[Qgis-psc] Blog post for trusted plugins

Thu Aug 18 11:58:47 PDT 2016

Hi Paolo

I did a pass over to mainly make it a little easier to read. Here is my edited version. My comments follow after:

-----

The core team of QGIS strives hard to provide the most advanced and
user friendly GIS for free use by everyone. As a corollary, we are very
careful about security, both of our source code and of the installers,
using state of the art technology and practices to ensure no malicious
or dangerous code ever hits end users.

The vast majority of our plugins (listed in http://plugins.qgis.org/ and
inside your copy of QGIS) are however developed by third parties, either
individuals, companies, and institutions. As such, they are outside our
direct control, and might represent a security risk. We are convinced
the risk is small, because of many factors including the "many eyes"
principle (the code is visible to everybody, and in use by thousands of
people), but cannot exclude it the possibility that someone tries to inject malicious code into a plugin.

In order to improve the situation, we looked into the opportunity of
implementing automatic tools to scan plugins, before their publication,
and spot potential problems. This approach would be very difficult and costly, and
easy to circumvent. 

We decided therefore to implement a simple yet robust approach to
security, based on the best available evidence: trust based on personal
knowledge. The current implementation therefore lists all plugins by
well known members of the QGIS community, that regularly meet twice a
year on the QGIS developer meetings, and are in almost daily contact
with the core team, as "trusted". All the rest (and there are wonderful,
reliable, robust, and useful plugins in the list) miss the "trusted"
label. We would like to stress this point, does not mean that they are
not trusted, but only that we cannot reasonably guarantee they are.

Of course, we would be delighted if a side effect of this choice would
be to stimulate a more active involvement of plugin developers in the
community. All plugin developers are therefore invited to join us at one
of the next developer meetings (AKA HackFest).

---------

I agree with Anita - I don't think that attending Hackfest meetings is a fair requirement. If it is someone we know well via other channels (e.g. Mathieu Pellerin) I think we could quite comfortable give them trusted status.

I am also quite nervous about some of the statements about how much due diligence we due in terms of security checking. Maybe we could remove the first two paragraphs above and just use more generic phrasing like:

"In the core QGIS project, every line of code that gets committed is subject to peer review when contributed by a non code developer. This gives us an opportunity to identify and correct inadvertent or intentional security issues that a developer my introduce to the code base. By contrast, all of the plugins that are published via the QGIS plugin repository are reviewed by the plugin developers themselves and we don't have good insight into how much due diligence is applied to plugin code management."

What do you think?

Regards

Tim

> On 18 Aug 2016, at 7:48 PM, Paolo Cavallini <cavallini at faunalia.it> wrote:
> 
> Il 18/08/2016 19:33, Giovanni Manghi ha scritto:
> 
>> could someone then please tag as trusted
>> 
>> http://plugins.qgis.org/plugins/postgis_geoprocessing/
>> http://plugins.qgis.org/plugins/ntv2_transformations/
> 
> Done, thanks Giovanni.
> 
> -- 
> Paolo Cavallini - www.faunalia.eu
> QGIS & PostGIS courses: http://www.faunalia.eu/training.html
> _______________________________________________
> Qgis-psc mailing list
> Qgis-psc at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-psc

---

Tim Sutton
QGIS Project Steering Committee Chair
tim at qgis.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20160818/763dceec/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qgis_icon.jpg
Type: image/jpeg
Size: 4642 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20160818/763dceec/attachment.jpg>