Thanks Even.

Even is right. Security is the main reason that this is implemented this
way, there was loads of discussion around this when we put it in place.
Trusted authors have auto approved plugins but until that point it requires
moderation by one of the team for now until a author gets to that point.

There might be other things we can do to increase the level of security around
this but these will also increase the level of complexity to the system,
signed packages, etc. This all takes times, and effort.

- Nathan



On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault <even.roua...@spatialys.com>
wrote:

> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow <madman...@gmail.com>:
> > > Hey,
> > >
> > > Have you raised this as a issue with us. Can't really fix anything if
> > > it's not raised.
> > >
> > > What you suggest we do to make it better?
> > >
> > > Regards,
> > > Nathan
> >
> > Well, good question.  I thank you for making me the question.
> >
> > My opinion is :  There is no need to have an approval process.  What is
> it
> > for ?
> > Who judges the job, maybe months, another programmer, who is giving to
> the
> > community that has developed because of its usefulness ?
> > Maybe Richard Stallman ?   By chance Gary Sherman  ?
> > Probably would not do it even they.
> >
> > I think right now the approval of the plugin is only a manifestation of
> > power.
> >
> > It is nothing but this.
> >
> > Imagine Wikipedia and prior approval.   It would be composed of only ten
> > pages.
> > Imagine OpenStreetMap. Only two roads.  Other than free map of the world
> !
> >
> > Make free plugins. As long as you are on time.
>
> There's an important difference. Neither contributing *data* to Wikipedia
> nor
> OpenStreetMap involves security risk for users of those databases. On the
> contrary contributing a plugin to QGIS is contributing *code* that will run
> with the privledges of the user running QGIS, so potentially thefting data
> /
> destroying data / installing malware / doing whatever nasty you can
> imagine.
>
> Making a plugin available in the default repository is like accepting a
> code
> contribution to QGIS core. That involves some form of trust in the
> contributor.
>
> >
> >
> > geodrinx
> >
> > > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX <geodr...@gmail.com> wrote:
> > >> Good morning   :)
> > >>
> > >>
> > >> I am here to inform you that I just removed from the repository the
> > >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
> > >>
> > >> I have taken this decision to draw your attention on the mechanism of
> > >> the plugin approval, which I think is totally insufficient and
> > >> inadequate.
> > >>
> > >> I recommend you review this procedure and pay more attention to whom
> is
> > >> dealing, which should be a technical, and not another.
> > >>
> > >> I am sorry for the difficulties that my decision will cause to
> > >> unsuspecting users of my plugin, but they can continue to download my
> > >> plugin from my official repository on github.
> > >>
> > >> I thank you for your attention
> > >>
> > >>
> > >> Best Regards
> > >>
> > >> Roberto (geodrinx)
> > >>
> > >> _______________________________________________
> > >> Qgis-developer mailing list
> > >> Qgis-developer@lists.osgeo.org
> > >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> > >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
> --
> Spatialys - Geospatial professional services
> http://www.spatialys.com
>
_______________________________________________
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Reply via email to