Project

General

Profile

Allowing plugins with obfuscated code

Added by Igor Antonov over 6 years ago

I've recently met a plugin obfuscated/encoded by RubyEncoder (a_common_libs by RMPlus - https://www.redmine.org/plugins/a_common_libs).

1. Source code repository is unavailable
2. It's not clear which license is used (and actually can be used by Redmine plugins)
3. All Ruby source code files are obfuscated. I'm concerned about the ones patching core models/controllers/helpers.

I've seen the thread about "annoying" plugins (https://www.redmine.org/boards/3/topics/37931) and after 5 years after the thread was created there's still no response from the development team.

I do consider publishing Redmine Core incompatible or obfuscated plugins damaging to plugin ecosystem. I imagine no one is using only one plugin - we have about 15 used on our corporate Redmine instance and I believe that's the case for the majority of Redmine plugin users. And plugins break. Easily at that. I'm used to modifying plugins in order to either fix incompatibility with another plugin, fix incompatibility with new Redmine version or to modify the plugin logic to better suit business needs. And using forked Redmine Core version, obscene amounts of dependencies or downright evil source code obfuscation makes the plugin system unusable for it's primary (as I see it) goal - making Redmine extensible and tailorable for business' needs.

It would be great to have a clear position on the allowance of such plugins in the official plugin registry.

Thanks.
Igor