[Qgis-developer] Approving plugins
Martin Dobias
wonder.sk at gmail.com
Thu May 10 14:27:48 PDT 2012
On Thu, May 10, 2012 at 6:47 PM, Gary Sherman <gsherman at geoapt.com> wrote:
>>
>> why don't we add it to the validator so that it's automatically
>> executed for all uploaded plugins?
>>
>>
> We could, but in some cases making these system calls is a valid thing to do. The only way to tell is to manually review the code. Automatically rejecting a plugin because of one of these calls is not desirable. It could be used to add a flag for the approving person to indicate it needs a closer look.
Yeah and I would also note that it is possible to obfuscate malicious
code in a way that validators will not detect such code with static
code analysis at all...
Martin
More information about the Qgis-developer
mailing list