Hi I have just found out there is a plugin "Vgi2Shp" in QGIS plugin repository, all of its functionality is in a .pyc file - compiled python module, with no source code (.py). Also the code repository on GitHub is completely empty. I believe this is not allowed under the terms of GNU GPL - and probably we do not want to allow such code in the repository (basically it is an opaque binary blob). What are your opinions?
I think we could create a list of unwanted python extensions which should not be allowed, e.g.: - .pyc (compiled .py) - .pyo (optimized .pyc) - .pyd (compiled module) It is clear that this cannot serve as a real security measure as it is easy for malicious code to work that around anyway - I think it should be merely a warning to the developers that they may be doing something wrong. (Packaging a .pyc file is normally useless and just inflates package size - the .pyc will be created automatically by the interpreter). The question is whether to allow also other binary executables / libraries, such as: - .exe - .dll - .bat - .com - .scr (windows screensaver - same as .exe) - .so [1] https://plugins.qgis.org/plugins/Vgi2ShpConverter/ Regards Martin _______________________________________________ Qgis-developer mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-developer
