Hi Larry, On Sat, Mar 10, 2012 at 4:43 PM, Larry Shaffer <[email protected]> wrote: > On Sat, Mar 10, 2012 at 3:04 AM, Alexander Bruy > <[email protected]> wrote: >> ... >> We can't be sure that 3rd party binaries are safe and there are no security >> risks (especially on Windows). Python code can be verified by user. I know >> that not all users are programers but at least this is possible. But >> verifying >> binary file almost impossible. > > I've been using the Mac version of QGIS, compiled and packaged by a > 'third party' (Mr. Kyngesburye), for years. I have run his installers > and compiled programs countless times, just as any other regular Mac > QGIS user.
it's not the same... If Kyngchaos were not Kyngchaos his packages would not be in the QGis download page. > This should be the same for plugins. Let the user decide. I do not agree. In the plugins repo anyone can create a new plugin then would be very unsafe to allow compiled code which nobody can verify. The user expects that a plugin in the QGis repository is safe, otherwise this can strongly damage the QGis reputation. > However, the > user should be informed, if a plugin requires additional software, > regardless of origin, at the appropriate time. +1, this work is partially done from the plugins installer which shows a message when a python module is missing, but the message not enough intuitive for users. Let's try to simplify the life to users: if the plugin's author adds important information (e.g. required libs) to a README file, the plugins repo may display them in the plugin page (like GitHub does). Wouldn't it be enough? Regards. > > >> 2012/3/10 <[email protected]>: >>> ... >>> IMHO, a plugin should work out of the box, on all platforms. >>> The "Experimental" flag could be used for such plugins that require >>> compilation or other third parties elements that are not delivered in >>> standard. > > There are many plugins that do not work 'out of the box.' IPython for > example. On my Mac, I recently had to compile the zeromq package to > get its python bindings to work. It was totally worth the effort, > though I doubt most regular Mac users would do this. This should not > mean that the plugin remain eternally stuck in the 'Experimental' > category, especially if it is stable for use otherwise. > > > I have spent many, many hours working on a plugin for QGIS that > requires the QScintilla PyQt binding. While this can be included in > the source builds for QGIS (which I'd like to see), I have, for now, > pre-compiled small versions of Qsci.so for both 10.6 and 10.7 Mac > OSes. I do not see my small 'third party' installer of compiled > software as anything different than what Mr. Kyngesburye is providing. > Nor do I see it as any different than explaining to a Ubuntu user to > run 'apt-get python-qscintilla2' (also requiring admin permission). > > I agree there needs to be some modicum of control, but I can't image > the state of add-ons for Firefox, if Mozilla took the same tack. I > think having plugins not install binaries via the plugin installer, > and their developers clearly notifying the user of any extra installs > is enough. Let the users decide beyond that. > > Regards, > > Larry Shaffer > Dakota Cartography > Black Hills, South Dakota > _______________________________________________ > Qgis-developer mailing list > [email protected] > http://lists.osgeo.org/mailman/listinfo/qgis-developer -- Giuseppe Sucameli _______________________________________________ Qgis-developer mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-developer
