Hello everyone, We have unfeatured all the featured plugins for now and added a ticket at https://github.com/qgis/QGIS-Plugins-Website/issues/79 to come up with a set of rules for when and how plugins get featured. Please feel free to add your suggestions and continue the discussion there.
Best regards, Lova Andriarimalala *QGIS Full Stack Developer * *T *: +27(0) 87 809 2702 *E *: l...@kartoza.com *W* : kartoza.com *This email and any attachments are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you * *have received this email in error, please notify the sender immediately and delete it from your system. Unauthorised use, disclosure, or copying* *of the contents is prohibited.* On Fri, 14 Feb 2025 at 17:14, Greg Troxel via QGIS-Developer < qgis-developer@lists.osgeo.org> wrote: > Emma Hain via QGIS-Developer <qgis-developer@lists.osgeo.org> writes: > > > I like this idea of having it reviewed for a cost! > > I am not really comfortable with that. It creates a bias to > company-produced software. The costs really should be paid by the > people that are relying on the safety judgements, not the ones producing > open-source code. > > There is a real issue, and the reality of what people do and don't trust > does not necessarily line up with what makes sense. > > qgis has review and a lot of eyes, so people presume that qgis is safe > (from a "no malicious code" cyber-security viewpoint). > > Some plugins have known authors, and reputations. Others are new. > Perhaps more plugins should get moved to core and maintained there by > PR, but that is probably pushing work on existing people and not > reasonable. > > It might be that a not-maintained label for plugins is in order, > appplied one year after last update, with filtering those out by > default. > > With respect to the organization, it seems they probably should develop > a review process and an allowed list, no different than how they treat > loading any other software onto company computers (or computers with > company data, whatever). They could pay for support for review/advice. > Right now individuals make these judgements; I certainly think about > plugins before installing them. > > Longer term, I wonder about sandboxing plugins, android style, with > limits on filesystem access and internet access. > _______________________________________________ > QGIS-Developer mailing list > QGIS-Developer@lists.osgeo.org > List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer >
_______________________________________________ QGIS-Developer mailing list QGIS-Developer@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
