2014-06-02 17:12 GMT+02:00 Martin Dobias <[email protected]>: > Hi > > I have just found out there is a plugin "Vgi2Shp" in QGIS plugin > repository, all of its functionality is in a .pyc file - compiled > python module, with no source code (.py). Also the code repository on > GitHub is completely empty. I believe this is not allowed under the > terms of GNU GPL - and probably we do not want to allow such code in > the repository (basically it is an opaque binary blob). What are your > opinions? > > I think we could create a list of unwanted python extensions which > should not be allowed, e.g.: > - .pyc (compiled .py) > - .pyo (optimized .pyc) > - .pyd (compiled module) > > It is clear that this cannot serve as a real security measure as it is > easy for malicious code to work that around anyway - I think it should > be merely a warning to the developers that they may be doing something > wrong. (Packaging a .pyc file is normally useless and just inflates > package size - the .pyc will be created automatically by the > interpreter). > > Hi Martin,
We can add a rule in the validator.py to generate a warning when a blacklisted extension is in the package. Checking if for each .pyc there is also a .py is a bit more complicated but also possible. -- Alessandro Pasotti w3: www.itopen.it
_______________________________________________ Qgis-developer mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-developer
