From: Borys Jurgiel [mailto:li...@borysjurgiel.pl]
Sent: Friday, 26 January 2018 9:19 p.m.
To: qgis-developer@lists.osgeo.org
Cc: Daniel Silk; Luigi Pirelli
Subject: Re: [QGIS-Developer] Mitigating security risks of the Official Plugin
Repository
> Last time when I submitted such PR (#5
Dnia czwartek, 25 stycznia 2018 23:37:12 CET Daniel Silk pisze:
> in my startup script then the official repository is successfully
> replaced by our internal repository. Great!
IIRC this stubborn overwriting your URL by the plugin installer was added in
QGIS 1.8, when we changed the official
From: Luigi Pirelli [lui...@gmail.com]
Sent: Friday, January 26, 2018 12:24 PM
To: Daniel Silk
Cc: qgis-developer@lists.osgeo.org
Subject: Re: [QGIS-Developer] Mitigating security risks of the Official Plugin
Repository
> btw, di d you try to override with a custom function with fil
7, Daniel Silk <ds...@linz.govt.nz> wrote:
>> From: Luigi Pirelli [lui...@gmail.com]
>> Sent: Thursday, January 25, 2018 10:38 PM
>> To: Daniel Silk
>> Cc: qgis-developer@lists.osgeo.org
>> Subject: Re: [QGIS-Developer] Mitigating security risks of the Official
>>
Cc: qgis-developer@lists.osgeo.org
> Subject: Re: [QGIS-Developer] Mitigating security risks of the Official
> Plugin Repository
>
>> as you can see reading the code in
>> https://github.com/qgis/QGIS/blob/release-2_18/python/pyplugin_installer/installer_data.py#L316-L326
>>
From: Luigi Pirelli [lui...@gmail.com]
Sent: Thursday, January 25, 2018 10:38 PM
To: Daniel Silk
Cc: qgis-developer@lists.osgeo.org
Subject: Re: [QGIS-Developer] Mitigating security risks of the Official Plugin
Repository
> as you can see reading the code in
> https://github.com/qgis/QGI
On Thu, Jan 25, 2018 at 2:13 AM, Daniel Silk wrote:
> Hi all
>
> I am currently involved in rolling QGIS 2.18 out in a corporate
> environment. The security risk of a user installing a malicious plugin from
> the Official Plugin Repository has come up.
>
> While we can ensure
Hi Daniel
as you can see reading the code in
https://github.com/qgis/QGIS/blob/release-2_18/python/pyplugin_installer/installer_data.py#L316-L326
repos are get from Settings (that you can install a custom one via
custom post install scripts) and repos are compared with officialRepo
array that is
Hi all
I am currently involved in rolling QGIS 2.18 out in a corporate environment.
The security risk of a user installing a malicious plugin from the Official
Plugin Repository has come up.
While we can ensure our corporate plugin repository is immediately visible to
all corporate users via