[Qgis-developer] Plugin [1102] AequilibraE approval notification.

Matthias Kuhn matthias at opengis.ch
Mon Dec 19 02:06:43 PST 2016


Hi Pedro,

No, I just wanted to understand exactly, what the problems with compiled
code (in general) are. With a clear problem statement it's easier to
discuss a solution - and you can hopefully continue to ship your plugin
through the plugin infrastructure.

Matthias

On 12/19/2016 09:42 AM, Pedro Camargo wrote:
> Hi Matthias,
> 
> Was the question directed to me?
> 
> If so, my objective is to make the code as efficient as possible (by
> having it in Cython) and available in as many platforms as possible.
> 
> Cheers,
> Pedro
> 
> On Mon, Dec 19, 2016 at 6:40 PM, Matthias Kuhn <matthias at opengis.ch
> <mailto:matthias at opengis.ch>> wrote:
> 
>     Hi all
> 
>     What's the main goal? Code availability? Security? Platform
>     independency?
>     Just curious.
> 
>     All the best
>     Matthias
> 
>     On December 19, 2016 9:25:29 AM GMT+01:00, Luigi Pirelli
>     <luipir at gmail.com <mailto:luipir at gmail.com>> wrote:
> 
>         Hi Pedro,
> 
>         Nothing personal, your case is a common case due the fact to many
>         cases where to integrate external executables or shared objects.
> 
>         we can have a way to certificate this binary (e.g. signing
>         process but
>         could become harder develop plugins, checksums). In the meantime, I
>         strongly suggest to a have a two phase plugin. A first phase that
>         prepare running environment downloading so or dll from someware with
>         the user consensous, and then the running phase.
> 
>         in this way you can facilitate users to access plugin thanks to qgis
>         repo, and turn around plugin limitations that community gave for
>         user
>         security.
> 
>         regards
>         Luigi Pirelli
> 
>         **************************************************************************************************
>         * Boundless QGIS Support/Development: lpirelli AT boundlessgeo
>         DOT com
>         * LinkedIn: https://www.linkedin.com/in/luigipirelli
>         <https://www.linkedin.com/in/luigipirelli>
>         * Stackexchange:
>         http://gis.stackexchange.com/users/19667/luigi-pirelli
>         <http://gis.stackexchange.com/users/19667/luigi-pirelli>
>         * GitHub: https://github.com/luipir
>         * Mastering QGIS 2nd Edition:
>         *
>         https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
>         <https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition>
>         **************************************************************************************************
> 
> 
>         On 19 December 2016 at 08:25, Pedro Camargo
>         <veigacamargo at gmail.com <mailto:veigacamargo at gmail.com>> wrote:
> 
>             Hi Luigi and Paolo,
> 
>             I corrected the problems you pointed out with AequilibraE and
>             re-uploaded it.
> 
>             Luigi's concern with malicious code is a very valid one, and
>             I would
>             actually appreciate to have a manner to have it checked.
>             However, I would
>             appreciate if we could find a solution that does not prevent
>             us from having
>             plugins that are compiled.
> 
>             As Luigi pointed out, the code is written in Cython to
>             increase performance
>             of the software, but it is still 5.5x slower than the
>             proprietary software
>             that I used as a benchmark. In a nutshell, if it cannot be
>             compiled, it will
>             never fly. So I would ask you guys to be considerate of this
>             point.
> 
>             My concerns might not even be valid, and I do apologize if
>             that is the case.
>             I just must admit that, as an amateur software developer, I
>             miss some of the
>             jargon used here when talking about more technical issues on
>             software
>             development.
> 
>             Cheers,
>             Pedro
> 
>             On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli
>             <luipir at gmail.com <mailto:luipir at gmail.com>> wrote:
> 
> 
>                 Hi List
> 
>                 The Binary problem (?):
>                 In this recently added plugin I can find cython modules
>                 precompiled in
>                 forms odf pyd, or so. (and relative cython code)
>                 Following the presentation in:
>                 https://www.youtube.com/watch?v=zz3jbM_JBTo
>                 <https://www.youtube.com/watch?v=zz3jbM_JBTo>
>                 I understand that the reason is performance, but how to
>                 prevent
>                 loading malicious shared objects?
> 
>                 * probably we should start to plan a safe infrastructure
>                 to allow
>                 uploading plugin with compiled modules... any idea other
>                 than a simple
>                 checksum?
> 
>                 The license problem (?):
>                 other question is regarding the cython algorithm. I can
>                 read in
> 
>                 https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23
>                 <https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23>
>                 "Codes for route ennumeration, DAG construction and Link
>                 nesting were
>                 written by Pedro Camargo (2013) and have all their
>                 rights reserved to
>                 the author"
> 
>                 Obviously the author has right reserved, an in the same
>                 code the
>                 author refer to the LICENSE.txt that is a standard GPL
>                 license:
>                 here:
>                 https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18
>                 <https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18>
>                 and here:
>                 https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT
>                 <https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT>
> 
>                 how should we have to read the "right reserved" sencence
>                 by the author?
> 
>                 regards
>                 Luigi Pirelli
> 
> 
>                 **************************************************************************************************
>                 * Boundless QGIS Support/Development: lpirelli AT
>                 boundlessgeo DOT com
>                 * LinkedIn: https://www.linkedin.com/in/luigipirelli
>                 <https://www.linkedin.com/in/luigipirelli>
>                 * Stackexchange:
>                 http://gis.stackexchange.com/users/19667/luigi-pirelli
>                 <http://gis.stackexchange.com/users/19667/luigi-pirelli>
>                 * GitHub: https://github.com/luipir
>                 * Mastering QGIS 2nd Edition:
>                 *
>                 https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
>                 <https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition>
> 
>                 **************************************************************************************************
> 
> 
>                 On 18 December 2016 at 14:28, <noreply at qgis.org
>                 <mailto:noreply at qgis.org>> wrote:
> 
> 
>                     Plugin AequilibraE approval by pcav.
>                     The plugin version "[1102] AequilibraE 0.3.3" is now
>                     approved
>                     Link: http://plugins.qgis.org/plugins/AequilibraE
>                     <http://plugins.qgis.org/plugins/AequilibraE>/
>                     ------------------------------------------------------------------------
> 
>                     Qgis-developer mailing list
>                     Qgis-developer at lists.osgeo.org
>                     <mailto:Qgis-developer at lists.osgeo.org>
>                     List info:
>                     http://lists.osgeo.org/mailman/listinfo/qgis-developer
>                     <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
>                     Unsubscribe:
>                     http://lists.osgeo.org/mailman/listinfo/qgis-developer
>                     <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
> 
> 
>         ------------------------------------------------------------------------
> 
>         Qgis-developer mailing list
>         Qgis-developer at lists.osgeo.org
>         <mailto:Qgis-developer at lists.osgeo.org>
>         List info:
>         http://lists.osgeo.org/mailman/listinfo/qgis-developer
>         <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
>         Unsubscribe:
>         http://lists.osgeo.org/mailman/listinfo/qgis-developer
>         <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
> 
> 
>     -- 
>     Sent from my Android device with K-9 Mail. Please excuse my brevity.
> 
> 


More information about the Qgis-developer mailing list