[QGIS-Developer] Unblock legacy db-manager plugin
Julien Moura (Oslandia)
julien.moura at oslandia.com
Wed Jun 24 01:41:34 PDT 2026
Hi Nyall,
Thank you for moving this issue forward to make QGIS more maintainable.
However, unless I'm mistaken, I haven't received a response to my
comment (https://github.com/qgis/QGIS-Enhancement-Proposals/pull/385#
issue-comment-4657354328) on the QEP asking to follow a phased
deprecation plan and to properly inform users and developers before it
takes effect.
I think this is really important, because as you yourself write here and
there, QGIS is no longer a hobby project or one that can introduce
breaking changes without considering end users.
Can we please wait to establish a clear plan to communicate and make the
removal progressive (and no merging
https://github.com/qgis/QGIS/pull/66545 right now)?
kind regards,
Julien
Le 24/06/2026 à 07:41, Nyall Dawson via QGIS-Developer a écrit :
> On Wed, 24 Jun 2026 at 15:38, Lova Andriarimalala <lova at kartoza.com> wrote:
>> Hi Nyall,
>>
>> I have unblocked the version from security flags and made it ready for review and approval. The "Security issue detected" badge is still shown but it won't block approval.
>>
>> Hopefully, we will deploy https://github.com/qgis/QGIS-Plugins-Website/pull/316 soon so plugins authors can properly skip specific checks. We are still waiting for some authors to confirm their email by the 10 July expiration date so we can communicate this properly.
>> Until then, please let me know if a new version of this plugin is coming that needs to be unblocked from flagged security issues.
> Thanks Lova, much appreciated!
>
> Nyall
>
>> Best regards,
>>
>> Lova Andriarimalala
>> QGIS Full Stack Developer
>>
>> T : +27(0) 87 809 2702 E : lova at kartoza.com W : kartoza.com
>>
>>
>>
>> This email and any attachments are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you
>> have received this email in error, please notify the sender immediately and delete it from your system. Unauthorised use, disclosure, or copying
>> of the contents is prohibited.
>>
>>
>> On Wed, 24 Jun 2026 at 01:40, Nyall Dawson via QGIS-Developer <qgis-developer at lists.osgeo.org> wrote:
>>> Hi list,
>>>
>>> In order to implement the demotion of db manager to a community plugin (See https://github.com/qgis/QGIS-Enhancement-Proposals/blob/master/qep-426-demote_dbmanager.md) I need to be able to push a current version of that plugin to the plugin repository.
>>>
>>> I've tried this at https://plugins.qgis.org/plugins/db_manager/, but the plugin is flagged with over 100 security issues due to extensive use of exec and SQL injection risks.
>>>
>>> Short story: I'm not going to fix these. (And it's a little ironic that we've got more stringent requirements on 3rd party plugins then a previously default-installed official plugin 😂😂😂😂)
>>>
>>> Can someone with appropriate rights allow-list this plugin to skip the security scan for now?
>>>
>>> Nyall
>>>
>>> _______________________________________________
>>> QGIS-Developer mailing list
>>> QGIS-Developer at lists.osgeo.org
>>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
--
Oslandia
<https://oslandia.com/?utm_source=email&utm_campaign=signature_oslandia&utm_medium=email>
- Livre blanc pour migrer/hybrider son SIG
<https://oslandia.com/livre-blanc-migration-sig-opensource/?utm_source=email&utm_campaign=signature_oslandia&utm_medium=email>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20260624/5fa1c394/attachment.sig>
More information about the QGIS-Developer
mailing list