On Thu, Jan 25, 2018 at 2:13 AM, Daniel Silk <[email protected]> wrote:
> Hi all > > I am currently involved in rolling QGIS 2.18 out in a corporate > environment. The security risk of a user installing a malicious plugin from > the Official Plugin Repository has come up. > > While we can ensure our corporate plugin repository is immediately visible > to all corporate users via a startup.py script, it appears that we: > - cannot remove the Official Plugin Repository from the repository list > (due to https://github.com/qgis/QGIS/blob/release-2_18/python/pyplug > in_installer/installer_data.py#L316-L326) > - cannot disable the Official Plugin Repository via Python API (and the > user would just be able to enable via the Plugin Manager interface anyway) > - cannot set the Plugin Manager interface to only show trusted plugins > - cannot set the url parameters to include trusted=true as the url params > are hardcoded: https://github.com/qgis/QGIS/b > lob/release-2_18/python/pyplugin_installer/installer_data.py#L228 > > So is there any other way to remove the Official Plugin Repository or > limit the plugins that we allow users to view and install? > Not for QGIS 2.x sorry, QGIS 3 QgsSettings global settings allow to customize installations for deployment on organizations but it was introduced in QGIS 3 only. -- Alessandro Pasotti w3: www.itopen.it
_______________________________________________ QGIS-Developer mailing list [email protected] List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
