In this case the problem is security code is available and compiled for most used platforms... but hard to certify the content of the so/dll.
any opinion? Luigi Pirelli ************************************************************************************************** * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com * LinkedIn: https://www.linkedin.com/in/luigipirelli * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli * GitHub: https://github.com/luipir * Mastering QGIS 2nd Edition: * https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition ************************************************************************************************** On 19 December 2016 at 09:40, Matthias Kuhn <[email protected]> wrote: > Hi all > > What's the main goal? Code availability? Security? Platform independency? > Just curious. > > All the best > Matthias > > On December 19, 2016 9:25:29 AM GMT+01:00, Luigi Pirelli <[email protected]> > wrote: >> >> Hi Pedro, >> >> Nothing personal, your case is a common case due the fact to many >> cases where to integrate external executables or shared objects. >> >> we can have a way to certificate this binary (e.g. signing process but >> could become harder develop plugins, checksums). In the meantime, I >> strongly suggest to a have a two phase plugin. A first phase that >> prepare running environment downloading so or dll from someware with >> the user consensous, and then the running phase. >> >> in this way you can facilitate users to access plugin thanks to qgis >> repo, and turn around plugin limitations that community gave for user >> security. >> >> regards >> Luigi Pirelli >> >> >> ************************************************************************************************** >> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com >> * LinkedIn: https://www.linkedin.com/in/luigipirelli >> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli >> * GitHub: https://github.com/luipir >> * Mastering QGIS 2nd Edition: >> * >> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition >> >> ************************************************************************************************** >> >> >> On 19 December 2016 at 08:25, Pedro Camargo <[email protected]> >> wrote: >>> >>> Hi Luigi and Paolo, >>> >>> I corrected the problems you pointed out with AequilibraE and >>> >>> re-uploaded it. >>> >>> Luigi's concern with malicious code is a very valid one, and I would >>> actually appreciate to have a manner to have it checked. However, I >>> would >>> appreciate if we could find a solution that does not prevent us from >>> having >>> plugins that are compiled. >>> >>> As Luigi pointed out, the code is written in Cython to increase >>> performance >>> of the software, but it is still 5.5x slower than the proprietary >>> software >>> that I used as a benchmark. In a nutshell, if it cannot be compiled, it >>> will >>> never fly. So I would ask you guys to be considerate of this point. >>> >>> My concerns might not even be valid, and I do apologize if that is the >>> case. >>> I just must admit that, as an amateur software developer, I miss some of >>> the >>> jargon used here when talking about more technical issues on software >>> development. >>> >>> Cheers, >>> Pedro >>> >>> On Mon, Dec 19, 2016 at 7:18 AM, Luigi Pirelli >>> <[email protected]> wrote: >>>> >>>> >>>> Hi List >>>> >>>> The Binary problem (?): >>>> In this recently added plugin I can find cython modules precompiled in >>>> forms odf pyd, or so. (and relative cython code) >>>> Following the presentation in: >>>> https://www.youtube.com/watch?v=zz3jbM_JBTo >>>> I understand that the reason is performance, but how to prevent >>>> loading malicious shared objects? >>>> >>>> * probably we should start to plan a safe infrastructure to allow >>>> uploading plugin with compiled modules... any idea other than a simple >>>> checksum? >>>> >>>> The license problem (?): >>>> other question is regarding the cython algorithm. I can read in >>>> >>>> >>>> https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L23 >>>> "Codes for route ennumeration, DAG construction and Link nesting were >>>> written by Pedro Camargo (2013) and have all their rights reserved to >>>> the author" >>>> >>>> Obviously the author has right reserved, an in the same code the >>>> author refer to the LICENSE.txt that is a standard GPL license: >>>> here: >>>> >>>> https://github.com/AequilibraE/AequilibraE/blob/master/aequilibrae/paths/AoN.pyx#L18 >>>> and here: >>>> https://github.com/AequilibraE/AequilibraE/blob/master/LICENSE.TXT >>>> >>>> how should we have to read the "right reserved" sencence by the author? >>>> >>>> regards >>>> Luigi Pirelli >>>> >>>> >>>> >>>> ************************************************************************************************** >>>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com >>>> * LinkedIn: https://www.linkedin.com/in/luigipirelli >>>> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli >>>> * GitHub: https://github.com/luipir >>>> * Mastering QGIS 2nd Edition: >>>> * >>>> >>>> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition >>>> >>>> >>>> ************************************************************************************************** >>>> >>>> >>>> On 18 December 2016 at 14:28, <[email protected]> wrote: >>>>> >>>>> >>>>> Plugin AequilibraE approval by pcav. >>>>> The plugin version "[1102] AequilibraE 0.3.3" is now approved >>>>> Link: http://plugins.qgis.org/plugins/AequilibraE/ >>>>> ________________________________ >>>>> >>>>> Qgis-developer mailing list >>>>> [email protected] >>>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> >> >> ________________________________ >> >> Qgis-developer mailing list >> [email protected] >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ Qgis-developer mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
