atthias Kuhn
> *Cc:* John Stevenson - BGS ; i...@opengis.it;
> qgis-developer
> *Subject:* Re: [QGIS-Developer] How to deal with QGIS plugins which
> install additional packages
>
>
>
> Qgis-plugin-dev-tools approach solves this problem by vendoring the
> packages and rewr
s.it>
Cc: qgis-developer
mailto:qgis-developer@lists.osgeo.org>>
Subject: Re: [QGIS-Developer] How to deal with QGIS plugins which install
additional packages
One alternative way of managing the dependencies is to package the non-binary
runtime dependencies (including licenses) with the p
proxy_url:*
>>
>> *env['http_proxy'] = full_proxy_url*
>>
>> *env['https_proxy'] = full_proxy_url*
>>
>> * subprocess.check_call([pip_exec, "install", "--upgrade",
>> "
Nyall Dawson writes:
> I would personally feel safest if this was something officially endorsed,
> with an explicit allow list of acceptable packages.
This is my reaction, too, of having a curated list of packages that
could be installed, with the list managed by qgis, perhaps in the
regular sou
John Stevenson - BGS via QGIS-Developer
writes:
> Mergin Maps plugin also packages the dependencies (including the
> geodiff binary) into the plugin itself. I’m not sure how it handles
> cross-platform differences, though.
Wow. We really should not have binaries in plugins at all. Beyond the
pt-get", "install",
> "python3-pyqt5.qtwebengine"])*
>
> * elif system == 'Darwin': # macOS*
>
> *subprocess.check_call(["brew", "install", "pyqt5"])*
>
>
>
>
>
> *Andrea Ordonsell
.ch<mailto:matth...@opengis.ch>
Cc "Thomas B via QGIS-Developer"
qgis-developer@lists.osgeo.org<mailto:qgis-developer@lists.osgeo.org>
Data Wed, 23 Oct 2024 16:16:43 +1000
Oggetto Re: [QGIS-Developer] How to deal with QGIS plugins which install
additional packages
On Wed,
f system == 'Darwin': # macOS*
> *subprocess.check_call(["brew", "install", "pyqt5"])*
>
>
> *Andrea Ordonselli*
> *O.GIS - **opengis.it <http://opengis.it>*
>
>
> Da "QGIS-Developer" qgis-developer-boun.
S-Developer" qgis-developer-boun...@lists.osgeo.org
A "Matthias Kuhn" matth...@opengis.ch
Cc "Thomas B via QGIS-Developer" qgis-developer@lists.osgeo.org
Data Wed, 23 Oct 2024 16:16:43 +1000
Oggetto Re: [QGIS-Developer] How to deal with QGIS plugins which insta
On Wed, 23 Oct 2024, 4:07 pm Matthias Kuhn, wrote:
> On Wed, Oct 23, 2024 at 2:49 AM Nyall Dawson via QGIS-Developer <
> qgis-developer@lists.osgeo.org> wrote:
>
>>
>>
>> On Wed, 23 Oct 2024, 9:20 am Greg Troxel via QGIS-Developer, <
>> qgis-developer@lists.osgeo.org> wrote:
>>
>>> Thomas B via Q
On Wed, Oct 23, 2024 at 2:49 AM Nyall Dawson via QGIS-Developer <
qgis-developer@lists.osgeo.org> wrote:
>
>
> On Wed, 23 Oct 2024, 9:20 am Greg Troxel via QGIS-Developer, <
> qgis-developer@lists.osgeo.org> wrote:
>
>> Thomas B via QGIS-Developer writes:
>>
>> > Dear QGIS-Developers,
>> >
>> > A
On Wed, 23 Oct 2024, 9:20 am Greg Troxel via QGIS-Developer, <
qgis-developer@lists.osgeo.org> wrote:
> Thomas B via QGIS-Developer writes:
>
> > Dear QGIS-Developers,
> >
> > Are there any guidelines from the QGIS project regarding whether a QGIS
> > plugin is allowed to autonomously install req
Thomas B via QGIS-Developer writes:
> Dear QGIS-Developers,
>
> Are there any guidelines from the QGIS project regarding whether a QGIS
> plugin is allowed to autonomously install required packages using PIP or
> similar tools without manual installation by the user?
>
> While this might seem con
Hi Thomas,
My personal feeling is that this is a very real security risk. I know that
it makes it easy to get the extra Python packages installed, but it is not
worth it. My plugins that require extra Python packages notifies the user
that they need to be installed and gives instructions on how t
Dear QGIS-Developers,
Are there any guidelines from the QGIS project regarding whether a QGIS
plugin is allowed to autonomously install required packages using PIP or
similar tools without manual installation by the user?
While this might seem convenient, I see it as a potential security risk,
es
15 matches
Mail list logo
