Hi, But in the case of a gis, open or not, the maximum damage that a plugin can do > is produce the prints off the press sheet.
This is not the case at all. You can run any code you want, there is no limits as we have a fully functioning Python environment in order to run plugins. You can do damage with any programming language, ever heard of a fork bomb? > > Rather, I would see the most important working upstream python environment > , and the plugin to work in a sand-safe box. > Sandboxing a Python environment is almost impossible in any good functional way. It can be done yes, maybe, but would require a large amount of effort to do well, a task which myself, nor any of the other team, have time to embark on. > The plugin approval phase is now only a sort of prior censorship, given > into the hand of a dark presenteeism that moves according to his personal > sympathies, with its time and its summary judgments. This is not the case at all, and please do not continue to frame it this way. The process is there for a reason, and it is **not** for censorship. Here are some things you might be asked for before approval: - Do you have a good description? - Do you have a link to the plugin source? (required under GPL although you will get it anyway when you pull the plugin in QGIS) - Do you fit into GPL - e.g you can't upload a plugin that uses a closed source component** - Yes you may be asked to review a licence files for included packages if you bundle them - If you plugin is a fork of another plugin would you considering merging with original. This is to reduce the number of plugins that do the same thing. - etc etc This might feel like censorship to some however I can 100% assure you again, this is never the intent nor reason. This is simply a review process, or attempt at one to possibly flag issues up front. A lot of us already deal at this level when working on core code. QGIS has a increasing user base every year, this comes with some risks and processes that need to be in place. QGIS isn't simply a small project used by a few people with no one caring about user experience or pain. Processes we put in place will not always be liked by everyone, but you should never assume there is evil intent behind it because there never is. This is what I think should be done, not to be left to the stone age. : That is all fine however we all are generally pretty busy with other development or day jobs. A lot of things you would like to see simply can not be wished into existence. - Nathan
_______________________________________________ Qgis-developer mailing list Qgis-developer@lists.osgeo.org List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer