Hi

I meant to reference Even too in my previous comments (in terms of agreeing 
with his comments). See below for more inline replies:



> On 16 Oct 2016, at 1:01 AM, Geo DrinX <geodr...@gmail.com> wrote:
> 
> 
> 
> 2016-10-15 15:59 GMT+02:00 Nathan Woodrow <madman...@gmail.com 
> <mailto:madman...@gmail.com>>:
> Thanks Even.  
> 
> Even is right. Security is the main reason that this is implemented this way, 
> there was loads of discussion around this when we put it in place.
> Trusted authors have auto approved plugins but until that point it requires 
> moderation by one of the team for now until a author gets to that point. 
> 
> I don't want to reduce the problem to a personal one, but I think that an 
> author, that is a programmer that reaches 171128 downloads, could be 
> considered trusted.

Roberto you are well known in the community and I think we know and trust you 
by now :-) 

> 
> But the problem is, instead, another, and I have a curiosity:  what is the 
> real danger you think can happens from an open gis ?   You really have 
> discussed this ?    ;)
> I don't think you are serious.
> 
> I have, instead a real problem you need to discuss:  You well know that there 
> is an important problem with SHP corruption.
> 
> True ?  I know this is true.  And also you know.
> 
> And, you know there is a "minidump" problem at exit, and randomically during 
> running.  And this problem is a memory problem.
> 
> True ?  You well know this is true.   Also I know that nobody knows from what 
> these bugs depend.
> 
> Well, I think the efforts and discussions must be used to discover these 
> problems, instead of plugin approvation, without any technical preparation.  
> Not ?
> 
> Or, if you need a responsibility to give, let it be python and the plugins.  
> But, you are out of road.  Look better in C++ source code, expecially where 
> memory pointers are not released, and used out of functions.  Perhaps.

I don't think it is good logic to say that we should ignore one known problem 
because another exists elsewhere. Rather we should address each problem as and 
when we can using the resources we have. Of course the things you mention above 
are worth fixing and the PSC makes donated funds to developers available 
exactly for the purpose of fixing these kind of issues. We also want to promote 
a plugin repository that contains code that won't remove all files from a 
user's hard drive or worse....

So my summary is : don't take this personally, I think the things we are asking 
for are not unreasonable (given that dozens of plugin developers have already 
complied without complaint) and generally move us towards the direction of a 
better experience for our users and not away from it. OK? If you are still not 
happy, please rather frame the discussion in terms of specific concrete actions 
we can take to improve the plugin approval process, and we can work towards 
implementing them if possible. Thanks!

Regards

Tim


> 
> Good night
> 
> Roberto 
> 
> 
>  
> There might be other things we can do to increase the level of security 
> around this but these will also increase the level of complexity to the 
> system, signed packages, etc. This all takes times, and effort.
> 
> - Nathan
> 
> 
> 
> On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault <even.roua...@spatialys.com 
> <mailto:even.roua...@spatialys.com>> wrote:
> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow <madman...@gmail.com 
> > <mailto:madman...@gmail.com>>:
> > > Hey,
> > >
> > > Have you raised this as a issue with us. Can't really fix anything if
> > > it's not raised.
> > >
> > > What you suggest we do to make it better?
> > >
> > > Regards,
> > > Nathan
> >
> > Well, good question.  I thank you for making me the question.
> >
> > My opinion is :  There is no need to have an approval process.  What is it
> > for ?
> > Who judges the job, maybe months, another programmer, who is giving to the
> > community that has developed because of its usefulness ?
> > Maybe Richard Stallman ?   By chance Gary Sherman  ?
> > Probably would not do it even they.
> >
> > I think right now the approval of the plugin is only a manifestation of
> > power.
> >
> > It is nothing but this.
> >
> > Imagine Wikipedia and prior approval.   It would be composed of only ten
> > pages.
> > Imagine OpenStreetMap. Only two roads.  Other than free map of the world !
> >
> > Make free plugins. As long as you are on time.
> 
> There's an important difference. Neither contributing *data* to Wikipedia nor
> OpenStreetMap involves security risk for users of those databases. On the
> contrary contributing a plugin to QGIS is contributing *code* that will run
> with the privledges of the user running QGIS, so potentially thefting data /
> destroying data / installing malware / doing whatever nasty you can imagine.
> 
> Making a plugin available in the default repository is like accepting a code
> contribution to QGIS core. That involves some form of trust in the
> contributor.
> 
> >
> >
> > geodrinx
> >
> > > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX <geodr...@gmail.com 
> > > <mailto:geodr...@gmail.com>> wrote:
> > >> Good morning   :)
> > >>
> > >>
> > >> I am here to inform you that I just removed from the repository the
> > >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
> > >>
> > >> I have taken this decision to draw your attention on the mechanism of
> > >> the plugin approval, which I think is totally insufficient and
> > >> inadequate.
> > >>
> > >> I recommend you review this procedure and pay more attention to whom is
> > >> dealing, which should be a technical, and not another.
> > >>
> > >> I am sorry for the difficulties that my decision will cause to
> > >> unsuspecting users of my plugin, but they can continue to download my
> > >> plugin from my official repository on github.
> > >>
> > >> I thank you for your attention
> > >>
> > >>
> > >> Best Regards
> > >>
> > >> Roberto (geodrinx)
> > >>
> > >> _______________________________________________
> > >> Qgis-developer mailing list
> > >> Qgis-developer@lists.osgeo.org <mailto:Qgis-developer@lists.osgeo.org>
> > >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer 
> > >> <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
> > >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer 
> > >> <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
> 
> --
> Spatialys - Geospatial professional services
> http://www.spatialys.com <http://www.spatialys.com/>
> 
> 
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer




---

Tim Sutton
QGIS Project Steering Committee Chair
t...@qgis.org




_______________________________________________
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Reply via email to