subject:"\[Qgis\-developer\] About my plugins ..."

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Nathan Woodrow

No pony for you Matthias ;)

On Mon, Oct 17, 2016 at 9:45 PM, Matthias Kuhn  wrote:

> Hi
>
> On 10/17/2016 12:20 PM, Geo DrinX wrote:
> > Ok, I will try to be more clear (compatibly with my bad English).
> >
> > Look at this:  https://goo.gl/WR8LVF
> >
> > In this project, since now, they (public administration) are using
> > QGIS.   But, they have today BIG PROBLEMS with crashes.
>
> There's a big team constantly working on making QGIS better and crash less.
>
> Part of the effort comes from sponsoring the QGIS project, part from
> sponsoring individual devs to fix on specific issues, part from
> individuals getting time from their employer to work on issues and part
> from volunteers spending their free time to improve QGIS.
>
> I would recommend you sit down with these people, define the problems,
> write specifications and work out how the individual items can be
> addressed. If you want, there's a whole bunch of companies who will be
> happy to support you [1]
>
> >
> > In the next version of the system, the NEED to have a secure program
> > (and possibly open source).
> >
> > QGIS now is NOT secure. I explained enough  ?
> > Now you understand what's at stake?
>
> It reminds me of a poster I have:
>
> http://imgc.allpostersimages.com/images/P-488-488-90/19/
> 1924/4VO9D00Z/posters/so-where-s-my-fucking-pony.jpg
>
> >
> >
> > I hope so.Now somebody wants to see with me how to make sure QGIS
> > decently ?
>
> We all do. And we are happy for everyone who joins the effort :-)
>
> Thank you
> Matthias
>
> [1] http://qgis.org/en/site/forusers/commercial_support.html
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Matthias Kuhn

Hi

On 10/17/2016 12:20 PM, Geo DrinX wrote:
> Ok, I will try to be more clear (compatibly with my bad English).
> 
> Look at this:  https://goo.gl/WR8LVF
> 
> In this project, since now, they (public administration) are using
> QGIS.   But, they have today BIG PROBLEMS with crashes.

There's a big team constantly working on making QGIS better and crash less.

Part of the effort comes from sponsoring the QGIS project, part from
sponsoring individual devs to fix on specific issues, part from
individuals getting time from their employer to work on issues and part
from volunteers spending their free time to improve QGIS.

I would recommend you sit down with these people, define the problems,
write specifications and work out how the individual items can be
addressed. If you want, there's a whole bunch of companies who will be
happy to support you [1]

> 
> In the next version of the system, the NEED to have a secure program
> (and possibly open source).
> 
> QGIS now is NOT secure. I explained enough  ?   
> Now you understand what's at stake?

It reminds me of a poster I have:

http://imgc.allpostersimages.com/images/P-488-488-90/19/1924/4VO9D00Z/posters/so-where-s-my-fucking-pony.jpg

> 
> 
> I hope so.Now somebody wants to see with me how to make sure QGIS
> decently ?

We all do. And we are happy for everyone who joins the effort :-)

Thank you
Matthias

[1] http://qgis.org/en/site/forusers/commercial_support.html
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Sandro Santilli

On Mon, Oct 17, 2016 at 12:20:15PM +0200, Geo DrinX wrote:
> Ok, I will try to be more clear (compatibly with my bad English).

[...]

> QGIS now is NOT secure. I explained enough  ?

Are you saying that since QGIS is not secure nobody should bother
checking contributed plugins for being non-malicious and provide
non-duplicated features ?

--strk;
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Nyall Dawson

On 17 October 2016 at 20:20, Geo DrinX  wrote:
> Ok, I will try to be more clear (compatibly with my bad English).
>
> Look at this:  https://goo.gl/WR8LVF
>
> In this project, since now, they (public administration) are using QGIS.
> But, they have today BIG PROBLEMS with crashes.
>
> In the next version of the system, the NEED to have a secure program (and
> possibly open source).
>
> QGIS now is NOT secure. I explained enough  ?
> Now you understand what's at stake?


I'll just throw this up here for reference:

https://groups.google.com/d/msg/mapinfo-l/ugLeZ9zgyJg/7Bu5-NFozxMJ

That's not even loading python code, just loading a TAB data file into
the program! ;)


Nyall



>
>
> I hope so.Now somebody wants to see with me how to make sure QGIS
> decently ?
>
> Thank you
>
> Geo
>
> 2016-10-17 11:56 GMT+02:00 Matthias Kuhn :
>>
>> Hi all,
>>
>> I like the *idea* of sandboxing.
>>
>> And we all know and agree it's a complex topic. Hard to impossible to
>> get right (let's admit also that security is always something gray and
>> not black and white - unless the network plug is removed and the room
>> isolated with tin foil). This on the other hand doesn't mean that there
>> are some approaches which are just wrong by design.
>>
>> There is also the question about the level on which sandboxing should
>> happen. E.g. distributing the app with flatpak and relying on its portal
>> mechanism [1] might at one point in the future be a way to get sandboxing.
>>
>> One can also run the app inside some other virtualized environment or
>> even separate physical machine already now for isolation.
>>
>> Maybe Pypy is a way to get there as well from the python side. I don't
>> know. But Nathan is absolutely right that the API offered by Qt builds a
>> big attack surface for which someone has to first bring up a sensible
>> idea for how to lock attackers down without restricting possibilities
>> offered for plugins. Or how to safely decide if running code from
>> external shared libs like the processing lwgeom provider does [2] is
>> something safe to do or not.
>>
>> If someone seriously wants to follow this route:
>>
>> Be prepared to work with specialists in this area and do serious
>> research about possibilities and feasibility first.
>>
>> Be prepared to maintain a separate distribution of QGIS with restricted
>> python access and reduced plugin functionality.
>>
>> Be prepared to get a very big sponsor to back the effort.
>>
>> Matthias
>>
>> [1] https://github.com/flatpak/flatpak/wiki/Portals
>> [2] https://plugins.qgis.org/plugins/processinglwgeomprovider/
>> ___
>> Qgis-developer mailing list
>> Qgis-developer@lists.osgeo.org
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Geo DrinX

Ok, I will try to be more clear (compatibly with my bad English).

Look at this:  https://goo.gl/WR8LVF

In this project, since now, they (public administration) are using QGIS.
But, they have today BIG PROBLEMS with crashes.

In the next version of the system, the NEED to have a secure program (and
possibly open source).

QGIS now is NOT secure. I explained enough  ?
Now you understand what's at stake?


I hope so.Now somebody wants to see with me how to make sure QGIS decently
?

Thank you

Geo

2016-10-17 11:56 GMT+02:00 Matthias Kuhn :

> Hi all,
>
> I like the *idea* of sandboxing.
>
> And we all know and agree it's a complex topic. Hard to impossible to
> get right (let's admit also that security is always something gray and
> not black and white - unless the network plug is removed and the room
> isolated with tin foil). This on the other hand doesn't mean that there
> are some approaches which are just wrong by design.
>
> There is also the question about the level on which sandboxing should
> happen. E.g. distributing the app with flatpak and relying on its portal
> mechanism [1] might at one point in the future be a way to get sandboxing.
>
> One can also run the app inside some other virtualized environment or
> even separate physical machine already now for isolation.
>
> Maybe Pypy is a way to get there as well from the python side. I don't
> know. But Nathan is absolutely right that the API offered by Qt builds a
> big attack surface for which someone has to first bring up a sensible
> idea for how to lock attackers down without restricting possibilities
> offered for plugins. Or how to safely decide if running code from
> external shared libs like the processing lwgeom provider does [2] is
> something safe to do or not.
>
> If someone seriously wants to follow this route:
>
> Be prepared to work with specialists in this area and do serious
> research about possibilities and feasibility first.
>
> Be prepared to maintain a separate distribution of QGIS with restricted
> python access and reduced plugin functionality.
>
> Be prepared to get a very big sponsor to back the effort.
>
> Matthias
>
> [1] https://github.com/flatpak/flatpak/wiki/Portals
> [2] https://plugins.qgis.org/plugins/processinglwgeomprovider/
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Matthias Kuhn

Hi all,

I like the *idea* of sandboxing.

And we all know and agree it's a complex topic. Hard to impossible to
get right (let's admit also that security is always something gray and
not black and white - unless the network plug is removed and the room
isolated with tin foil). This on the other hand doesn't mean that there
are some approaches which are just wrong by design.

There is also the question about the level on which sandboxing should
happen. E.g. distributing the app with flatpak and relying on its portal
mechanism [1] might at one point in the future be a way to get sandboxing.

One can also run the app inside some other virtualized environment or
even separate physical machine already now for isolation.

Maybe Pypy is a way to get there as well from the python side. I don't
know. But Nathan is absolutely right that the API offered by Qt builds a
big attack surface for which someone has to first bring up a sensible
idea for how to lock attackers down without restricting possibilities
offered for plugins. Or how to safely decide if running code from
external shared libs like the processing lwgeom provider does [2] is
something safe to do or not.

If someone seriously wants to follow this route:

Be prepared to work with specialists in this area and do serious
research about possibilities and feasibility first.

Be prepared to maintain a separate distribution of QGIS with restricted
python access and reduced plugin functionality.

Be prepared to get a very big sponsor to back the effort.

Matthias

[1] https://github.com/flatpak/flatpak/wiki/Portals
[2] https://plugins.qgis.org/plugins/processinglwgeomprovider/
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Sandro Santilli

On Mon, Oct 17, 2016 at 07:39:23PM +1000, Nathan Woodrow wrote:
> Sandro,
> 
> Have a read of the links that Even posted.  They don't really side in
> favour with the idea of sandboxing Python, and that was just plain
> python not including PyQt4, etc,
> 
> https://lwn.net/Articles/574215/

Indeed also PostgreSQL dropped the "trusted" version of plpython
as of version 7.4 because of lack of sandboxing support upstream:
https://www.postgresql.org/docs/9.1/static/plpython.html
""
As of PostgreSQL 7.4, PL/Python is only available as an "untrusted"
language, meaning it does not offer any way of restricting what users
can do in it. It has therefore been renamed to plpythonu. The trusted
variant plpython might become available again in future, if a new
secure execution mechanism is developed in Python.
""

But I like to be supportive with whoever wants to change the world :)

--strk;
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Nathan Woodrow

Sandro,

Have a read of the links that Even posted.  They don't really side in
favour with the idea of sandboxing Python, and that was just plain
python not including PyQt4, etc,

https://lwn.net/Articles/574215/

- Nathan

On Mon, Oct 17, 2016 at 7:19 PM, Sandro Santilli  wrote:

> On Mon, Oct 17, 2016 at 11:02:57AM +0200, Geo DrinX wrote:
> > 2016-10-17 10:46 GMT+02:00 Sandro Santilli :
> >
> > > On Sun, Oct 16, 2016 at 01:26:11PM +0200, Geo DrinX wrote:
> > >
> > > > Rather, I would see the most important working upstream python
> > > environment,
> > > > and the plugin to work in a sand-safe box.
> > >
> > > This sounds like a great idea.
> > > Are you willing to work on a QEP for it ?
> >
> > I am just working on it, without any QEP.   What it means "QEP" ?;)
> > It remembers me the sound of a cartoon...
>
> I've always though RFC would have been better, but for some reason
> "QGIS Enhancement Proposal" won:
> https://github.com/qgis/QGIS-Enhancement-Proposals
>
> > But, if somebody wants to work serioulsly on this issue, it is sufficient
> > contact me.
>
> I think a public live specification document is more inclusive than
> a personal contact.
>
> --strk;
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Marco Bernasocchi



On 17.10.2016 16:02, Geo DrinX wrote:
> without any QEP.   What it means "QEP" ?

Qgis Enhancement Proposal

Funny, to suggest a closed discussion after such tiresome rally for
openness...

ciao


-- 
Marco Bernasocchi
OPENGIS.ch - berna.io - 27summits.ch



signature.asc
Description: OpenPGP digital signature
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Sandro Santilli

On Mon, Oct 17, 2016 at 11:02:57AM +0200, Geo DrinX wrote:
> 2016-10-17 10:46 GMT+02:00 Sandro Santilli :
> 
> > On Sun, Oct 16, 2016 at 01:26:11PM +0200, Geo DrinX wrote:
> >
> > > Rather, I would see the most important working upstream python
> > environment,
> > > and the plugin to work in a sand-safe box.
> >
> > This sounds like a great idea.
> > Are you willing to work on a QEP for it ?
> 
> I am just working on it, without any QEP.   What it means "QEP" ?;)
> It remembers me the sound of a cartoon...

I've always though RFC would have been better, but for some reason
"QGIS Enhancement Proposal" won:
https://github.com/qgis/QGIS-Enhancement-Proposals

> But, if somebody wants to work serioulsly on this issue, it is sufficient
> contact me.

I think a public live specification document is more inclusive than
a personal contact.

--strk;
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Geo DrinX

2016-10-17 10:46 GMT+02:00 Sandro Santilli :

> On Sun, Oct 16, 2016 at 01:26:11PM +0200, Geo DrinX wrote:
>
> > Rather, I would see the most important working upstream python
> environment,
> > and the plugin to work in a sand-safe box.
>
> This sounds like a great idea.
> Are you willing to work on a QEP for it ?
>

I am just working on it, without any QEP.   What it means "QEP" ?;)
It remembers me the sound of a cartoon...

But, if somebody wants to work serioulsly on this issue, it is sufficient
contact me.


Thank you

Geo



>
> --strk;
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Sandro Santilli

On Sun, Oct 16, 2016 at 01:26:11PM +0200, Geo DrinX wrote:

> Rather, I would see the most important working upstream python environment,
> and the plugin to work in a sand-safe box.

This sounds like a great idea.
Are you willing to work on a QEP for it ?

--strk;
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-17 Thread Sandro Santilli

On Sat, Oct 15, 2016 at 03:32:42PM +0200, Geo DrinX wrote:

> Who judges the job, maybe months, another programmer, who is giving to the
> community that has developed because of its usefulness ?
> Maybe Richard Stallman ?   By chance Gary Sherman  ?
> Probably would not do it even they.

Just my experience (since you mention Stallman): when I offered my SINS
videogame [1] to the GNU project, it was rejected because another similar
game existed already in the offering, so my project would have been
a duplicate.

SINS is still available, just not part of the GNU project.

It happens to me that QGIS desktop application also allows using
external repositories, so users can choose who to trust.

I won't comment about the rules for acceptance of plugins in the
"official" repo as I don't know them.

[1] http://strk.kbt.io/sins/

--strk;

___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-16 Thread DelazJ

Hi,

I'd like to add that it's during the discussions about the "trusted" plugin
system that I understood that there were some plugin authors that could
publish their own plugin without having it reviewed by someone (Paolo,
Ale)
The (only) two times I tried to publish a plugin (before the trusted
system), once uploaded, I had to wait for some days before someone finds
time to review and publish it in the repository. And this didn't bother me.
I understood  the situation. And I'm sure I'm not the only one in that
case. I even think it's the process for most of us. So not all plugins
authors could directly publish their plugins.

What was probably unfair is the rules (or should I say, the lack of rules)
against which some authors could easily publish their own plugins, without
review process. why not me, would I say! Now, with the new system, there's
a kind of rules that explain why one could do it himself and why another
one may wait for review. You could not agree with the rules, it's open to
discussion and ideas for improvements are welcome. But at least, there are
rules!

And by experience (even a small one), you wouldn't have to wait too lng
for your plugin being approved. Users are patient, why not devs? And
hopefully, having a period of reviewing will reduce some numerous releases
of the same plugin within a short period (more tests from the author before
upload).

Regards,
Harrissou


2016-10-16 18:12 GMT+02:00 Geo DrinX :

> Well.  You convinced me.
>
> I have a question. It is possible to deploy a QGIS plugin providing only 
> compiled
> files through an external repository, which is added to the repository
> list? It is absolutely not my case, but I know that someone is doing it.
> It is normal or license is violated ?
>
> Thank you for any info about this.
>
> Roberto
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-16 Thread G. Allegri

I'm not aware of QGIS plugins distributing only .pyc files. In any case I
can ask the plugin developer to provide the source code.
The same apply to QGIS itself: the binary distributions don't have the
source code bundled, but I can view and get it from the public repo.

giovanni

Il 16 ott 2016 20:25,  ha scritto:



Inviato da iPhone

Il giorno 16 ott 2016, alle ore 19:45, G. Allegri  ha
scritto:

QGIS plugins must me lisenced as GPL, because the depend on QGIS and GPL is
viral.
Anyway distributing only .pyc is not advisible, because they assume the
same interpreter and the same execution environment that compiled the .pyc
bytecode.

Daccordo è "sconsigliato", e so che funziona.  Ma, mi chiedo, non si sta
tentando di aggirare la licenza ?
Cioè, mettiamo che non sia possibile ottenere i sorgenti in chiaro, per
qualche ragione (oscurati, per esempio).
Il fatto di non poter leggere i sorgenti in chiaro, come ci assicura che
non contengano codice malevolo ?
Non sarebbe meglio vietare questa pratica ?

Che dici ?

Translation:
Agree is "advisable", and I know it works. But, I ask, you are not trying
to circumvent the license?
That is, let's say you can not get the clear springs, for some reason
(obscured, for example).
The fact that they can not read in light sources, assures us that do not
contain malicious code?
Would not it be better to prohibit this practice?

What do you say ?

Thank you

Roberto

giovanni

Il 16 ott 2016 18:12, "Geo DrinX"  ha scritto:

> Well.  You convinced me.
>
> I have a question. It is possible to deploy a QGIS plugin providing only 
> compiled
> files through an external repository, which is added to the repository
> list? It is absolutely not my case, but I know that someone is doing it.
> It is normal or license is violated ?
>
> Thank you for any info about this.
>
> Roberto
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-16 Thread geodrinx



Inviato da iPhone

> Il giorno 16 ott 2016, alle ore 19:45, G. Allegri  ha 
> scritto:
> 
> QGIS plugins must me lisenced as GPL, because the depend on QGIS and GPL is 
> viral.
> Anyway distributing only .pyc is not advisible, because they assume the same 
> interpreter and the same execution environment that compiled the .pyc 
> bytecode.
> 
Daccordo è "sconsigliato", e so che funziona.  Ma, mi chiedo, non si sta 
tentando di aggirare la licenza ?
Cioè, mettiamo che non sia possibile ottenere i sorgenti in chiaro, per qualche 
ragione (oscurati, per esempio). 
Il fatto di non poter leggere i sorgenti in chiaro, come ci assicura che non 
contengano codice malevolo ?
Non sarebbe meglio vietare questa pratica ?

Che dici ?

Translation:
Agree is "advisable", and I know it works. But, I ask, you are not trying to 
circumvent the license?
That is, let's say you can not get the clear springs, for some reason 
(obscured, for example).
The fact that they can not read in light sources, assures us that do not 
contain malicious code?
Would not it be better to prohibit this practice?

What do you say ?

Thank you

Roberto

> giovanni
> 
> 
> Il 16 ott 2016 18:12, "Geo DrinX"  ha scritto:
>> Well.  You convinced me.  
>> 
>> I have a question. It is possible to deploy a QGIS plugin providing only 
>> compiled files through an external repository, which is added to the 
>> repository list? It is absolutely not my case, but I know that someone is 
>> doing it.
>> It is normal or license is violated ?
>> 
>> Thank you for any info about this.
>> 
>> Roberto
>> 
>> ___
>> Qgis-developer mailing list
>> Qgis-developer@lists.osgeo.org
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-16 Thread G. Allegri

QGIS plugins must me lisenced as GPL, because the depend on QGIS and GPL is
viral.
Anyway distributing only .pyc is not advisible, because they assume the
same interpreter and the same execution environment that compiled the .pyc
bytecode.

giovanni

Il 16 ott 2016 18:12, "Geo DrinX"  ha scritto:

> Well.  You convinced me.
>
> I have a question. It is possible to deploy a QGIS plugin providing only 
> compiled
> files through an external repository, which is added to the repository
> list? It is absolutely not my case, but I know that someone is doing it.
> It is normal or license is violated ?
>
> Thank you for any info about this.
>
> Roberto
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-16 Thread Even Rouault

Le dimanche 16 octobre 2016 15:00:21, Tim Sutton a écrit :
> Hi
> 
> In addition to Martin and Nathan's great replies I can add:
> > On 16 Oct 2016, at 6:26 PM, Geo DrinX  wrote:
> > 
> > 
> > [Set up] an automatic procedure (antivirus, automatic control sources to
> > figure out harmful instructions, etc.) that warns the existence of
> > problems.
> 
> This was the first option we looked in to. Do you know of some good tools
> for detecting malicious code in python? It is a hard problem to solve and
> simple things like preventing shell calls are not productive or effective.

I wondered about the same recently for GDAL since I've introduced the 
possibility to write pixel functions in Python in a VRT file ( 
http://gdal.org/gdal_vrttut.html#gdal_vrttut_derived_python ) and wanted to 
have a way to know if they were safe enough or not to be executed by default. 
Sean Gillies pointed to me the following :
"""I found http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
to be a good intro to the risks of eval'ing untrusted Python code.
Mentioned in there is a notable attempt to make a secure subset of Python
called "pysandbox", but its developer has since declared it "broken by
design": https://lwn.net/Articles/574215/."";
So the conclusion is that sandboxing Python is not believed to be possible, at 
least with the traditionnal CPython interpreter. It appears that PyPy has some 
sandboxing mechanism ( http://doc.pypy.org/en/latest/sandbox.html ) although 
that would probably very tricky to use in the QGIS context (not to mention the 
changes required to use PyPy!). You cannot even trust calls to the native C++ 
QGIS API to be safe in themselves. I'm pretty sure they could be abused to do 
evil things.

> In the end we decided to take a social approach to peer review (which is a
> completely different thing to censorship). By the way I am not averse to
> some limited censorship of plugins if they go against our code of conduct
> [1] and diversity statement [2] for example, I would support banning them.
> I think any reasonable community would expect that of us
> 
> [1]
> https://www.qgis.org/en/site/getinvolved/governance/codeofconduct/codeofco
> nduct.html [2]
> https://www.qgis.org/en/site/getinvolved/governance/codeofconduct/diversit
> ystatement.html
> 
> 
> A case in point might be a plugin aimed at belittling a particular ethnic
> group or gender identification or which otherwise promotes intolerance.
> Thankfully such a situation has never arisen. Our friendly non-combative
> community is something that makes the QGIS community a joy to participate
> in. Lets try to keep that in mind whilst having this discussion too and
> focus on practical, achievable solutions if you have concern

Another thing to remember is the recent attempts at spamming OSGeo Trac 
instances. Opening the plugin catalog without control would lead to all sort 
of abuses.

-- 
Spatialys - Geospatial professional services
http://www.spatialys.com
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-16 Thread Geo DrinX

>
> I don't want to reduce the problem to a personal one, but I think that an
> author, that is a programmer that reaches 171128 downloads, could be
> considered trusted.
>
>
> Roberto you are well known in the community and I think we know and trust
> you by now :-)
>


This means I have my plugins auto-approvated ?   Tell me.



>
> We also want to promote a plugin repository that contains code that won't
> remove all files from a user's hard drive or worse
>

I think this is a crime, and it is punishable by law, so there would
be a problem
only for a simple plugin, but for any program, open source, free, and other.

So, unless we do not want to question again the world of programming, this
is a false problem, I thought was passed in open source minds.

I developed iPhone app, and one that I deeply loathed is the approval
mechanism of the app through the Apple Store. But in that case it was
justified (and history has shown this) because iPhone and smartphones in
general are becoming a kind of credit card, with all the necessary safety
precautions necessary.

But in the case of a gis, open or not, the maximum damage that a plugin can do
is produce the prints off the press sheet.
Rather, I would see the most important working upstream python environment,
and the plugin to work in a sand-safe box.

The plugin approval phase  is now only a sort of prior censorship, given
into the hand of a dark presenteeism that moves according to his personal
sympathies, with its time and its summary judgments.


That aside, let's describe what I think should happen:

1) In the upload page of the plugin should be included a clear warning that
explains what the rules (possibly in several languages).

2) Only after you have answered affirmatively to the request for acceptance
of the rules, and having filled a registry programmer, which assumes
its responsibilities
clear (thus taking away from the main program) the programmer can send the
plugin.

3) On dobrebbe servers exist an automatic procedure (antivirus, automatic
control sources to figure out harmful instructions, etc.) that warns the
existence of problems.

4) The plugin is immediately available to users, who can report in case of
malfunctions.

5) The GIS program has a python version controlled, which prevents damage to
the operating system and more.


This is what I think should be done, not to be left to the stone age.   :)


Best regards

Roberto
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-15 Thread Tim Sutton

Hi

I meant to reference Even too in my previous comments (in terms of agreeing 
with his comments). See below for more inline replies:



> On 16 Oct 2016, at 1:01 AM, Geo DrinX  wrote:
> 
> 
> 
> 2016-10-15 15:59 GMT+02:00 Nathan Woodrow  >:
> Thanks Even.  
> 
> Even is right. Security is the main reason that this is implemented this way, 
> there was loads of discussion around this when we put it in place.
> Trusted authors have auto approved plugins but until that point it requires 
> moderation by one of the team for now until a author gets to that point. 
> 
> I don't want to reduce the problem to a personal one, but I think that an 
> author, that is a programmer that reaches 171128 downloads, could be 
> considered trusted.

Roberto you are well known in the community and I think we know and trust you 
by now :-) 

> 
> But the problem is, instead, another, and I have a curiosity:  what is the 
> real danger you think can happens from an open gis ?   You really have 
> discussed this ?;)
> I don't think you are serious.
> 
> I have, instead a real problem you need to discuss:  You well know that there 
> is an important problem with SHP corruption.
> 
> True ?  I know this is true.  And also you know.
> 
> And, you know there is a "minidump" problem at exit, and randomically during 
> running.  And this problem is a memory problem.
> 
> True ?  You well know this is true.   Also I know that nobody knows from what 
> these bugs depend.
> 
> Well, I think the efforts and discussions must be used to discover these 
> problems, instead of plugin approvation, without any technical preparation.  
> Not ?
> 
> Or, if you need a responsibility to give, let it be python and the plugins.  
> But, you are out of road.  Look better in C++ source code, expecially where 
> memory pointers are not released, and used out of functions.  Perhaps.

I don't think it is good logic to say that we should ignore one known problem 
because another exists elsewhere. Rather we should address each problem as and 
when we can using the resources we have. Of course the things you mention above 
are worth fixing and the PSC makes donated funds to developers available 
exactly for the purpose of fixing these kind of issues. We also want to promote 
a plugin repository that contains code that won't remove all files from a 
user's hard drive or worse

So my summary is : don't take this personally, I think the things we are asking 
for are not unreasonable (given that dozens of plugin developers have already 
complied without complaint) and generally move us towards the direction of a 
better experience for our users and not away from it. OK? If you are still not 
happy, please rather frame the discussion in terms of specific concrete actions 
we can take to improve the plugin approval process, and we can work towards 
implementing them if possible. Thanks!

Regards

Tim


> 
> Good night
> 
> Roberto 
> 
> 
>  
> There might be other things we can do to increase the level of security 
> around this but these will also increase the level of complexity to the 
> system, signed packages, etc. This all takes times, and effort.
> 
> - Nathan
> 
> 
> 
> On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault  > wrote:
> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow  > >:
> > > Hey,
> > >
> > > Have you raised this as a issue with us. Can't really fix anything if
> > > it's not raised.
> > >
> > > What you suggest we do to make it better?
> > >
> > > Regards,
> > > Nathan
> >
> > Well, good question.  I thank you for making me the question.
> >
> > My opinion is :  There is no need to have an approval process.  What is it
> > for ?
> > Who judges the job, maybe months, another programmer, who is giving to the
> > community that has developed because of its usefulness ?
> > Maybe Richard Stallman ?   By chance Gary Sherman  ?
> > Probably would not do it even they.
> >
> > I think right now the approval of the plugin is only a manifestation of
> > power.
> >
> > It is nothing but this.
> >
> > Imagine Wikipedia and prior approval.   It would be composed of only ten
> > pages.
> > Imagine OpenStreetMap. Only two roads.  Other than free map of the world !
> >
> > Make free plugins. As long as you are on time.
> 
> There's an important difference. Neither contributing *data* to Wikipedia nor
> OpenStreetMap involves security risk for users of those databases. On the
> contrary contributing a plugin to QGIS is contributing *code* that will run
> with the privledges of the user running QGIS, so potentially thefting data /
> destroying data / installing malware / doing whatever nasty you can imagine.
> 
> Making a plugin available in the default repository is like accepting a code
> contribution to QGIS

Re: [Qgis-developer] About my plugins ...

2016-10-15 Thread Tim Sutton

Hi

Roberto I echo the comments from Victor and Nathan below - we are hosting 
executable code in the plugin repo and the approval process is only meant to 
protect our users and ourselves from people with malicious intent. The 
rationale is explained here:

http://blog.qgis.org/2016/08/26/what-are-trusted-plugins/

Note that the above article was heavily reviewed by myself and fellow members 
of the PSC before posting it. In my opinion we don't actually go far enough in 
the review process but unfortunately we don't have time and resources to do 
more. I think the review criteria are pretty minimal (contactable author, 
publicly hosted code, licensed under the GPL, not shipping binary blobs) etc. 
and should not prove to be a huge burden to any developer.

Could you share some specific ideas about how we could improve the process, 
whilst moving towards better security rather than away from it? Any reasonable 
and practical suggestions would be adopted without any issue I think...

Best Regards

Tim


> On 15 Oct 2016, at 4:59 PM, Nathan Woodrow  wrote:
> 
> Thanks Even.  
> 
> Even is right. Security is the main reason that this is implemented this way, 
> there was loads of discussion around this when we put it in place.
> Trusted authors have auto approved plugins but until that point it requires 
> moderation by one of the team for now until a author gets to that point. 
> 
> There might be other things we can do to increase the level of security 
> around this but these will also increase the level of complexity to the 
> system, signed packages, etc. This all takes times, and effort.
> 
> - Nathan
> 
> 
> 
> On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault  > wrote:
> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow  > >:
> > > Hey,
> > >
> > > Have you raised this as a issue with us. Can't really fix anything if
> > > it's not raised.
> > >
> > > What you suggest we do to make it better?
> > >
> > > Regards,
> > > Nathan
> >
> > Well, good question.  I thank you for making me the question.
> >
> > My opinion is :  There is no need to have an approval process.  What is it
> > for ?
> > Who judges the job, maybe months, another programmer, who is giving to the
> > community that has developed because of its usefulness ?
> > Maybe Richard Stallman ?   By chance Gary Sherman  ?
> > Probably would not do it even they.
> >
> > I think right now the approval of the plugin is only a manifestation of
> > power.
> >
> > It is nothing but this.
> >
> > Imagine Wikipedia and prior approval.   It would be composed of only ten
> > pages.
> > Imagine OpenStreetMap. Only two roads.  Other than free map of the world !
> >
> > Make free plugins. As long as you are on time.
> 
> There's an important difference. Neither contributing *data* to Wikipedia nor
> OpenStreetMap involves security risk for users of those databases. On the
> contrary contributing a plugin to QGIS is contributing *code* that will run
> with the privledges of the user running QGIS, so potentially thefting data /
> destroying data / installing malware / doing whatever nasty you can imagine.
> 
> Making a plugin available in the default repository is like accepting a code
> contribution to QGIS core. That involves some form of trust in the
> contributor.
> 
> >
> >
> > geodrinx
> >
> > > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX  > > > wrote:
> > >> Good morning   :)
> > >>
> > >>
> > >> I am here to inform you that I just removed from the repository the
> > >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
> > >>
> > >> I have taken this decision to draw your attention on the mechanism of
> > >> the plugin approval, which I think is totally insufficient and
> > >> inadequate.
> > >>
> > >> I recommend you review this procedure and pay more attention to whom is
> > >> dealing, which should be a technical, and not another.
> > >>
> > >> I am sorry for the difficulties that my decision will cause to
> > >> unsuspecting users of my plugin, but they can continue to download my
> > >> plugin from my official repository on github.
> > >>
> > >> I thank you for your attention
> > >>
> > >>
> > >> Best Regards
> > >>
> > >> Roberto (geodrinx)
> > >>
> > >> ___
> > >> Qgis-developer mailing list
> > >> Qgis-developer@lists.osgeo.org 
> > >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer 
> > >> 
> > >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer 
> > >> 
> 
> --
> Spatialys - Geospatial professional services
> http://www.spatialys.com 
> 
>

Re: [Qgis-developer] About my plugins ...

2016-10-15 Thread Geo DrinX

2016-10-15 15:59 GMT+02:00 Nathan Woodrow :

> Thanks Even.
>
> Even is right. Security is the main reason that this is implemented this
> way, there was loads of discussion around this when we put it in place.
> Trusted authors have auto approved plugins but until that point it
> requires moderation by one of the team for now until a author gets to that
> point.
>

I don't want to reduce the problem to a personal one, but I think that an
author, that is a programmer that reaches 171128 downloads, could be
considered trusted.

But the problem is, instead, another, and I have a curiosity:  what is the
real danger you think can happens from an open gis ?   You really have
discussed this ?;)
I don't think you are serious.

I have, instead a real problem you need to discuss:  You well know that
there is an important problem with SHP corruption.

True ?  I know this is true.  And also you know.

And, you know there is a "minidump" problem at exit, and randomically
during running.  And this problem is a memory problem.

True ?  You well know this is true.   Also I know that nobody knows from
what these bugs depend.

Well, I think the efforts and discussions must be used to discover these
problems, instead of plugin approvation, without any technical
preparation.  Not ?

Or, if you need a responsibility to give, let it be python and the
plugins.  But, you are out of road.  Look better in C++ source code,
expecially where memory pointers are not released, and used out of
functions.  Perhaps.

Good night

Roberto




> There might be other things we can do to increase the level of security around
> this but these will also increase the level of complexity to the system,
> signed packages, etc. This all takes times, and effort.
>
> - Nathan
>
>
>
> On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault  > wrote:
>
>> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
>> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow :
>> > > Hey,
>> > >
>> > > Have you raised this as a issue with us. Can't really fix anything if
>> > > it's not raised.
>> > >
>> > > What you suggest we do to make it better?
>> > >
>> > > Regards,
>> > > Nathan
>> >
>> > Well, good question.  I thank you for making me the question.
>> >
>> > My opinion is :  There is no need to have an approval process.  What is
>> it
>> > for ?
>> > Who judges the job, maybe months, another programmer, who is giving to
>> the
>> > community that has developed because of its usefulness ?
>> > Maybe Richard Stallman ?   By chance Gary Sherman  ?
>> > Probably would not do it even they.
>> >
>> > I think right now the approval of the plugin is only a manifestation of
>> > power.
>> >
>> > It is nothing but this.
>> >
>> > Imagine Wikipedia and prior approval.   It would be composed of only ten
>> > pages.
>> > Imagine OpenStreetMap. Only two roads.  Other than free map of the
>> world !
>> >
>> > Make free plugins. As long as you are on time.
>>
>> There's an important difference. Neither contributing *data* to Wikipedia
>> nor
>> OpenStreetMap involves security risk for users of those databases. On the
>> contrary contributing a plugin to QGIS is contributing *code* that will
>> run
>> with the privledges of the user running QGIS, so potentially thefting
>> data /
>> destroying data / installing malware / doing whatever nasty you can
>> imagine.
>>
>> Making a plugin available in the default repository is like accepting a
>> code
>> contribution to QGIS core. That involves some form of trust in the
>> contributor.
>>
>> >
>> >
>> > geodrinx
>> >
>> > > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX 
>> wrote:
>> > >> Good morning   :)
>> > >>
>> > >>
>> > >> I am here to inform you that I just removed from the repository the
>> > >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
>> > >>
>> > >> I have taken this decision to draw your attention on the mechanism of
>> > >> the plugin approval, which I think is totally insufficient and
>> > >> inadequate.
>> > >>
>> > >> I recommend you review this procedure and pay more attention to whom
>> is
>> > >> dealing, which should be a technical, and not another.
>> > >>
>> > >> I am sorry for the difficulties that my decision will cause to
>> > >> unsuspecting users of my plugin, but they can continue to download my
>> > >> plugin from my official repository on github.
>> > >>
>> > >> I thank you for your attention
>> > >>
>> > >>
>> > >> Best Regards
>> > >>
>> > >> Roberto (geodrinx)
>> > >>
>> > >> ___
>> > >> Qgis-developer mailing list
>> > >> Qgis-developer@lists.osgeo.org
>> > >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> > >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>> --
>> Spatialys - Geospatial professional services
>> http://www.spatialys.com
>>
>
>
___
Qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-15 Thread Nathan Woodrow

Thanks Even.

Even is right. Security is the main reason that this is implemented this
way, there was loads of discussion around this when we put it in place.
Trusted authors have auto approved plugins but until that point it requires
moderation by one of the team for now until a author gets to that point.

There might be other things we can do to increase the level of security around
this but these will also increase the level of complexity to the system,
signed packages, etc. This all takes times, and effort.

- Nathan



On Sat, Oct 15, 2016 at 11:55 PM, Even Rouault 
wrote:

> Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
> > 2016-10-14 8:42 GMT+02:00 Nathan Woodrow :
> > > Hey,
> > >
> > > Have you raised this as a issue with us. Can't really fix anything if
> > > it's not raised.
> > >
> > > What you suggest we do to make it better?
> > >
> > > Regards,
> > > Nathan
> >
> > Well, good question.  I thank you for making me the question.
> >
> > My opinion is :  There is no need to have an approval process.  What is
> it
> > for ?
> > Who judges the job, maybe months, another programmer, who is giving to
> the
> > community that has developed because of its usefulness ?
> > Maybe Richard Stallman ?   By chance Gary Sherman  ?
> > Probably would not do it even they.
> >
> > I think right now the approval of the plugin is only a manifestation of
> > power.
> >
> > It is nothing but this.
> >
> > Imagine Wikipedia and prior approval.   It would be composed of only ten
> > pages.
> > Imagine OpenStreetMap. Only two roads.  Other than free map of the world
> !
> >
> > Make free plugins. As long as you are on time.
>
> There's an important difference. Neither contributing *data* to Wikipedia
> nor
> OpenStreetMap involves security risk for users of those databases. On the
> contrary contributing a plugin to QGIS is contributing *code* that will run
> with the privledges of the user running QGIS, so potentially thefting data
> /
> destroying data / installing malware / doing whatever nasty you can
> imagine.
>
> Making a plugin available in the default repository is like accepting a
> code
> contribution to QGIS core. That involves some form of trust in the
> contributor.
>
> >
> >
> > geodrinx
> >
> > > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX  wrote:
> > >> Good morning   :)
> > >>
> > >>
> > >> I am here to inform you that I just removed from the repository the
> > >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
> > >>
> > >> I have taken this decision to draw your attention on the mechanism of
> > >> the plugin approval, which I think is totally insufficient and
> > >> inadequate.
> > >>
> > >> I recommend you review this procedure and pay more attention to whom
> is
> > >> dealing, which should be a technical, and not another.
> > >>
> > >> I am sorry for the difficulties that my decision will cause to
> > >> unsuspecting users of my plugin, but they can continue to download my
> > >> plugin from my official repository on github.
> > >>
> > >> I thank you for your attention
> > >>
> > >>
> > >> Best Regards
> > >>
> > >> Roberto (geodrinx)
> > >>
> > >> ___
> > >> Qgis-developer mailing list
> > >> Qgis-developer@lists.osgeo.org
> > >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> > >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
> --
> Spatialys - Geospatial professional services
> http://www.spatialys.com
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-15 Thread Even Rouault

Le samedi 15 octobre 2016 15:32:42, Geo DrinX a écrit :
> 2016-10-14 8:42 GMT+02:00 Nathan Woodrow :
> > Hey,
> > 
> > Have you raised this as a issue with us. Can't really fix anything if
> > it's not raised.
> > 
> > What you suggest we do to make it better?
> > 
> > Regards,
> > Nathan
> 
> Well, good question.  I thank you for making me the question.
> 
> My opinion is :  There is no need to have an approval process.  What is it
> for ?
> Who judges the job, maybe months, another programmer, who is giving to the
> community that has developed because of its usefulness ?
> Maybe Richard Stallman ?   By chance Gary Sherman  ?
> Probably would not do it even they.
> 
> I think right now the approval of the plugin is only a manifestation of
> power.
> 
> It is nothing but this.
> 
> Imagine Wikipedia and prior approval.   It would be composed of only ten
> pages.
> Imagine OpenStreetMap. Only two roads.  Other than free map of the world !
> 
> Make free plugins. As long as you are on time.

There's an important difference. Neither contributing *data* to Wikipedia nor 
OpenStreetMap involves security risk for users of those databases. On the 
contrary contributing a plugin to QGIS is contributing *code* that will run 
with the privledges of the user running QGIS, so potentially thefting data / 
destroying data / installing malware / doing whatever nasty you can imagine.

Making a plugin available in the default repository is like accepting a code 
contribution to QGIS core. That involves some form of trust in the 
contributor.

> 
> 
> geodrinx
> 
> > On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX  wrote:
> >> Good morning   :)
> >> 
> >> 
> >> I am here to inform you that I just removed from the repository the
> >> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
> >> 
> >> I have taken this decision to draw your attention on the mechanism of
> >> the plugin approval, which I think is totally insufficient and
> >> inadequate.
> >> 
> >> I recommend you review this procedure and pay more attention to whom is
> >> dealing, which should be a technical, and not another.
> >> 
> >> I am sorry for the difficulties that my decision will cause to
> >> unsuspecting users of my plugin, but they can continue to download my
> >> plugin from my official repository on github.
> >> 
> >> I thank you for your attention
> >> 
> >> 
> >> Best Regards
> >> 
> >> Roberto (geodrinx)
> >> 
> >> ___
> >> Qgis-developer mailing list
> >> Qgis-developer@lists.osgeo.org
> >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

-- 
Spatialys - Geospatial professional services
http://www.spatialys.com
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-15 Thread Geo DrinX

2016-10-14 8:42 GMT+02:00 Nathan Woodrow :

> Hey,
>
> Have you raised this as a issue with us. Can't really fix anything if it's
> not raised.
>
> What you suggest we do to make it better?
>
> Regards,
> Nathan
>

Well, good question.  I thank you for making me the question.

My opinion is :  There is no need to have an approval process.  What is it
for ?
Who judges the job, maybe months, another programmer, who is giving to the
community that has developed because of its usefulness ?
Maybe Richard Stallman ?   By chance Gary Sherman  ?
Probably would not do it even they.

I think right now the approval of the plugin is only a manifestation of
power.

It is nothing but this.

Imagine Wikipedia and prior approval.   It would be composed of only ten
pages.
Imagine OpenStreetMap. Only two roads.  Other than free map of the world !

Make free plugins. As long as you are on time.

geodrinx

> On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX  wrote:
>
>> Good morning   :)
>>
>>
>> I am here to inform you that I just removed from the repository the
>> latest plugin version 3.0.4 of GEarthView, and also other my plugins.
>>
>> I have taken this decision to draw your attention on the mechanism of the
>> plugin approval, which I think is totally insufficient and inadequate.
>>
>> I recommend you review this procedure and pay more attention to whom is
>> dealing, which should be a technical, and not another.
>>
>> I am sorry for the difficulties that my decision will cause to
>> unsuspecting users of my plugin, but they can continue to download my
>> plugin from my official repository on github.
>>
>> I thank you for your attention
>>
>>
>> Best Regards
>>
>> Roberto (geodrinx)
>>
>> ___
>> Qgis-developer mailing list
>> Qgis-developer@lists.osgeo.org
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-14 Thread Victor Olaya

We all know that the mechanism is not perfect and the catalog of
plugins could be handled better, but I dont think that such a decision
on you side helps improving it.

A large (very large) part of user will never ever go to github and
install a plugin manually, which means that, for them, now QGIS has
less functionality than before. That's not a good thing.

As a plugin dev...which advantages do you have removing the plugin
form the plugin server? I can only see disadvantages.

In any case, it's good that you raised this issue, I think it's
important to improve the plugins catalog and how it's handled, so
hopefully this will start a fruitful discussion about it.

Cheers



2016-10-14 8:42 GMT+02:00 Nathan Woodrow :
> Hey,
>
> Have you raised this as a issue with us. Can't really fix anything if it's
> not raised.
>
> What you suggest we do to make it better?
>
> Regards,
> Nathan
>
> On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX  wrote:
>>
>> Good morning   :)
>>
>>
>> I am here to inform you that I just removed from the repository the latest
>> plugin version 3.0.4 of GEarthView, and also other my plugins.
>>
>> I have taken this decision to draw your attention on the mechanism of the
>> plugin approval, which I think is totally insufficient and inadequate.
>>
>> I recommend you review this procedure and pay more attention to whom is
>> dealing, which should be a technical, and not another.
>>
>> I am sorry for the difficulties that my decision will cause to
>> unsuspecting users of my plugin, but they can continue to download my plugin
>> from my official repository on github.
>>
>> I thank you for your attention
>>
>>
>> Best Regards
>>
>> Roberto (geodrinx)
>>
>> ___
>> Qgis-developer mailing list
>> Qgis-developer@lists.osgeo.org
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

2016-10-14 Thread Nathan Woodrow

Hey,

Have you raised this as a issue with us. Can't really fix anything if it's
not raised.

What you suggest we do to make it better?

Regards,
Nathan

On Fri, Oct 14, 2016 at 4:35 PM, Geo DrinX  wrote:

> Good morning   :)
>
>
> I am here to inform you that I just removed from the repository the latest
> plugin version 3.0.4 of GEarthView, and also other my plugins.
>
> I have taken this decision to draw your attention on the mechanism of the
> plugin approval, which I think is totally insufficient and inadequate.
>
> I recommend you review this procedure and pay more attention to whom is
> dealing, which should be a technical, and not another.
>
> I am sorry for the difficulties that my decision will cause to
> unsuspecting users of my plugin, but they can continue to download my
> plugin from my official repository on github.
>
> I thank you for your attention
>
>
> Best Regards
>
> Roberto (geodrinx)
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

[Qgis-developer] About my plugins ...

2016-10-14 Thread Geo DrinX

Good morning   :)


I am here to inform you that I just removed from the repository the latest
plugin version 3.0.4 of GEarthView, and also other my plugins.

I have taken this decision to draw your attention on the mechanism of the
plugin approval, which I think is totally insufficient and inadequate.

I recommend you review this procedure and pay more attention to whom is
dealing, which should be a technical, and not another.

I am sorry for the difficulties that my decision will cause to unsuspecting
users of my plugin, but they can continue to download my plugin from my
official repository on github.

I thank you for your attention


Best Regards

Roberto (geodrinx)
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

Re: [Qgis-developer] About my plugins ...

[Qgis-developer] About my plugins ...

28 matches

Site Navigation

Mail list logo

Footer information