[Qgis-developer] Approving plugins

Martin Dobias wonder.sk at gmail.com
Thu May 10 14:27:48 PDT 2012

On Thu, May 10, 2012 at 6:47 PM, Gary Sherman <gsherman at geoapt.com> wrote:
>> why don't we add it to the validator so that it's automatically
>> executed for all uploaded plugins?
> We could, but in some cases making these system calls is a valid thing to do. The only way to tell is to manually review the code. Automatically rejecting a plugin because of one of these calls is not desirable. It could be used to add a flag for the approving person to indicate it needs a closer look.

Yeah and I would also note that it is possible to obfuscate malicious
code in a way that validators will not detect such code with static
code analysis at all...


More information about the Qgis-developer mailing list