[Qgis-developer] Plugins without source code
Paolo Cavallini
cavallini at faunalia.it
Mon Jun 2 13:48:58 PDT 2014
Il 02/06/2014 17:12, Martin Dobias ha scritto:
> I have just found out there is a plugin "Vgi2Shp" in QGIS plugin
> repository, all of its functionality is in a .pyc file - compiled
> python module, with no source code (.py). Also the code repository on
> GitHub is completely empty. I believe this is not allowed under the
> terms of GNU GPL - and probably we do not want to allow such code in
> the repository (basically it is an opaque binary blob). What are your
> opinions?
>
> I think we could create a list of unwanted python extensions which
> should not be allowed, e.g.:
> - .pyc (compiled .py)
> - .pyo (optimized .pyc)
> - .pyd (compiled module)
>
> It is clear that this cannot serve as a real security measure as it is
> easy for malicious code to work that around anyway - I think it should
> be merely a warning to the developers that they may be doing something
> wrong. (Packaging a .pyc file is normally useless and just inflates
> package size - the .pyc will be created automatically by the
> interpreter).
>
> The question is whether to allow also other binary executables /
> libraries, such as:
> - .exe
> - .dll
> - .bat
> - .com
> - .scr (windows screensaver - same as .exe)
> - .so
>
> [1] https://plugins.qgis.org/plugins/Vgi2ShpConverter/
Thanks Marting for pointing this out. This is also mentioned in the updated guidelines.
During my approval process I regularly check the above, so I believe somebody else
approved the plugin you mentioned.
Of course an hard constraint on the Django application would be preferable.
BTW, I now cannot switch between
https://plugins.qgis.org/plugins/Vgi2ShpConverter/#plugin-details
and
https://plugins.qgis.org/plugins/Vgi2ShpConverter/#plugin-versions
etc.: anything wrong with the application?
All the best.
--
Paolo Cavallini - www.faunalia.eu
Corsi QGIS e PostGIS: http://www.faunalia.eu/training.html
More information about the Qgis-developer
mailing list