Re: [Gimp-developer] What next after sourceforge.net?
On 05/30/2015 03:46 AM, Sam Gleske wrote: In fact, the direct download link for Windows is a tiny this link at the end of the description paragraph underneath the GIANT torrent link. As you can see in the thread I linked to, this is going to change - with both links to be more prominent than they have been before. There are plenty of trusted binary hosting services for open source projects. One not need look far for alternate hosting if the worry is GIMP infrastructure overload. I'm actually not sure if it ever was a real overload, could also jut be that the web server config we have limited the connections. Nowadays, this does not seem to be an issue - probably due to the fact that there are tons of torrent seeders for the current downloads, and many people use it. Changing to the current server was not entirely voluntary - we had our previous one failing, and now GNOME generously provides a virtual machine in one of the data centers the use themselves. Personally I feel the Download button on the front page should actually download the software (detecting your browser language and platform). For that to work, it will have to be easy to switch between different platforms. Regardless of the way in which the downloads are presented. I do think the downloads page is pretty busy. My friends need someone like me to help them sort it out when they're getting their copy of GIMP. I feel that flow is in need of improvement. I guess the new layout will make it easier for them. -- Regards, Michael GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
Re: [Gimp-developer] What next after sourceforge.net?
Hi, I'm not a GIMP dev or involved in any way, but a quick comment from me. One obvious thing: The easier you make it to find the legitimate / real download the less likely people will look for it elsewhere. Now let's assume I'm a windows user, not super skilled, but I heared that GIMP is a good graphics tool and I want to get it. Right now if I go to the gimp webpage I see a big download button. That looks good. However then it gets murky. I get to a download page that will offer me a bunch of stuff I don't need and don't understand. I have to scroll down quite a bit to read this: Nightly builds for Windows are available at darkrefraction.com. This is unstable software, please use it at your own risk. Ok, I as a poor user read: This is something I don't understand (a nightly build) and it's dangerous, because they talk about risk. There is no offer of a windows download that doesn't sound scary. No wonder people will go elsewhere to get the GIMP. Make it easier and non-scary to find the right download and you'll take away downloads from the badware-bundlers. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 pgp60MlNLM5ej.pgp Description: OpenPGP digital signature ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
Re: [Gimp-developer] What next after sourceforge.net?
On 05/29/2015 07:51 PM, Hanno Böck wrote: Hi, I'm not a GIMP dev or involved in any way, but a quick comment from me. One obvious thing: The easier you make it to find the legitimate / real download the less likely people will look for it elsewhere. Now let's assume I'm a windows user, not super skilled, but I heared that GIMP is a good graphics tool and I want to get it. Right now if I go to the gimp webpage I see a big download button. That looks good. However then it gets murky. I get to a download page that will offer me a bunch of stuff I don't need and don't understand. See https://mail.gnome.org/archives/gimp-developer-list/2015-May/msg00034.html (the mail thread gets constructive beyond the first post). In this thread, there is work on proposal for the downloads pages that makes both the torrent link and the direct link (to e.g. the Windows .exe file) more obvious. The reason for emphasizing the torrent file over the direct link was to spread knowledge of BitTorrent and put less load on our server, but having both as equals should work just as fine. There has been another proposal on our #gimp IRC channel to make the platform selection available again, I'm currently checking the status of that. -- Regards, Michael GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
Re: [Gimp-developer] What next after sourceforge.net?
On Fri, May 29, 2015 at 2:35 PM, Michael Schumacher schum...@gmx.de wrote: See https://mail.gnome.org/archives/gimp-developer-list/2015-May/msg00034.html (the mail thread gets constructive beyond the first post). In this thread, there is work on proposal for the downloads pages that makes both the torrent link and the direct link (to e.g. the Windows .exe file) more obvious. The reason for emphasizing the torrent file over the direct link was to spread knowledge of BitTorrent and put less load on our server, but having both as equals should work just as fine. There has been another proposal on our #gimp IRC channel to make the platform selection available again, I'm currently checking the status of that. Yeah... most non-technical people haven't heart of torrents (except for maybe the ones downloading illegal software, movies, and music). The largest link for Windows on that page is a misleading .torrent link (as a normal person would expect to download the software to install it rather than download a file that requires them to install other software to install it). In fact, the direct download link for Windows is a tiny this link at the end of the description paragraph underneath the GIANT torrent link. There are plenty of trusted binary hosting services for open source projects. One not need look far for alternate hosting if the worry is GIMP infrastructure overload. Personally I feel the Download button on the front page should actually download the software (detecting your browser language and platform). Then perhaps make the link on the right called Downloads or More Downloads where users can find the comprehensive list of items to download to their heart's content. Regardless of the way in which the downloads are presented. I do think the downloads page is pretty busy. My friends need someone like me to help them sort it out when they're getting their copy of GIMP. I feel that flow is in need of improvement. SAM -- I prefer to encrypt my email GPG FINGERPRINT 4096 KEY 8D8B F0E2 42D8 A068 572E BF3C E8F7 3234 7257 E65F https://keybase.io/samrocketman Learn how to encrypt your email with the Email Self Defense guide: https://emailselfdefense.fsf.org/en/ ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
[Gimp-developer] What next after sourceforge.net?
Sourceforge deceived us but this problem seems to be more widespread. What are some steps we can take to avoid problems for users and inform them? (For purposes of defining malware below: A user wishes to install GIMP. The user does not expect the installer to side-load other software that is often undesirable, whether it does so without asking or not.) From The Free On-line Dictionary of Computing (20 July 2014) [foldoc]: malware security Any {software} designed to do something that the user would not wish it to do, hasn't asked it to do, and often has no knowledge of until it's too late. First, note that Sourceforge doesn't appear as that old project host. Even if we don't have a project there, they mirror projects with the side-loading malware installer so that they can profit from the work of others. They are able to do this because Sourceforge was once trusted by users as a reputed provider of free software. The installer that eventually gets used is ender's, so they are not even building GIMP for Windows. They have made no contributions to GIMP for Windows. We have not asked them to continue to update a mirror for GIMP. Sourceforge is not alone in making such side-loading malware installers. A Google web search for gimp or gimp download returns numerous crapware results and just 1 legitimate result. They all claim to make GIMP available for download. Note that you will not find free-as-in-beer commercial software like Google Earth for download through their malware installers on these websites (they link to the respective software's website for these), just free software projects which are not capable of defending themselves are chosen to exploit. The GNU GPL gives a lot of freedom to use, modify and redistribute software. Many developers/contributors of free software actually want this. They put their hearts and minds into improving software so that the general public can benefit from the software and don't face any restrictions. There is little that contributors expect. There are some who are taking advantage of that freedom by misrepresenting the creators of that software and fool the public in order to profit. Profiting from free software is a good thing, but there are right and wrong ways to do it. When it comes to software projects, copyright and name (the mark) are two rights that creators of the effects have. The GNU GPL gives a lot of rights away so that the software is free. But it doesn't exactly allow misrepresentation and masquerade. Many distros ship GIMP, even slightly patched versions for bugfixes or better integration into their environments. This improves the experience for users. Formally registering a GIMP trademark may not be seen in a good light by distributions, even if we readily wish to see them use the name. See Firefox vs. Iceweasel for example. Even though GIMP is an established project, we generally don't want to spend time as contributors to fight a legal battle. There are even questions of whether we *should*, i.e., whether an established free software project has to register trademarks and involve lawyers to protect it from being misused this way. Looking forward, we would like to protect our users in some way. This would actually make a difference to users, rather than fighting some battles. 1. Discourage wrapping of real installer inside a side-loading installer Red Hat distributes ISO images of its Enterprise Linux project to its customers. The ISO images contain RPM packages, which further contain compiled binaries of various projects licensed, among others, under the GNU GPL license. Though Red Hat distributes the sources for all software, the ISO images are not put up for redistribution. The GIMP installer EXE file is a binary archive, that contains, within it, the compiled object files from GIMP's source code, and various resources and other files. The installer EXE, though it is a program, is not technically a derived work as per the GNU GPL as it is not ever linked to GIMP. The installer EXE is also signed by ender (Jernej Simončič). It is non-trivial to make this GIMP installer EXE for those who have not spent a significant amount of time learning how to do this. The way that most side-loading malware installers like Sourceforge.net's operate, is that after installing crapware, when the time comes to actually install GIMP, they take ender's installer as-is and run it. Without losing sight of the principles of free software, we might add a notice alongside this binary installer about what kinds of activity are not allowed with this specific installer EXE so that our users don't end up being fooled. 2. Cleanup search results - If a user searches for gimp, they ought not to see downloads for GIMP that fool the user into installing other things on the machine. There is only one legitimate result for the actual stable release of