2016-10-15 15:59 GMT+02:00 Nathan Woodrow <[email protected]>: > Thanks Even. > > Even is right. Security is the main reason that this is implemented this > way, there was loads of discussion around this when we put it in place. > Trusted authors have auto approved plugins but until that point it > requires moderation by one of the team for now until a author gets to that > point. >
I don't want to reduce the problem to a personal one, but I think that an author, that is a programmer that reaches 171128 downloads, could be considered trusted. But the problem is, instead, another, and I have a curiosity: what is the real danger you think can happens from an open gis ? You really have discussed this ? ;) I don't think you are serious. I have, instead a real problem you need to discuss: You well know that there is an important problem with SHP corruption. True ? I know this is true. And also you know. And, you know there is a "minidump" problem at exit, and randomically during running. And this problem is a memory problem. True ? You well know this is true. Also I know that nobody knows from what these bugs depend. Well, I think the efforts and discussions must be used to discover these problems, instead of plugin approvation, without any technical preparation. Not ? Or, if you need a responsibility to give, let it be python and the plugins. But, you are out of road. Look better in C++ source code, expecially where memory pointers are not released, and used out of functions. Perhaps. Good night Roberto > There might be other things we can do to increase the level of security around > this but these will also increase the level of complexity to the system, > signed packages, etc. This all takes times, and effort. > > - Nathan > > > > On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault <[email protected] > > wrote: > >> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit : >> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow <[email protected]>: >> > > Hey, >> > > >> > > Have you raised this as a issue with us. Can't really fix anything if >> > > it's not raised. >> > > >> > > What you suggest we do to make it better? >> > > >> > > Regards, >> > > Nathan >> > >> > Well, good question. I thank you for making me the question. >> > >> > My opinion is : There is no need to have an approval process. What is >> it >> > for ? >> > Who judges the job, maybe months, another programmer, who is giving to >> the >> > community that has developed because of its usefulness ? >> > Maybe Richard Stallman ? By chance Gary Sherman ? >> > Probably would not do it even they. >> > >> > I think right now the approval of the plugin is only a manifestation of >> > power. >> > >> > It is nothing but this. >> > >> > Imagine Wikipedia and prior approval. It would be composed of only ten >> > pages. >> > Imagine OpenStreetMap. Only two roads. Other than free map of the >> world ! >> > >> > Make free plugins. As long as you are on time. >> >> There's an important difference. Neither contributing *data* to Wikipedia >> nor >> OpenStreetMap involves security risk for users of those databases. On the >> contrary contributing a plugin to QGIS is contributing *code* that will >> run >> with the privledges of the user running QGIS, so potentially thefting >> data / >> destroying data / installing malware / doing whatever nasty you can >> imagine. >> >> Making a plugin available in the default repository is like accepting a >> code >> contribution to QGIS core. That involves some form of trust in the >> contributor. >> >> > >> > >> > geodrinx >> > >> > > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX <[email protected]> >> wrote: >> > >> Good morning :) >> > >> >> > >> >> > >> I am here to inform you that I just removed from the repository the >> > >> latest plugin version 3.0.4 of GEarthView, and also other my plugins. >> > >> >> > >> I have taken this decision to draw your attention on the mechanism of >> > >> the plugin approval, which I think is totally insufficient and >> > >> inadequate. >> > >> >> > >> I recommend you review this procedure and pay more attention to whom >> is >> > >> dealing, which should be a technical, and not another. >> > >> >> > >> I am sorry for the difficulties that my decision will cause to >> > >> unsuspecting users of my plugin, but they can continue to download my >> > >> plugin from my official repository on github. >> > >> >> > >> I thank you for your attention >> > >> >> > >> >> > >> Best Regards >> > >> >> > >> Roberto (geodrinx) >> > >> >> > >> _______________________________________________ >> > >> Qgis-developer mailing list >> > >> [email protected] >> > >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> > >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> >> -- >> Spatialys - Geospatial professional services >> http://www.spatialys.com >> > >
_______________________________________________ Qgis-developer mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
