John Lindsay via QGIS-Developer <qgis-developer@lists.osgeo.org> writes:
> Besides, a better solution would be for the plugin to install this > package via pip when it is itself first installed and launched. I > tried to accomplish this with the following code: > > https://github.com/jblindsay/whitebox_workflows_for_qgis/blob/4e463262f6cfd1987afa2f3f7e0e79656eb8d27e/whitebox_workflows_for_qgis_provider.py#L56 > > This code, which runs whenever the plugin is launched, first checks to > see if whitebox_workflows can be imported and if not, it runs pip from > the Python script to install it. Unfortunately, some users have > reported issues with this not working correctly: (Writing from the UNIX perspective.) Perhaps biased by my packaing background, I view any code that downloads other code at runtime (without an explicit user request) as a security bug. This is especially true if it isn't getting sources pinned to a version and validated by checksum. That said, there's a lot of interesting questions about how to deal with dependencies of plugins. For qgis itself, dependencies are properly dealt with by a packaging system and that seems ok. For plugins, I could see treating them as python modules and packaging them, but qgis wants to have its own package management system. qgis is usually installed, via packaging, globally (/usr or /usr/pkg, or similar). The immediate question is where plugins go. I'd expect them to be in the user's file area vs system, unless installing them in some administrator role. The next question is, if they depend on something, what prefixes and install methods are expected for those things, both regular packages (programs and shlibs) and python modules. Which is partly/mostly about what the search paths are in the plugin execution environment. Overall, I'd rather see plugins fail with a message and leave installation as a manual decision than have plugins run pip install. But I get it that most people probably don't see it that way. _______________________________________________ QGIS-Developer mailing list QGIS-Developer@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
