I understand, Luigi. Will the plug-in be authorized while I create this process? Or do I need to create it before the plugin goes back online?
Cheers, Pedro On Mon, Dec 19, 2016 at 6:25 PM, Luigi Pirelli <[email protected]> wrote: > Hi Pedro, > > Nothing personal, your case is a common case due the fact to many > cases where to integrate external executables or shared objects. > > we can have a way to certificate this binary (e.g. signing process but > could become harder develop plugins, checksums). In the meantime, I > strongly suggest to a have a two phase plugin. A first phase that > prepare running environment downloading so or dll from someware with > the user consensous, and then the running phase. > > in this way you can facilitate users to access plugin thanks to qgis > repo, and turn around plugin limitations that community gave for user > security. > > regards > Luigi Pirelli > > ************************************************************ > ************************************** > * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com > * LinkedIn: https://www.linkedin.com/in/luigipirelli > * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli > * GitHub: https://github.com/luipir > * Mastering QGIS 2nd Edition: > * https://www.packtpub.com/big-data-and-business- > intelligence/mastering-qgis-second-edition > ************************************************************ > ************************************** > > > On 19 December 2016 at 08:25, Pedro Camargo <[email protected]> > wrote: > > Hi Luigi and Paolo, > > > > I corrected the problems you pointed out with AequilibraE and > > re-uploaded it. > > > > Luigi's concern with malicious code is a very valid one, and I would > > actually appreciate to have a manner to have it checked. However, I would > > appreciate if we could find a solution that does not prevent us from > having > > plugins that are compiled. > > > > As Luigi pointed out, the code is written in Cython to increase > performance > > of the software, but it is still 5.5x slower than the proprietary > software > > that I used as a benchmark. In a nutshell, if it cannot be compiled, it > will > > never fly. So I would ask you guys to be considerate of this point. > > > > My concerns might not even be valid, and I do apologize if that is the > case. > > I just must admit that, as an amateur software developer, I miss some of > the > > jargon used here when talking about more technical issues on software > > development. > > > > Cheers, > > Pedro > > > > On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli <[email protected]> wrote: > >> > >> Hi List > >> > >> The Binary problem (?): > >> In this recently added plugin I can find cython modules precompiled in > >> forms odf pyd, or so. (and relative cython code) > >> Following the presentation in: https://www.youtube.com/watch? > v=zz3jbM_JBTo > >> I understand that the reason is performance, but how to prevent > >> loading malicious shared objects? > >> > >> * probably we should start to plan a safe infrastructure to allow > >> uploading plugin with compiled modules... any idea other than a simple > >> checksum? > >> > >> The license problem (?): > >> other question is regarding the cython algorithm. I can read in > >> > >> https://github.com/AequilibraE/AequilibraE/blob/ > master/aequilibrae/paths/AoN.pyx#L23 > >> "Codes for route ennumeration, DAG construction and Link nesting were > >> written by Pedro Camargo (2013) and have all their rights reserved to > >> the author" > >> > >> Obviously the author has right reserved, an in the same code the > >> author refer to the LICENSE.txt that is a standard GPL license: > >> here: > >> https://github.com/AequilibraE/AequilibraE/blob/ > master/aequilibrae/paths/AoN.pyx#L18 > >> and here: > >> https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT > >> > >> how should we have to read the "right reserved" sencence by the author? > >> > >> regards > >> Luigi Pirelli > >> > >> > >> ************************************************************ > ************************************** > >> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com > >> * LinkedIn: https://www.linkedin.com/in/luigipirelli > >> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli > >> * GitHub: https://github.com/luipir > >> * Mastering QGIS 2nd Edition: > >> * > >> https://www.packtpub.com/big-data-and-business- > intelligence/mastering-qgis-second-edition > >> > >> ************************************************************ > ************************************** > >> > >> > >> On 18 December 2016 at 14:28, <[email protected]> wrote: > >> > > >> > Plugin AequilibraE approval by pcav. > >> > The plugin version "[1102] AequilibraE 0.3.3" is now approved > >> > Link: http://plugins.qgis.org/plugins/AequilibraE/ > >> > _______________________________________________ > >> > Qgis-developer mailing list > >> > [email protected] > >> > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer > >> > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer > > > > >
_______________________________________________ Qgis-developer mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
