /><br /> Luigi's concern with malicious code is a very valid one, and I would<br /> actually appreciate to have a manner to have it checked. However, I would<br /> appreciate if we could find a solution that does not prevent us from having<br /> plugins that are compiled.<br /><br /> As Luigi pointed out, the code is written in Cython to increase performance<br /> of the software, but it is still 5.5x slower than the proprietary software<br /> that I used as a benchmark. In a nutshell, if it cannot be compiled, it will<br /> never fly. So I would ask you guys to be considerate of this point.<br /><br /> My concerns might not even be valid, and I do apologize if that is the case.<br /> I just must admit that, as an amateur software developer, I miss some of the<br /> jargon used here when talking about more technical issues on software<br /> development.<br /><br /> Cheers,<br /> Pedro<br /><br /> On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli
<luipir@gmail.com> wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"><br /> Hi List<br /><br /> The Binary problem (?):<br /> In this recently added plugin I can find cython modules precompiled in<br /> forms odf pyd, or so. (and relative cython code)<br /> Following the presentation in: <a href="https://www.youtube.com/watch?v=zz3jbM_JBTo">https://www.youtube.com/watch?v=zz3jbM_JBTo</a><br /> I understand that the reason is performance, but how to prevent<br /> loading malicious shared objects?<br /><br /> * probably we should start to plan a safe infrastructure to allow<br /> uploading plugin with compiled modules... any idea other than a simple<br /> checksum?<br /><br /> The license problem (?):<br /> other question is regarding the cython algorithm. I can read in<br /><br /> <a
href="https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23">https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23</a><br /> "Codes for route ennumeration, DAG construction and Link nesting were<br /> written by Pedro Camargo (2013) and have all their rights reserved to<br /> the author"<br /><br /> Obviously the author has right reserved, an in the same code the<br /> author refer to the LICENSE.txt that is a standard GPL license:<br /> here:<br /> <a href="https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18">https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18</a><br /> and here:<br /> <a href="https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT">https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT</a><br /><br /> how should we have to read the "right reserved" sencence by the author?<br /><br /> regards<br /> Luigi Pirelli<br
/><br /><br /> **************************************************************************************************<br /> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com<br /> * LinkedIn: <a href="https://www.linkedin.com/in/luigipirelli">https://www.linkedin.com/in/luigipirelli</a><br /> * Stackexchange: <a href="http://gis.stackexchange.com/users/19667/luigi-pirelli">http://gis.stackexchange.com/users/19667/luigi-pirelli</a><br /> * GitHub: <a href="https://github.com/luipir">https://github.com/luipir</a><br /> * Mastering QGIS 2nd Edition:<br /> *<br /> <a href="https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition">https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition</a><br /><br /> **************************************************************************************************<br /><br /><br /> On 18 December 2016 at 14:28, <noreply@qgis.org> wrote:<br /><blockquote
class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"><br /> Plugin AequilibraE approval by pcav.<br /> The plugin version "[1102] AequilibraE 0.3.3" is now approved<br /> Link: <a href="http://plugins.qgis.org/plugins/AequilibraE">http://plugins.qgis.org/plugins/AequilibraE</a>/<br /><hr /><br /> Qgis-developer mailing list<br /> Qgis-developer@lists.osgeo.org<br /> List info: <a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer">http://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br /> Unsubscribe: <a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer">http://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br /></blockquote></blockquote></blockquote><br /><hr /><br />Qgis-developer mailing list<br />Qgis-developer@lists.osgeo.org<br />List info: <a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer">http://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br />Unsubscribe: <a
href="http://lists.osgeo.org/mailman/listinfo/qgis-developer">http://lists.osgeo.org/mailman/listinfo/qgis-developer</a></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>