[Qgis-developer] About my plugins ...

Nathan Woodrow madmanwoo at gmail.com
Sun Oct 16 05:01:14 PDT 2016 

Hi,

But in the case of a gis, open or not, the maximum damage that a plugin can do
> is produce the prints off the press sheet.


This is not the case at all.  You can run any code you want, there is no
limits as we have a fully functioning Python environment in order to run
plugins.
You can do damage with any programming language, ever heard of a fork bomb?


>
> Rather, I would see the most important working upstream python environment
> , and the plugin to work in a sand-safe box.
>

Sandboxing a Python environment is almost impossible in any good functional
way. It can be done yes, maybe, but would require a large amount of
effort to do well, a task which myself, nor any of the other team, have
time to embark on.


> The plugin approval phase  is now only a sort of prior censorship, given
> into the hand of a dark presenteeism that moves according to his personal
> sympathies, with its time and its summary judgments.


This is not the case at all, and please do not continue to frame it this
way. The process is there for a reason, and it is **not** for censorship.

Here are some things you might be asked for before approval:

- Do you have a good description?
- Do you have a link to the plugin source? (required under GPL although you
will get it anyway when you pull the plugin in QGIS)
- Do you fit into GPL - e.g you can't upload a plugin that uses a closed
source component**
- Yes you may be asked to review a licence files for included packages if
you bundle them
- If you plugin is a fork of another plugin would you considering merging
with original.  This is to reduce the number of plugins that do the same
thing.
- etc etc

This might feel like censorship to some however I can 100% assure you
again, this is never the intent nor reason.  This is simply a review
process, or
attempt at one to possibly flag issues up front.  A lot of us already deal
at this level when working on core code.

QGIS has a increasing user base every year, this comes with some risks and
processes that need to be in place.  QGIS isn't simply a small project
used by a few people with no one caring about user experience or pain.
Processes we put in place will not always be liked by everyone, but you
should
never assume there is evil intent behind it because there never is.

This is what I think should be done, not to be left to the stone age.   :


That is all fine however we all are generally pretty busy with other
development or day jobs. A lot of things you would like to see simply can
not be wished into existence.

- Nathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20161016/cb62038b/attachment.html>

More information about the Qgis-developer mailing list