Re: [Gimp-developer] Question about bundled "iBryte" GIMP installer
On Thu, 14 Jul 2011 11:34:08 -0600, Andrew Brandt wrote: > -- "Yontoo Layers" -- a Firefox plugin which is installed during the > process but which is not disclosed in the installation Wizard. It is > unknown what this plugin does at this time. Maybe this can help you in your invetigation (I didn't understand much there, but might be because I am not English native speaker): http://www.yontoo.com/PrivacyPolicy.aspx Cristi -- Cristian Secară http://www.secarica.ro ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Question about bundled "iBryte" GIMP installer
On Thu, Jul 14, 2011 at 4:55 PM, Chris Mohler wrote: > 2011/7/14 Christopher Curtis : >> >> This may not be accurate. Current GIMP releases are GPLv3: > > Oops - guess I need to pay more attention while lurking ;) I thought > the GPLv3 switch was still in the works... Andrew didn't mention if the binary in question was a 2.6.x or 2.7.x so we can't be sure which applies. However, to try to answer Andrew's original question: The GIMP team doesn't officially release executables - only source tarballs - at http://www.gimp.org/downloads/ . As such, I think it's safe to assume that it is expected that others will compile and redistribute the resultant binaries. It's kinda crappy when people bundle spyware with GIMP, but they are free to do so as long as they comply with GIMP's license. Chris ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Question about bundled "iBryte" GIMP installer
On Thu, 14 Jul 2011 20:54:42 +0200, =?utf-8?Q?Jernej_Simon=C4=8Di=C4=8D?= wrote: > On Thursday, July 14, 2011, 19:34:08, Andrew Brandt wrote: > >> -- Are third parties permitted, according to your EULA, to bundle your >> product this way? > > GIMP is licensed under the GNU General Public License, version > 2. The GPL only covers redistribution (not usage, which isn't > limited in any way), which is allowed provided that certain criteria > are met - specifically, anybody receiving the software has to get > the same rights of redistribution, and at the same time also has to > be able to get the source code from the same place where the binary > was obtained (the source code has to match the binary exactly; it > also has to be provided from the same place as the binary, unless > the one providing the binary has an agreement with a 3rd party > that's providing the source code). There's more to it than that; the GPL has to be passed through, allowing downstream recipients to modify, distribute, etc. it under the terms of the GPL. So if someone were to extract the GIMP package from the bundle and distribute that, I believe (IANAL) that that would be completely kosher. ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Question about bundled "iBryte" GIMP installer
2011/7/14 Christopher Curtis : >> GIMP is licensed under the GNU General Public License, version 2. The > > This may not be accurate. Current GIMP releases are GPLv3: Oops - guess I need to pay more attention while lurking ;) I thought the GPLv3 switch was still in the works... Chris ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Question about bundled "iBryte" GIMP installer
2011/7/14 Jernej Simončič : > On Thursday, July 14, 2011, 19:34:08, Andrew Brandt wrote: >> -- Are third parties permitted, according to your EULA, to bundle your >> product this way? > > GIMP is licensed under the GNU General Public License, version 2. The This may not be accurate. Current GIMP releases are GPLv3: http://git.gnome.org/browse/gimp/tree/COPYING?id=GIMP_2_7_2 And there remains an inconsistency between the GPLv3 and the LICENSE file: https://lists.xcf.berkeley.edu/lists/gimp-developer/2010-November/025875.html Chris ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Question about bundled "iBryte" GIMP installer
On Thu, Jul 14, 2011 at 12:34 PM, Andrew Brandt wrote: > -- If this company is distributing this software without your express, > written consent, what steps do you plan to take to put an end to this > practice? (I'm not a developer either - I lurk here to keep tabs on the development version.) Here is a link to the GPL v2, under which gimp is licensed: http://www.gnu.org/licenses/gpl-2.0.html AFAIK, any 3rd party is free to repackage and distribute GIMP as long as they make the source code available (even if they are bundling it with crapware, unfortunately). Chris ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
Re: [Gimp-developer] Question about bundled "iBryte" GIMP installer
On Thursday, July 14, 2011, 19:34:08, Andrew Brandt wrote: > -- Have you signed a distribution agreement with this company? No (but I'm not a core developer - just somebody who happens to provide the most popular installer for GIMP on Windows). > -- Are third parties permitted, according to your EULA, to bundle your > product this way? GIMP is licensed under the GNU General Public License, version 2. The GPL only covers redistribution (not usage, which isn't limited in any way), which is allowed provided that certain criteria are met - specifically, anybody receiving the software has to get the same rights of redistribution, and at the same time also has to be able to get the source code from the same place where the binary was obtained (the source code has to match the binary exactly; it also has to be provided from the same place as the binary, unless the one providing the binary has an agreement with a 3rd party that's providing the source code). Bundling other products is not covered (it's neither forbidden, nor allowed). > -- If this company is distributing this software without your > express, written consent, what steps do you plan to take to put an end to > this practice? They aren't (since no such consent is needed), but unless they don't provide the source code, nobody will do anything. -- < Jernej Simončič ><><><><>< http://eternallybored.org/ > If it looks easy, it's tough. If it looks tough, it's damn near impossible. -- Stockmayer's Theorem ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
[Gimp-developer] Question about bundled "iBryte" GIMP installer
Hello GIMP devs. I'm hoping that someone on this list can help point me in the right direction. My name is Andrew Brandt. I'm an security researcher for the antivirus company Webroot. I've come across a large number of installers for GIMP which have been published by a company called iBryte. That company, whose web site is at http://landing.ibryte.com/ creates installers of open-source applications which have been bundled with additional software. The installers require the person who is attempting to install these products to agree to install all of the following software before they may have the GIMP binaries: -- "Pagerage" -- a browser plugin which embeds ads within Facebook. This is a non-optional installation. -- "Alot toolbar" and "alot.com" homepahe -- an adware toolbar and a modification to the browser's default search settings (this is an optional installation which is preselected) -- "PlayBrite" -- some sort of software that's used to display ads while you play online games through a web browser. This is a non-optional installation which affects all installed browsers on the system. -- "Yontoo Layers" -- a Firefox plugin which is installed during the process but which is not disclosed in the installation Wizard. It is unknown what this plugin does at this time. I have a number of questions for someone who is in a position to speak on behalf of the GIMP project. -- Have you signed a distribution agreement with this company? -- Are third parties permitted, according to your EULA, to bundle your product this way? -- If this company is distributing this software without your express, written consent, what steps do you plan to take to put an end to this practice? I realize this list goes to a lot of people, but I'm hoping this message will end up in the hands of someone who can speak to all of these issues. Please feel free to contact me directly if you have additional questions. Regards, -=A --- Andrew Brandt Lead Threat Research Analyst Webroot abra...@webroot.com +1 720.842.3563 http://blog.webroot.com ___ Gimp-developer mailing list Gimp-developer@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
