Hello, I've been asked to bring this discussion to this mailinglist. There's an issue with GIMP that can lead to unexpected disclosure of private information if one tries to use GIMP to remove private data from images. The problem is that when someone "deletes" something with GIMP in an image with an alpha channel it's not actually deleted, the content is just set to be fully transparent. This can of course trivially be reversed. A typical situation where this might become problematic is when somene makes a screenshot for e.g. a social media post and wants to remove something that is private, e.g. a name/address/creditcard number etc. Will Dormann who works for CERT/CC has reported this as an issue[1], however it was closed arguing that this is expected behavior. FWIW I agree with Will Dormann here that this is very surprising behavior, and thus it should be considered dangerous and should be changed. He also told me he tested multiple other popular graphics editors and GIMP is the only one with this behavior. (Also FYI I am planning to write an article about this for Golem.de.) [1] https://gitlab.gnome.org/GNOME/gimp/issues/4487 -- Hanno Böck https://hboeck.de/ _______________________________________________ gimp-developer-list mailing list List address: gimp-developer-list@xxxxxxxxx List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
