[Qgis-developer] Plugin [1102] AequilibraE approval notification.
Pedro Camargo
veigacamargo at gmail.com
Mon Dec 19 00:31:02 PST 2016
I understand, Luigi.
Will the plug-in be authorized while I create this process? Or do I need
to create it before the plugin goes back online?
Cheers,
Pedro
On Mon, Dec 19, 2016 at 6:25 PM, Luigi Pirelli <luipir at gmail.com> wrote:
> Hi Pedro,
>
> Nothing personal, your case is a common case due the fact to many
> cases where to integrate external executables or shared objects.
>
> we can have a way to certificate this binary (e.g. signing process but
> could become harder develop plugins, checksums). In the meantime, I
> strongly suggest to a have a two phase plugin. A first phase that
> prepare running environment downloading so or dll from someware with
> the user consensous, and then the running phase.
>
> in this way you can facilitate users to access plugin thanks to qgis
> repo, and turn around plugin limitations that community gave for user
> security.
>
> regards
> Luigi Pirelli
>
> ************************************************************
> **************************************
> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
> * LinkedIn: https://www.linkedin.com/in/luigipirelli
> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
> * GitHub: https://github.com/luipir
> * Mastering QGIS 2nd Edition:
> * https://www.packtpub.com/big-data-and-business-
> intelligence/mastering-qgis-second-edition
> ************************************************************
> **************************************
>
>
> On 19 December 2016 at 08:25, Pedro Camargo <veigacamargo at gmail.com>
> wrote:
> > Hi Luigi and Paolo,
> >
> > I corrected the problems you pointed out with AequilibraE and
> > re-uploaded it.
> >
> > Luigi's concern with malicious code is a very valid one, and I would
> > actually appreciate to have a manner to have it checked. However, I would
> > appreciate if we could find a solution that does not prevent us from
> having
> > plugins that are compiled.
> >
> > As Luigi pointed out, the code is written in Cython to increase
> performance
> > of the software, but it is still 5.5x slower than the proprietary
> software
> > that I used as a benchmark. In a nutshell, if it cannot be compiled, it
> will
> > never fly. So I would ask you guys to be considerate of this point.
> >
> > My concerns might not even be valid, and I do apologize if that is the
> case.
> > I just must admit that, as an amateur software developer, I miss some of
> the
> > jargon used here when talking about more technical issues on software
> > development.
> >
> > Cheers,
> > Pedro
> >
> > On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli <luipir at gmail.com> wrote:
> >>
> >> Hi List
> >>
> >> The Binary problem (?):
> >> In this recently added plugin I can find cython modules precompiled in
> >> forms odf pyd, or so. (and relative cython code)
> >> Following the presentation in: https://www.youtube.com/watch?
> v=zz3jbM_JBTo
> >> I understand that the reason is performance, but how to prevent
> >> loading malicious shared objects?
> >>
> >> * probably we should start to plan a safe infrastructure to allow
> >> uploading plugin with compiled modules... any idea other than a simple
> >> checksum?
> >>
> >> The license problem (?):
> >> other question is regarding the cython algorithm. I can read in
> >>
> >> https://github.com/AequilibraE/AequilibraE/blob/
> master/aequilibrae/paths/AoN.pyx#L23
> >> "Codes for route ennumeration, DAG construction and Link nesting were
> >> written by Pedro Camargo (2013) and have all their rights reserved to
> >> the author"
> >>
> >> Obviously the author has right reserved, an in the same code the
> >> author refer to the LICENSE.txt that is a standard GPL license:
> >> here:
> >> https://github.com/AequilibraE/AequilibraE/blob/
> master/aequilibrae/paths/AoN.pyx#L18
> >> and here:
> >> https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT
> >>
> >> how should we have to read the "right reserved" sencence by the author?
> >>
> >> regards
> >> Luigi Pirelli
> >>
> >>
> >> ************************************************************
> **************************************
> >> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
> >> * LinkedIn: https://www.linkedin.com/in/luigipirelli
> >> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
> >> * GitHub: https://github.com/luipir
> >> * Mastering QGIS 2nd Edition:
> >> *
> >> https://www.packtpub.com/big-data-and-business-
> intelligence/mastering-qgis-second-edition
> >>
> >> ************************************************************
> **************************************
> >>
> >>
> >> On 18 December 2016 at 14:28, <noreply at qgis.org> wrote:
> >> >
> >> > Plugin AequilibraE approval by pcav.
> >> > The plugin version "[1102] AequilibraE 0.3.3" is now approved
> >> > Link: http://plugins.qgis.org/plugins/AequilibraE/
> >> > _______________________________________________
> >> > Qgis-developer mailing list
> >> > Qgis-developer at lists.osgeo.org
> >> > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> >> > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20161219/fda51aad/attachment.html>
More information about the Qgis-developer
mailing list