Re: [QGIS-Developer] Fwd: Question about a plugin. POC attached.

2023-04-15 Thread Giordano Cetti via QGIS-Developer 
Dear Tim,

It seems that 99% of developers were asking themselves the same question
and hesitated to examine the code.

Regardless, I think it's already good to have shared this small proof of
concept with the community, demonstrating an integration between Django and
QGIS, especially considering that it has been implemented with a rather
robust certificate verification mechanism.

So, rest assured, my question does not hide an intention contrary to GPL
policy, but I remain curious to understand the boundary between a process
considered external and a process considered internal to QGIS, and
therefore subject to the same GPL license. If I ever present a project to a
client, I would like to be able to tell them that I applied a defense
mechanism (albeit simple, such as compilation) to prevent the leakage of
endpoints called by the REST APIs.

However, I think I have answered myself: after researching the issue
online, I found that calling QGSTask in a function is considered an
internal process to QGIS and thus subject to GPL. The subsequent question
that emerged and that I still cannot answer is: would it be acceptable if
only the run() function or a subsequent function were compiled, just enough
to close the REST parameters? There probably isn't a definitive answer;
could that portion of code be considered an extension of pycurl+certifi?
Maybe yes, maybe no. It matters little, I guess.

Thank you for the time you spent writing this request for clarification.

Best regards,


Giordano Cetti

CTO @ByCloudSRL

pec: bycl...@pec.it
giordano.ce...@bycloud.eu
https://bycloud.eu



Il giorno sab 15 apr 2023 alle 22:39 Tim Sutton  ha
scritto:

> Hi
>
> I havent looked at your code, but perhaps you could add to your original
> message an explanation of why you don't just distribute it as a py /
> uncompiled python source file?
>
> Regards
>
> Tim
>
> On Tue, Apr 11, 2023 at 6:48 PM Giordano Cetti via QGIS-Developer <
> qgis-developer@lists.osgeo.org> wrote:
>
>> Greetings to QGIS developers,
>>
>> I would greatly appreciate it if someone could check if the attached
>> plugin complies with the licenses compared to the imported modules.
>>
>> In this specific attached plugin, all the source code is open, but the
>> question is: what if it comes with the following file:
>> *'djangorest/include/djangorest_compiled.py'* really compiled as a .pyd
>> file? Would it violate the GPL license terms or is it just enough to be
>> considered as an acceptable external process?
>>
>> The .pyd will just import QgsTask from qgis.core and use a session_path
>> received as a text created by the open source part of the plugin
>> using QgsProcessingUtils.
>>
>> The attached one is a very simple plugin made for this demonstration, you
>> can click on the button, just type google.it, and it will download the
>> 404 page found ( because it appends some string that google doesn't serve
>> as content ). For user and password fields: just type anything, they are
>> not used in the POC but there's still a check active on fields population.
>> The only action the plugin will do is just a single pycurl GET request to
>> the address specified.
>>
>> Any advice will be appreciated.
>> Thanks
>>
>> *ATTACHMENT BLOCKED BY GOOGLE SCAN BECAUSE IT INCLUDES PYCURL AND CERTIFI
>> LIBRARY SO I SHARE USING GOOGLE DRIVE LINK. I TESTED IT ONLY ON QGIS 3.10*
>>
>> *https://drive.google.com/file/d/1qS7h3LaZ6BlBAW3AItEjM5swpDocHbue/view?usp=sharing
>> *
>>
>> ___
>> QGIS-Developer mailing list
>> QGIS-Developer@lists.osgeo.org
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>
>
> --
>
> --
> ​
>
> Tim Sutton
> Kartoza Co-Founder
> Visit http://kartoza.com to find out about open source:
>  * Desktop GIS programming services
>  * Geospatial web development
> * GIS Training
> * Consulting Services
> Tim is a member of the QGIS Project Steering Committee
>
> ---
>
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] Fwd: Question about a plugin. POC attached.

2023-04-15 Thread Tim Sutton via QGIS-Developer 
Hi

I havent looked at your code, but perhaps you could add to your original
message an explanation of why you don't just distribute it as a py /
uncompiled python source file?

Regards

Tim

On Tue, Apr 11, 2023 at 6:48 PM Giordano Cetti via QGIS-Developer <
qgis-developer@lists.osgeo.org> wrote:

> Greetings to QGIS developers,
>
> I would greatly appreciate it if someone could check if the attached
> plugin complies with the licenses compared to the imported modules.
>
> In this specific attached plugin, all the source code is open, but the
> question is: what if it comes with the following file:
> *'djangorest/include/djangorest_compiled.py'* really compiled as a .pyd
> file? Would it violate the GPL license terms or is it just enough to be
> considered as an acceptable external process?
>
> The .pyd will just import QgsTask from qgis.core and use a session_path
> received as a text created by the open source part of the plugin
> using QgsProcessingUtils.
>
> The attached one is a very simple plugin made for this demonstration, you
> can click on the button, just type google.it, and it will download the
> 404 page found ( because it appends some string that google doesn't serve
> as content ). For user and password fields: just type anything, they are
> not used in the POC but there's still a check active on fields population.
> The only action the plugin will do is just a single pycurl GET request to
> the address specified.
>
> Any advice will be appreciated.
> Thanks
>
> *ATTACHMENT BLOCKED BY GOOGLE SCAN BECAUSE IT INCLUDES PYCURL AND CERTIFI
> LIBRARY SO I SHARE USING GOOGLE DRIVE LINK. I TESTED IT ONLY ON QGIS 3.10*
>
> *https://drive.google.com/file/d/1qS7h3LaZ6BlBAW3AItEjM5swpDocHbue/view?usp=sharing
> *
>
> ___
> QGIS-Developer mailing list
> QGIS-Developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>


-- 
--
​

Tim Sutton
Kartoza Co-Founder
Visit http://kartoza.com to find out about open source:
 * Desktop GIS programming services
 * Geospatial web development
* GIS Training
* Consulting Services
Tim is a member of the QGIS Project Steering Committee
---
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

[QGIS-Developer] Fwd: Question about a plugin. POC attached.

2023-04-11 Thread Giordano Cetti via QGIS-Developer 
Greetings to QGIS developers,

I would greatly appreciate it if someone could check if the attached plugin
complies with the licenses compared to the imported modules.

In this specific attached plugin, all the source code is open, but the
question is: what if it comes with the following file:
*'djangorest/include/djangorest_compiled.py'* really compiled as a .pyd
file? Would it violate the GPL license terms or is it just enough to be
considered as an acceptable external process?

The .pyd will just import QgsTask from qgis.core and use a session_path
received as a text created by the open source part of the plugin
using QgsProcessingUtils.

The attached one is a very simple plugin made for this demonstration, you
can click on the button, just type google.it, and it will download the 404
page found ( because it appends some string that google doesn't serve as
content ). For user and password fields: just type anything, they are not
used in the POC but there's still a check active on fields population.
The only action the plugin will do is just a single pycurl GET request to
the address specified.

Any advice will be appreciated.
Thanks

*ATTACHMENT BLOCKED BY GOOGLE SCAN BECAUSE IT INCLUDES PYCURL AND CERTIFI
LIBRARY SO I SHARE USING GOOGLE DRIVE LINK. I TESTED IT ONLY ON QGIS 3.10*

*https://drive.google.com/file/d/1qS7h3LaZ6BlBAW3AItEjM5swpDocHbue/view?usp=sharing
*
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer