[QGIS-Developer] How to deal with QGIS plugins which install additional packages
Greg Troxel
gdt at lexort.com
Tue Oct 22 16:19:55 PDT 2024
Thomas B via QGIS-Developer <qgis-developer at lists.osgeo.org> writes:
> Dear QGIS-Developers,
>
> Are there any guidelines from the QGIS project regarding whether a QGIS
> plugin is allowed to autonomously install required packages using PIP or
> similar tools without manual installation by the user?
>
> While this might seem convenient, I see it as a potential security risk,
> especially if the user is not explicitly informed about what is happening
> in the background.
Agreed this is not ok. I think a plugin downloading anything to be
executed or interpreted should be entirely prohibited.
More information about the QGIS-Developer
mailing list