[Qgis-developer] Module dependencies
Andrea Peri
aperi2007 at gmail.com
Tue Sep 23 00:46:19 PDT 2014
Hi Paolo,
I have some doubt on automatic installation of dependencies.
This fear this will be a bad practice for security.
As example:
one black-hacker could create a simply and apparently innocent plugin for qgis.
A plugin that the responsible manager of the plugin repo of qgis could
surely admit in the repo of qgis. Because it seem to have no
particular problems except some extern dependencies.
But that plugin will have a dependencies that cause the installer
automatically to install another plugin from external source.
And this thirdy part plugin could be a malware.
A.
2014-09-23 7:45 GMT+02:00 Paolo Cavallini <cavallini at faunalia.it>:
> Il 23/09/2014 01:35, Andrew McClure ha scritto:
>> Our plugin:
>>
>> https://plugins.qgis.org/plugins/TelemetryLayer/
>>
>> Depends on Memory Layer saver to save its layers. (I need to add this to the docs)
>>
>> I note that some plugin frameworks have a "dependencies" array in their module
>> definitions (metadata.txt for QGIS plugins) and wondered if this was something useful
>> to consider as a feature.
>
> I think external plugins dependencies are our weak spot for plugins. Anything we can
> to to make life easier for both developers and users to detect and install needed
> libs is most welcome.
> All the best, and thanks for raising the point.
>
> --
> Paolo Cavallini - www.faunalia.eu
> Corsi QGIS e PostGIS: http://www.faunalia.eu/training.html
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
--
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------
More information about the Qgis-developer
mailing list