Hi Roberto On Sun, Oct 16, 2016 at 7:26 PM, Geo DrinX <geodr...@gmail.com> wrote: > > But in the case of a gis, open or not, the maximum damage that a plugin can > do is produce the prints off the press sheet.
This is not really true. A plugin can do anything that OS allows the logged in user to do. So we are talking about executing arbitrary shell commands, doing arbitrary communication at its will (sending spam maybe - or just sending some private documents from home folder), or even use some known exploits to gain admin rights (especially on windows) and install some malware for spying or ransomware... The fact that plugins go through some review process is making QGIS plugins a less attractive platform for spreading some bad code. > Rather, I would see the most important working upstream python environment, > and the plugin to work in a sand-safe box. Sandboxing python environment in a way where it would be safe to run any code is very difficult task - and it would negatively impact all plugins by greatly limiting what they actually can do. I do not think we have enough resources and skills to undertake such implementation challenge. Regards Martin _______________________________________________ Qgis-developer mailing list Qgisemail@example.com List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer