[QGIS-Developer] Mitigating security risks of the Official Plugin Repository
Borys Jurgiel
lists at borysjurgiel.pl
Fri Jan 26 00:19:18 PST 2018
Dnia czwartek, 25 stycznia 2018 23:37:12 CET Daniel Silk pisze:
> in my startup script then the official repository is successfully
> replaced by our internal repository. Great!
IIRC this stubborn overwriting your URL by the plugin installer was added in
QGIS 1.8, when we changed the official URL. So now I don't see any reasons to
not remove it from master. I mean the URL would be added only if doesn't
exist.
> > btw If you find useful an enhancement, please file a PR with you
> > general solution that can be useful to other users.
>
> If I submitted a PR that added a filter for trusted plugins similar to
> the filters for experimental and deprecated plugins, could that only
> be added to QGIS 3.2 (as a new feature)? Not 2.18?
Last time when I submitted such PR (#5484), it ended up with removing the
distinction of trusted status from the manager ;)
https://github.com/qgis/QGIS/commit/4b0607a71fb9f981bf50a
For more info, see the conclusions of this discussion: https://
lists.osgeo.org/pipermail/qgis-developer/2017-September/049695.html
So I'm afraid the trusted status won't be useful any more.
Regards,
Borys
More information about the QGIS-Developer
mailing list