[Qgis-developer] Plugins without source code
Alessandro Pasotti
apasotti at gmail.com
Mon Jun 2 23:46:07 PDT 2014
2014-06-02 17:12 GMT+02:00 Martin Dobias <wonder.sk at gmail.com>:
> Hi
>
> I have just found out there is a plugin "Vgi2Shp" in QGIS plugin
> repository, all of its functionality is in a .pyc file - compiled
> python module, with no source code (.py). Also the code repository on
> GitHub is completely empty. I believe this is not allowed under the
> terms of GNU GPL - and probably we do not want to allow such code in
> the repository (basically it is an opaque binary blob). What are your
> opinions?
>
> I think we could create a list of unwanted python extensions which
> should not be allowed, e.g.:
> - .pyc (compiled .py)
> - .pyo (optimized .pyc)
> - .pyd (compiled module)
>
> It is clear that this cannot serve as a real security measure as it is
> easy for malicious code to work that around anyway - I think it should
> be merely a warning to the developers that they may be doing something
> wrong. (Packaging a .pyc file is normally useless and just inflates
> package size - the .pyc will be created automatically by the
> interpreter).
>
>
Hi Martin,
We can add a rule in the validator.py to generate a warning when a
blacklisted extension is in the package. Checking if for each .pyc there is
also a .py is a bit more complicated but also possible.
--
Alessandro Pasotti
w3: www.itopen.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20140603/0cba674c/attachment.html>
More information about the Qgis-developer
mailing list