Il 02/06/2014 17:12, Martin Dobias ha scritto: > I have just found out there is a plugin "Vgi2Shp" in QGIS plugin > repository, all of its functionality is in a .pyc file - compiled > python module, with no source code (.py). Also the code repository on > GitHub is completely empty. I believe this is not allowed under the > terms of GNU GPL - and probably we do not want to allow such code in > the repository (basically it is an opaque binary blob). What are your > opinions? > > I think we could create a list of unwanted python extensions which > should not be allowed, e.g.: > - .pyc (compiled .py) > - .pyo (optimized .pyc) > - .pyd (compiled module) > > It is clear that this cannot serve as a real security measure as it is > easy for malicious code to work that around anyway - I think it should > be merely a warning to the developers that they may be doing something > wrong. (Packaging a .pyc file is normally useless and just inflates > package size - the .pyc will be created automatically by the > interpreter). > > The question is whether to allow also other binary executables / > libraries, such as: > - .exe > - .dll > - .bat > - .com > - .scr (windows screensaver - same as .exe) > - .so > > [1] https://plugins.qgis.org/plugins/Vgi2ShpConverter/
Thanks Marting for pointing this out. This is also mentioned in the updated guidelines. During my approval process I regularly check the above, so I believe somebody else approved the plugin you mentioned. Of course an hard constraint on the Django application would be preferable. BTW, I now cannot switch between https://plugins.qgis.org/plugins/Vgi2ShpConverter/#plugin-details and https://plugins.qgis.org/plugins/Vgi2ShpConverter/#plugin-versions etc.: anything wrong with the application? All the best. -- Paolo Cavallini - www.faunalia.eu Corsi QGIS e PostGIS: http://www.faunalia.eu/training.html _______________________________________________ Qgis-developer mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-developer
