<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2016-10-15 15:59 GMT+02:00 Nathan Woodrow <span dir="ltr"><<a href="mailto:madmanwoo@gmail.com" target="_blank">madmanwoo@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Thanks Even. <div><br></div><div>Even is right. S<span style="color:rgb(0,0,0);font-size:12.8px">ecurity</span><font color="#000000"><span style="font-size:12.8px"> is the main reason that this is implemented this way, there was loads of discussion around this when we put it in place.</span></font></div><div><span style="font-size:12.8px;color:rgb(0,0,0)">Trusted authors have auto approved plugins but until that point it requires moderation by one of the team for now until a author gets to that point. </span><br></div></div></blockquote><div><br></div><div>I don't want to reduce the problem to a personal one, but I think that an author, that is a programmer that reaches 171128 downloads, could be considered trusted.<br></div><div><br></div><div>But the problem is, instead, another, and I have a curiosity: what is the real danger you think can happens from an open gis ? You really have discussed this ? ;)<br></div><div>I don't think you are serious.<br><br></div><div>I have, instead a real problem you need to discuss: You well know that there is an important problem with SHP corruption.<br><br></div><div>True ? I know this is true. And also you know.<br><br></div><div>And, you know there is a "minidump" problem at exit, and randomically during running. And this problem is a memory problem.<br><br></div><div>True ? You well know this is true. Also I know that nobody knows from what these bugs depend.<br><br></div><div>Well, I think the efforts and discussions must be used to discover these problems, instead of plugin approvation, without any technical preparation. Not ?<br><br></div><div>Or, if you need a responsibility to give, let it be python and the plugins. But, you are out of road. Look better in C++ source code, expecially where memory pointers are not released, and used out of functions. Perhaps.<br><br></div><div>Good night<br><br></div><div>Roberto <br> </div><div><br><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><span style="color:rgb(0,0,0);font-size:12.8px"></span></div><div><span style="color:rgb(0,0,0);font-size:12.8px">There might be other things we can do to increase the level of </span><span style="color:rgb(0,0,0);font-size:12.8px">security</span><font color="#000000"><span style="font-size:12.8px"> around this but these will also increase the level of complexity to the system, signed packages, etc. This all takes times, and effort.</span></font></div><span class="gmail-HOEnZb"><font color="#888888"><div><font color="#000000"><span style="font-size:12.8px"><br></span></font></div><div><font color="#000000"><span style="font-size:12.8px">- Nathan</span></font></div><div><span style="color:rgb(0,0,0);font-size:12.8px"><br></span></div><div><span style="color:rgb(0,0,0);font-size:12.8px"><br></span></div></font></span></div><div class="gmail-HOEnZb"><div class="gmail-h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault <span dir="ltr"><<a href="mailto:even.rouault@spatialys.com" target="_blank">even.rouault@spatialys.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span>Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :<br>
> 2016-10-14 8:42 GMT+02:00 Nathan Woodrow <<a href="mailto:madmanwoo@gmail.com" target="_blank">madmanwoo@gmail.com</a>>:<br>
> > Hey,<br>
> ><br>
> > Have you raised this as a issue with us. Can't really fix anything if<br>
> > it's not raised.<br>
> ><br>
> > What you suggest we do to make it better?<br>
> ><br>
> > Regards,<br>
> > Nathan<br>
><br>
> Well, good question. I thank you for making me the question.<br>
><br>
> My opinion is : There is no need to have an approval process. What is it<br>
> for ?<br>
> Who judges the job, maybe months, another programmer, who is giving to the<br>
> community that has developed because of its usefulness ?<br>
> Maybe Richard Stallman ? By chance Gary Sherman ?<br>
> Probably would not do it even they.<br>
><br>
> I think right now the approval of the plugin is only a manifestation of<br>
> power.<br>
><br>
> It is nothing but this.<br>
><br>
> Imagine Wikipedia and prior approval. It would be composed of only ten<br>
> pages.<br>
> Imagine OpenStreetMap. Only two roads. Other than free map of the world !<br>
><br>
> Make free plugins. As long as you are on time.<br>
<br>
</span>There's an important difference. Neither contributing *data* to Wikipedia nor<br>
OpenStreetMap involves security risk for users of those databases. On the<br>
contrary contributing a plugin to QGIS is contributing *code* that will run<br>
with the privledges of the user running QGIS, so potentially thefting data /<br>
destroying data / installing malware / doing whatever nasty you can imagine.<br>
<br>
Making a plugin available in the default repository is like accepting a code<br>
contribution to QGIS core. That involves some form of trust in the<br>
contributor.<br>
<div class="gmail-m_-680851247263855053HOEnZb"><div class="gmail-m_-680851247263855053h5"><br>
><br>
><br>
> geodrinx<br>
><br>
> > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX <<a href="mailto:geodrinx@gmail.com" target="_blank">geodrinx@gmail.com</a>> wrote:<br>
> >> Good morning :)<br>
> >><br>
> >><br>
> >> I am here to inform you that I just removed from the repository the<br>
> >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.<br>
> >><br>
> >> I have taken this decision to draw your attention on the mechanism of<br>
> >> the plugin approval, which I think is totally insufficient and<br>
> >> inadequate.<br>
> >><br>
> >> I recommend you review this procedure and pay more attention to whom is<br>
> >> dealing, which should be a technical, and not another.<br>
> >><br>
> >> I am sorry for the difficulties that my decision will cause to<br>
> >> unsuspecting users of my plugin, but they can continue to download my<br>
> >> plugin from my official repository on github.<br>
> >><br>
> >> I thank you for your attention<br>
> >><br>
> >><br>
> >> Best Regards<br>
> >><br>
> >> Roberto (geodrinx)<br>
> >><br>
> >> ______________________________<wbr>_________________<br>
> >> Qgis-developer mailing list<br>
> >> <a href="mailto:Qgis-developer@lists.osgeo.org" target="_blank">Qgis-developer@lists.osgeo.org</a><br>
> >> List info: <a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">http://lists.osgeo.org/mailman<wbr>/listinfo/qgis-developer</a><br>
> >> Unsubscribe: <a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">http://lists.osgeo.org/mailman<wbr>/listinfo/qgis-developer</a><br>
<br>
</div></div><span class="gmail-m_-680851247263855053HOEnZb"><font color="#888888">--<br>
Spatialys - Geospatial professional services<br>
<a href="http://www.spatialys.com" rel="noreferrer" target="_blank">http://www.spatialys.com</a><br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>