Hi Jehan, Am 12.04.2014 um 12:57 schrieb Jehan Pagès <jehan.marmottard@xxxxxxxxx>: > > I don't think it is necessary for the addition of third party servers > to be made too difficult (and in particular having to recompile is > over and in practice means that a normal user will never be able to do > it, but it would be made easy only to scammers). It could just be a UI > preference. As long as we display proper warnings "at your own risk" > because unreviewed plug-ins can simply do anything to a user's > machine. > > Also if we decided to use branding for protection of users, I would > say that a third party build can be named GIMP if and only if the only > plug-in server active by default if the official one. Doesn’t this conflict with the GPL? Let’s assume, I take the GIMP sources and add my own plugin server which offers only precompiled OS X binaries, how is that different to the current situation where I provide those plugins already installed in the application bundle? Am I forced to name my bundle different? > If you build > GIMP by adding any third party server, without telling the user about > it, it can be a scam risk because of course this _might_ be a risk, IMO it’s the same sort of risk as if you install some precompiled binary plugin from one the uncounted Linux distributions. > the user would not have had the > original warning (hence would feel safe while one may not be). OTOH, if one provides his own plugin server repository, such a message in the ‚official‘ GIMP will discredit the ‚non-official‘ version as a possible security risk only because of some other kind of distribution. To make this clearer, I’ll give some example. Think of the current situation on OS X. The stock GIMP bundle from gimp.org is not code signed. AFAIK this is because one has to have a paid Apple developer account to get a code signing certificate and currently no one wants to pay the annual fee. Now, to bypass the warning a user will get if he installs this unsigned application, he’s advised to turn off this security check in OS X’s System Preferences. Hhmm, IMO not a good advice in the sense of security. Now, as you know, I provide a compiled GIMP application bundle with many third party plugins. My application bundle _is_ code signed. Should I display a warning, that if if a user want’s to install the stock GIMP he’s doing it at his own risk, because he get’s advised to turn off a security feature of his operating system? How would the core developer team feel about this? Don’t get me wrong, code signing is a very useful feature. But forcing third party developers to use only _one_ specific distribution path or otherwise getting discredited as a possible security risk is not a good move. Even Apple let’s you sign your code to pass the code signing test on first launch and still let you distribute your applications however you want. Simone Karin _______________________________________________ gimp-developer-list mailing list List address: gimp-developer-list@xxxxxxxxx List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
