Re: [Gimp-developer] Gimp Registry Future



Hi Jehan,

Am 12.04.2014 um 12:57 schrieb Jehan Pagès <jehan marmottard gmail com>:

I don't think it is necessary for the addition of third party servers
to be made too difficult (and in particular having to recompile is
over and in practice means that a normal user will never be able to do
it, but it would be made easy only to scammers). It could just be a UI
preference. As long as we display proper warnings "at your own risk"
because unreviewed plug-ins can simply do anything to a user's
machine.

Also if we decided to use branding for protection of users, I would
say that a third party build can be named GIMP if and only if the only
plug-in server active by default if the official one.

Doesn’t this conflict with the GPL? Let’s assume, I take the GIMP sources and add my own plugin server which 
offers only precompiled OS X binaries, how is that different to the current situation where I provide those 
plugins already installed in the application bundle? Am I forced to name my bundle different?


If you build
GIMP by adding any third party server, without telling the user about
it, it can be a scam risk because

of course this _might_ be a risk, IMO it’s the same sort of risk as if you install some precompiled binary 
plugin from one the uncounted Linux distributions. 

the user would not have had the
original warning (hence would feel safe while one may not be).

OTOH, if one provides his own plugin server repository, such a message in the ‚official‘ GIMP will discredit 
the ‚non-official‘ version as a possible security risk only  because of some other kind of distribution. 

To make this clearer, I’ll give some example.
Think of the current situation on OS X. The stock GIMP bundle from gimp.org is not code signed. AFAIK this is 
because one has to have a paid Apple developer account to get a code signing certificate and currently no one 
wants to pay the annual fee. Now, to bypass the warning a user will get if he installs this unsigned 
application, he’s advised to turn off this security check in OS X’s System Preferences. Hhmm, IMO not a good 
advice in the sense of security.

Now, as you know, I provide a compiled GIMP application bundle with many third party plugins. My application 
bundle _is_ code signed. Should I display a warning, that if if a user want’s to install the stock GIMP he’s 
doing it at his own risk, because he get’s advised to turn off a security feature of his operating system? 
How would the core developer team feel about this?

Don’t get me wrong, code signing is a very useful feature. But forcing third party developers to use only 
_one_ specific distribution path or otherwise getting discredited as a possible security risk is not a good 
move. Even Apple let’s you sign your code to pass the code signing test on first launch and still let you 
distribute your applications however you want.

Simone Karin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]