[Qgis-developer] About my plugins ...

Geo DrinX geodrinx at gmail.com
Sat Oct 15 15:01:04 PDT 2016


2016-10-15 15:59 GMT+02:00 Nathan Woodrow <madmanwoo at gmail.com>:

> Thanks Even.
>
> Even is right. Security is the main reason that this is implemented this
> way, there was loads of discussion around this when we put it in place.
> Trusted authors have auto approved plugins but until that point it
> requires moderation by one of the team for now until a author gets to that
> point.
>

I don't want to reduce the problem to a personal one, but I think that an
author, that is a programmer that reaches 171128 downloads, could be
considered trusted.

But the problem is, instead, another, and I have a curiosity:  what is the
real danger you think can happens from an open gis ?   You really have
discussed this ?    ;)
I don't think you are serious.

I have, instead a real problem you need to discuss:  You well know that
there is an important problem with SHP corruption.

True ?  I know this is true.  And also you know.

And, you know there is a "minidump" problem at exit, and randomically
during running.  And this problem is a memory problem.

True ?  You well know this is true.   Also I know that nobody knows from
what these bugs depend.

Well, I think the efforts and discussions must be used to discover these
problems, instead of plugin approvation, without any technical
preparation.  Not ?

Or, if you need a responsibility to give, let it be python and the
plugins.  But, you are out of road.  Look better in C++ source code,
expecially where memory pointers are not released, and used out of
functions.  Perhaps.

Good night

Roberto




> There might be other things we can do to increase the level of security around
> this but these will also increase the level of complexity to the system,
> signed packages, etc. This all takes times, and effort.
>
> - Nathan
>
>
>
> On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault <even.rouault at spatialys.com
> > wrote:
>
>> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
>> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow <madmanwoo at gmail.com>:
>> > > Hey,
>> > >
>> > > Have you raised this as a issue with us. Can't really fix anything if
>> > > it's not raised.
>> > >
>> > > What you suggest we do to make it better?
>> > >
>> > > Regards,
>> > > Nathan
>> >
>> > Well, good question.  I thank you for making me the question.
>> >
>> > My opinion is :  There is no need to have an approval process.  What is
>> it
>> > for ?
>> > Who judges the job, maybe months, another programmer, who is giving to
>> the
>> > community that has developed because of its usefulness ?
>> > Maybe Richard Stallman ?   By chance Gary Sherman  ?
>> > Probably would not do it even they.
>> >
>> > I think right now the approval of the plugin is only a manifestation of
>> > power.
>> >
>> > It is nothing but this.
>> >
>> > Imagine Wikipedia and prior approval.   It would be composed of only ten
>> > pages.
>> > Imagine OpenStreetMap. Only two roads.  Other than free map of the
>> world !
>> >
>> > Make free plugins. As long as you are on time.
>>
>> There's an important difference. Neither contributing *data* to Wikipedia
>> nor
>> OpenStreetMap involves security risk for users of those databases. On the
>> contrary contributing a plugin to QGIS is contributing *code* that will
>> run
>> with the privledges of the user running QGIS, so potentially thefting
>> data /
>> destroying data / installing malware / doing whatever nasty you can
>> imagine.
>>
>> Making a plugin available in the default repository is like accepting a
>> code
>> contribution to QGIS core. That involves some form of trust in the
>> contributor.
>>
>> >
>> >
>> > geodrinx
>> >
>> > > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX <geodrinx at gmail.com>
>> wrote:
>> > >> Good morning   :)
>> > >>
>> > >>
>> > >> I am here to inform you that I just removed from the repository the
>> > >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
>> > >>
>> > >> I have taken this decision to draw your attention on the mechanism of
>> > >> the plugin approval, which I think is totally insufficient and
>> > >> inadequate.
>> > >>
>> > >> I recommend you review this procedure and pay more attention to whom
>> is
>> > >> dealing, which should be a technical, and not another.
>> > >>
>> > >> I am sorry for the difficulties that my decision will cause to
>> > >> unsuspecting users of my plugin, but they can continue to download my
>> > >> plugin from my official repository on github.
>> > >>
>> > >> I thank you for your attention
>> > >>
>> > >>
>> > >> Best Regards
>> > >>
>> > >> Roberto (geodrinx)
>> > >>
>> > >> _______________________________________________
>> > >> Qgis-developer mailing list
>> > >> Qgis-developer at lists.osgeo.org
>> > >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> > >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>> --
>> Spatialys - Geospatial professional services
>> http://www.spatialys.com
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20161016/52233919/attachment.html>


More information about the Qgis-developer mailing list