<div dir="ltr"><div>Hello everyone,</div><div><br></div><div>We have unfeatured all the featured plugins for now and added a ticket at <a href="https://github.com/qgis/QGIS-Plugins-Website/issues/79">https://github.com/qgis/QGIS-Plugins-Website/issues/79</a> to come up with a set of rules for when and how plugins get featured.</div><div>Please feel free to add your suggestions and continue the discussion there.</div><div><br></div><div>Best regards,</div><div><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(34,34,34)">Lova Andriarimalala</div><div style="color:rgb(34,34,34)"><b>QGIS Full Stack Developer <br><br></b></div><div style="color:rgb(34,34,34)"><b>T </b>: +27(0) 87 809 2702 <b>E </b>:<b> </b><a href="mailto:lova@kartoza.com" style="color:rgb(17,85,204)" target="_blank">lova@kartoza.com</a> <b>W</b> : <a href="http://kartoza.com" style="color:rgb(17,85,204)" target="_blank">kartoza.com</a><br></div><div style="color:rgb(34,34,34)"><br></div><div style="color:rgb(34,34,34)"><div><img src="https://kartoza.com/files/KartozaEmailSignature.gif"><br></div><div><br></div><i>This email and any attachments are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you </i><div><i>have received this email in error, please notify the sender immediately and delete it from your system. Unauthorised use, disclosure, or copying</i></div><div><i>of the contents is prohibited.</i></div></div></div></div></div><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, 14 Feb 2025 at 17:14, Greg Troxel via QGIS-Developer <<a href="mailto:qgis-developer@lists.osgeo.org">qgis-developer@lists.osgeo.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Emma Hain via QGIS-Developer <<a href="mailto:qgis-developer@lists.osgeo.org" target="_blank">qgis-developer@lists.osgeo.org</a>> writes:<br>
<br>
> I like this idea of having it reviewed for a cost!<br>
<br>
I am not really comfortable with that. It creates a bias to<br>
company-produced software. The costs really should be paid by the<br>
people that are relying on the safety judgements, not the ones producing<br>
open-source code.<br>
<br>
There is a real issue, and the reality of what people do and don't trust<br>
does not necessarily line up with what makes sense.<br>
<br>
qgis has review and a lot of eyes, so people presume that qgis is safe<br>
(from a "no malicious code" cyber-security viewpoint).<br>
<br>
Some plugins have known authors, and reputations. Others are new.<br>
Perhaps more plugins should get moved to core and maintained there by<br>
PR, but that is probably pushing work on existing people and not<br>
reasonable.<br>
<br>
It might be that a not-maintained label for plugins is in order,<br>
appplied one year after last update, with filtering those out by<br>
default.<br>
<br>
With respect to the organization, it seems they probably should develop<br>
a review process and an allowed list, no different than how they treat<br>
loading any other software onto company computers (or computers with<br>
company data, whatever). They could pay for support for review/advice.<br>
Right now individuals make these judgements; I certainly think about<br>
plugins before installing them.<br>
<br>
Longer term, I wonder about sandboxing plugins, android style, with<br>
limits on filesystem access and internet access.<br>
_______________________________________________<br>
QGIS-Developer mailing list<br>
<a href="mailto:QGIS-Developer@lists.osgeo.org" target="_blank">QGIS-Developer@lists.osgeo.org</a><br>
List info: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br>
Unsubscribe: <a href="https://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/qgis-developer</a><br>
</blockquote></div>