[josm-dev] JOSM Plugin no_more_mapping

colliar colliar4ever at aol.com
Sun Oct 28 14:36:41 GMT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 28/10/12 02:02, Frederik Ramm wrote:
> On 27.10.2012 15:14, colliar wrote:

Hey

>> I do not see any reason for deleting the source
> 
> Maybe it was indeed an overreaction on my part to remove the source from
> SVN. Of course it is still accessible even if removed, but I have now
> reinstated it.
> 
> I am however adamant that removing the compiled jar file from the "dist" 
> directory, and thereby from the list of downloadable plugins in JOSM, was
> right. There may be educational value in the source code, but there is no
> value in having the plugin offered in JOSM for download. The fact that we
> are Open Source and trying to create as little hurdles as possible (anyone
> can get an SVN account, anyone can add their plugins to the list, even
> anonymous website users can add pointers to whatever) does not mean that
> we're openly inviting shenanigans.
> 
> Only recently DWG had to block two vandals who were randomly deleting and 
> falsifying data in OSM. When challenged, their response was: "Yeah, we were
> just testing your security, and you should really do something about that."
> - I wanted to yell: We don't have any security and that's by design, to
> make mapping easier for everyone, and it is people like you who in the end
> force us to erect all these barriers and make life harder on everyone, but
> thanks for all your help!
> 
> Same here. Some might find it a humorous way of pointing the finger at our 
> vulnerabilities ("if someone runs this without looking then he was asking
> for it!") but I don't find it all that funny.
> 
>> and wonder that it needs only one person to delete working code from
>> svn.
> 
> It only needs one person to add something bad, and this is by design - we
> don't want people to have to ask for permission first. Consequently, one
> person is also sufficient to remove something bad.
> 
> The alternative is having a "plugin task force" that approves all plugins
> (and every update on every plugin...) and that can also be asked to remove
> ones which are thought to be problematic.

As you already did admit your overreaction, thanks.

I think it is much easier to include bad plugins in the list than using the
OSM svn. Especially JOSM-trac is very liberal regarding submits but so far we
do not have that many problems with this policy.

Think so, we are talking about different issues, if someone known is
submitting some code which I do not get the intention right away is way
different than someone else who is just capitalising his/her freedom.

Ciao
colliar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEAREIAAYFAlCNQuwACgkQalWTFLzqsCtHSwCbBM45r40zC/1w1YPndf5ZXpSS
A10An0fRy6wbtLtOsv4GRh3wnM5+QsDq
=KHeP
-----END PGP SIGNATURE-----



More information about the josm-dev mailing list