A better experience for first time plugin manager users

Question

A better experience for first time plugin manager users

timlinux opened this issue 5 months ago · comments

Tim Sutton commented 5 months ago

QGIS Enhancement: A better experience for first time plugin manager users

Date 2024/03/06

Author Tim Sutton (@timlinux)

Contact tim@kartoza.com

maintainer @timlinux

Version QGIS 3.38 and beyond

Summary

For a long time I have been unhappy about our security posture with regards to python plugins. Today I happened to see that Jupyter gives their users exactly the experience I think we should be giving our users, so I decided to actually write this QEP.

Proposed Solution

For any new profile or new install, block the plugin manager until the user has explicitly accepted the terms, an adapted version of which I provide below:

The QGIS development team is excited to have a robust third-party plugin community. Although we do a basic review of third-party plugins, this review process is not exhaustive and some plugins may introduce security risks or contain malicious code that runs on your machine. Moreover in order to work, this plugin manager needs to fetch data from web services. Do you agree to activate this feature?

I really like the visual design approach they took, making the 'accept' button RED and the 'deny' button gray.

Affected Files

Probably these:

QGIS/src/ui/qgspluginmanagerbase.ui
QGIS/src/app/pluginmanager/qgspluginmanager.h
QGIS/src/app/pluginmanager/qgspluginmanager_texts.cpp
QGIS/src/app/pluginmanager/qgspluginmanager.cpp

Performance Implications

None

Further Considerations/Improvements

None

Backwards Compatibility

Would be great to backport this to LTR

Issue Tracking ID(s)

Votes

(required)

Nyall Dawson commented 5 months ago

+1

Alessandro Pasotti commented 5 months ago

+1

Werner Macho · Answer 1 · Thu Mar 07 2024 18:49:53 GMT+0800 (China Standard Time)

nice idea to make that statement more obvious +1

…

On Wed, Mar 6, 2024 at 9:57 PM Tim Sutton ***@***.***> wrote: QGIS Enhancement: A better experience for first time plugin manager users *Date* 2024/03/06 *Author* Tim Sutton ***@***.*** <https://github.com/timlinux>) *Contact* ***@***.*** *maintainer* @timlinux <https://github.com/timlinux> *Version* QGIS 3.38 and beyond Summary For a long time I have been unhappy about our security posture with regards to python plugins. Today I happened to see that Jupyter gives their users exactly the experience I think we should be giving our users, so I decided to actually write this QEP. image.png (view on web) <https://github.com/qgis/QGIS-Enhancement-Proposals/assets/178003/01ad21ab-8b2e-4f79-9dcd-8aff2480b119> Proposed Solution For any new profile or new install, block the plugin manager until the user has explicitly accepted the terms, an adapted version of which I provide below: The QGIS development team is excited to have a robust third-party plugin community. Although we do a basic review of third-party plugins, this review process is not exhaustive and some plugins may introduce security risks or contain malicious code that runs on your machine. Moreover in order to work, this plugin manager needs to fetch data from web services. Do you agree to activate this feature? I really like the visual design approach they took, making the 'accept' button RED and the 'deny' button gray. Affected Files Probably these: - QGIS/src/ui/qgspluginmanagerbase.ui - QGIS/src/app/pluginmanager/qgspluginmanager.h - QGIS/src/app/pluginmanager/qgspluginmanager_texts.cpp - QGIS/src/app/pluginmanager/qgspluginmanager.cpp Performance Implications None Further Considerations/Improvements None Backwards Compatibility Would be great to backport this to LTR Issue Tracking ID(s) Votes (required) — Reply to this email directly, view it on GitHub <#284>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AADVWIPHP56DDRA3VY33QSDYW57J7AVCNFSM6AAAAABEJYYF4SVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE3TENBRGIZDQNY> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

Ismail Sunni · Answer 2 · Thu Mar 07 2024 19:25:58 GMT+0800 (China Standard Time)

Will it affected pre-installed plugin or plugin that installed manually (e.g. copying the plugin to the profile directory) ? Or only the plugin manager dialog only?

Tim Sutton · Answer 3 · Thu Mar 07 2024 21:17:30 GMT+0800 (China Standard Time)

@ismailsunni the idea would be to 'cover' the plugins dialog with this message the first time it is used. So it would have no effect if you already have plugins installed manually in the plugin dir.

Régis Haubourg · Answer 4 · Sat Mar 16 2024 19:47:21 GMT+0800 (China Standard Time)

I would also add in the future some scanner feature that prevents compiled binaries to be silently shipped

Harrissou Sant-anna · Answer 5 · Sun Mar 17 2024 12:13:52 GMT+0800 (China Standard Time)

+1

For any new profile or new install, block the plugin manager until the user has explicitly accepted the terms

I guess this means we need to think about our Core plugins currently available through this dialog, namely Processing, metasearch... whether they are moved out of the manager dialog, or we only block access to third-party plugins once in the manager dialog.