[Qgis-developer] Plugin [1102] AequilibraE approval notification.
Matthias Kuhn
matthias at opengis.ch
Mon Dec 19 02:06:43 PST 2016
Hi Pedro,
No, I just wanted to understand exactly, what the problems with compiled
code (in general) are. With a clear problem statement it's easier to
discuss a solution - and you can hopefully continue to ship your plugin
through the plugin infrastructure.
Matthias
On 12/19/2016 09:42 AM, Pedro Camargo wrote:
> Hi Matthias,
>
> Was the question directed to me?
>
> If so, my objective is to make the code as efficient as possible (by
> having it in Cython) and available in as many platforms as possible.
>
> Cheers,
> Pedro
>
> On Mon, Dec 19, 2016 at 6:40 PM, Matthias Kuhn <matthias at opengis.ch
> <mailto:matthias at opengis.ch>> wrote:
>
> Hi all
>
> What's the main goal? Code availability? Security? Platform
> independency?
> Just curious.
>
> All the best
> Matthias
>
> On December 19, 2016 9:25:29 AM GMT+01:00, Luigi Pirelli
> <luipir at gmail.com <mailto:luipir at gmail.com>> wrote:
>
> Hi Pedro,
>
> Nothing personal, your case is a common case due the fact to many
> cases where to integrate external executables or shared objects.
>
> we can have a way to certificate this binary (e.g. signing
> process but
> could become harder develop plugins, checksums). In the meantime, I
> strongly suggest to a have a two phase plugin. A first phase that
> prepare running environment downloading so or dll from someware with
> the user consensous, and then the running phase.
>
> in this way you can facilitate users to access plugin thanks to qgis
> repo, and turn around plugin limitations that community gave for
> user
> security.
>
> regards
> Luigi Pirelli
>
> **************************************************************************************************
> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo
> DOT com
> * LinkedIn: https://www.linkedin.com/in/luigipirelli
> <https://www.linkedin.com/in/luigipirelli>
> * Stackexchange:
> http://gis.stackexchange.com/users/19667/luigi-pirelli
> <http://gis.stackexchange.com/users/19667/luigi-pirelli>
> * GitHub: https://github.com/luipir
> * Mastering QGIS 2nd Edition:
> *
> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
> <https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition>
> **************************************************************************************************
>
>
> On 19 December 2016 at 08:25, Pedro Camargo
> <veigacamargo at gmail.com <mailto:veigacamargo at gmail.com>> wrote:
>
> Hi Luigi and Paolo,
>
> I corrected the problems you pointed out with AequilibraE and
> re-uploaded it.
>
> Luigi's concern with malicious code is a very valid one, and
> I would
> actually appreciate to have a manner to have it checked.
> However, I would
> appreciate if we could find a solution that does not prevent
> us from having
> plugins that are compiled.
>
> As Luigi pointed out, the code is written in Cython to
> increase performance
> of the software, but it is still 5.5x slower than the
> proprietary software
> that I used as a benchmark. In a nutshell, if it cannot be
> compiled, it will
> never fly. So I would ask you guys to be considerate of this
> point.
>
> My concerns might not even be valid, and I do apologize if
> that is the case.
> I just must admit that, as an amateur software developer, I
> miss some of the
> jargon used here when talking about more technical issues on
> software
> development.
>
> Cheers,
> Pedro
>
> On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli
> <luipir at gmail.com <mailto:luipir at gmail.com>> wrote:
>
>
> Hi List
>
> The Binary problem (?):
> In this recently added plugin I can find cython modules
> precompiled in
> forms odf pyd, or so. (and relative cython code)
> Following the presentation in:
> https://www.youtube.com/watch?v=zz3jbM_JBTo
> <https://www.youtube.com/watch?v=zz3jbM_JBTo>
> I understand that the reason is performance, but how to
> prevent
> loading malicious shared objects?
>
> * probably we should start to plan a safe infrastructure
> to allow
> uploading plugin with compiled modules... any idea other
> than a simple
> checksum?
>
> The license problem (?):
> other question is regarding the cython algorithm. I can
> read in
>
> https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23
> <https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23>
> "Codes for route ennumeration, DAG construction and Link
> nesting were
> written by Pedro Camargo (2013) and have all their
> rights reserved to
> the author"
>
> Obviously the author has right reserved, an in the same
> code the
> author refer to the LICENSE.txt that is a standard GPL
> license:
> here:
> https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18
> <https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18>
> and here:
> https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT
> <https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT>
>
> how should we have to read the "right reserved" sencence
> by the author?
>
> regards
> Luigi Pirelli
>
>
> **************************************************************************************************
> * Boundless QGIS Support/Development: lpirelli AT
> boundlessgeo DOT com
> * LinkedIn: https://www.linkedin.com/in/luigipirelli
> <https://www.linkedin.com/in/luigipirelli>
> * Stackexchange:
> http://gis.stackexchange.com/users/19667/luigi-pirelli
> <http://gis.stackexchange.com/users/19667/luigi-pirelli>
> * GitHub: https://github.com/luipir
> * Mastering QGIS 2nd Edition:
> *
> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
> <https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition>
>
> **************************************************************************************************
>
>
> On 18 December 2016 at 14:28, <noreply at qgis.org
> <mailto:noreply at qgis.org>> wrote:
>
>
> Plugin AequilibraE approval by pcav.
> The plugin version "[1102] AequilibraE 0.3.3" is now
> approved
> Link: http://plugins.qgis.org/plugins/AequilibraE
> <http://plugins.qgis.org/plugins/AequilibraE>/
> ------------------------------------------------------------------------
>
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> <mailto:Qgis-developer at lists.osgeo.org>
> List info:
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
> <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
> Unsubscribe:
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
> <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
>
>
> ------------------------------------------------------------------------
>
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> <mailto:Qgis-developer at lists.osgeo.org>
> List info:
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
> <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
> Unsubscribe:
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
> <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
More information about the Qgis-developer
mailing list