[Qgis-developer] Plugin [1102] AequilibraE approval notification.
Pedro Camargo
veigacamargo at gmail.com
Sun Dec 18 23:25:10 PST 2016
Hi Luigi and Paolo,
I corrected the problems you pointed out with AequilibraE and
re-uploaded it.
Luigi's concern with malicious code is a very valid one, and I would
actually appreciate to have a manner to have it checked. However, I would
appreciate if we could find a solution that does not prevent us from having
plugins that are compiled.
As Luigi pointed out, the code is written in Cython to increase performance
of the software, but it is still 5.5x slower than the proprietary software
that I used as a benchmark. In a nutshell, if it cannot be compiled, it
will never fly. So I would ask you guys to be considerate of this point.
My concerns might not even be valid, and I do apologize if that is the
case. I just must admit that, as an amateur software developer, I miss some
of the jargon used here when talking about more technical issues on
software development.
Cheers,
Pedro
On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli <luipir at gmail.com> wrote:
> Hi List
>
> The Binary problem (?):
> In this recently added plugin I can find cython modules precompiled in
> forms odf pyd, or so. (and relative cython code)
> Following the presentation in: https://www.youtube.com/watch?v=zz3jbM_JBTo
> I understand that the reason is performance, but how to prevent
> loading malicious shared objects?
>
> * probably we should start to plan a safe infrastructure to allow
> uploading plugin with compiled modules... any idea other than a simple
> checksum?
>
> The license problem (?):
> other question is regarding the cython algorithm. I can read in
> https://github.com/AequilibraE/AequilibraE/blob/
> master/aequilibrae/paths/AoN.pyx#L23
> "Codes for route ennumeration, DAG construction and Link nesting were
> written by Pedro Camargo (2013) and have all their rights reserved to
> the author"
>
> Obviously the author has right reserved, an in the same code the
> author refer to the LICENSE.txt that is a standard GPL license:
> here: https://github.com/AequilibraE/AequilibraE/blob/
> master/aequilibrae/paths/AoN.pyx#L18
> and here: https://github.com/AequilibraE/AequilibraE/blob/
> master/LICENSE.TXT
>
> how should we have to read the "right reserved" sencence by the author?
>
> regards
> Luigi Pirelli
>
> ************************************************************
> **************************************
> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
> * LinkedIn: https://www.linkedin.com/in/luigipirelli
> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
> * GitHub: https://github.com/luipir
> * Mastering QGIS 2nd Edition:
> * https://www.packtpub.com/big-data-and-business-
> intelligence/mastering-qgis-second-edition
> ************************************************************
> **************************************
>
>
> On 18 December 2016 at 14:28, <noreply at qgis.org> wrote:
> >
> > Plugin AequilibraE approval by pcav.
> > The plugin version "[1102] AequilibraE 0.3.3" is now approved
> > Link: http://plugins.qgis.org/plugins/AequilibraE/
> > _______________________________________________
> > Qgis-developer mailing list
> > Qgis-developer at lists.osgeo.org
> > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20161219/addabc31/attachment-0001.html>
More information about the Qgis-developer
mailing list