[QGIS-Developer] QGIS Plugin site

Lova Andriarimalala lova at kartoza.com
Mon Feb 17 21:47:39 PST 2025 

Hello everyone,

We have unfeatured all the featured plugins for now and added a ticket at
https://github.com/qgis/QGIS-Plugins-Website/issues/79 to come up with a
set of rules for when and how plugins get featured.
Please feel free to add your suggestions and continue the discussion there.

Best regards,

Lova Andriarimalala


*QGIS Full Stack Developer   *
*T *: +27(0) 87 809 2702          *E *: lova at kartoza.com          *W* :
kartoza.com



*This email and any attachments are confidential and intended solely for
the use of the individual or entity to whom they are addressed. If you *
*have received this email in error, please notify the sender immediately
and delete it from your system. Unauthorised use, disclosure, or copying*
*of the contents is prohibited.*


On Fri, 14 Feb 2025 at 17:14, Greg Troxel via QGIS-Developer <
qgis-developer at lists.osgeo.org> wrote:

> Emma Hain via QGIS-Developer <qgis-developer at lists.osgeo.org> writes:
>
> > I like this idea of having it reviewed for a cost!
>
> I am not really comfortable with that.  It creates a bias to
> company-produced software.  The costs really should be paid by the
> people that are relying on the safety judgements, not the ones producing
> open-source code.
>
> There is a real issue, and the reality of what people do and don't trust
> does not necessarily line up with what makes sense.
>
> qgis has review and a lot of eyes, so people presume that qgis is safe
> (from a "no malicious code" cyber-security viewpoint).
>
> Some plugins have known authors, and reputations.  Others are new.
> Perhaps more plugins should get moved to core and maintained there by
> PR, but that is probably pushing work on existing people and not
> reasonable.
>
> It might be that a not-maintained label for plugins is in order,
> appplied one year after last update, with filtering those out by
> default.
>
> With respect to the organization, it seems they probably should develop
> a review process and an allowed list, no different than how they treat
> loading any other software onto company computers (or computers with
> company data, whatever).  They could pay for support for review/advice.
> Right now individuals make these judgements; I certainly think about
> plugins before installing them.
>
> Longer term, I wonder about sandboxing plugins, android style, with
> limits on filesystem access and internet access.
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20250218/0640079b/attachment.htm>

More information about the QGIS-Developer mailing list