Re: [Gimp-developer] What next after sourceforge.net?
On 05/30/2015 03:46 AM, Sam Gleske wrote: In fact, the direct download link for Windows is a tiny this link at the end of the description paragraph underneath the GIANT torrent link. As you can see in the thread I linked to, this is going to change - with both links to be more prominent than they have been before. There are plenty of trusted binary hosting services for open source projects. One not need look far for alternate hosting if the worry is GIMP infrastructure overload. I'm actually not sure if it ever was a real overload, could also jut be that the web server config we have limited the connections. Nowadays, this does not seem to be an issue - probably due to the fact that there are tons of torrent seeders for the current downloads, and many people use it. Changing to the current server was not entirely voluntary - we had our previous one failing, and now GNOME generously provides a virtual machine in one of the data centers the use themselves. Personally I feel the Download button on the front page should actually download the software (detecting your browser language and platform). For that to work, it will have to be easy to switch between different platforms. Regardless of the way in which the downloads are presented. I do think the downloads page is pretty busy. My friends need someone like me to help them sort it out when they're getting their copy of GIMP. I feel that flow is in need of improvement. I guess the new layout will make it easier for them. -- Regards, Michael GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
Re: [Gimp-developer] What next after sourceforge.net?
Hi, I'm not a GIMP dev or involved in any way, but a quick comment from me. One obvious thing: The easier you make it to find the legitimate / real download the less likely people will look for it elsewhere. Now let's assume I'm a windows user, not super skilled, but I heared that GIMP is a good graphics tool and I want to get it. Right now if I go to the gimp webpage I see a big download button. That looks good. However then it gets murky. I get to a download page that will offer me a bunch of stuff I don't need and don't understand. I have to scroll down quite a bit to read this: Nightly builds for Windows are available at darkrefraction.com. This is unstable software, please use it at your own risk. Ok, I as a poor user read: This is something I don't understand (a nightly build) and it's dangerous, because they talk about risk. There is no offer of a windows download that doesn't sound scary. No wonder people will go elsewhere to get the GIMP. Make it easier and non-scary to find the right download and you'll take away downloads from the badware-bundlers. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 pgp60MlNLM5ej.pgp Description: OpenPGP digital signature ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
Re: [Gimp-developer] What next after sourceforge.net?
On 05/29/2015 07:51 PM, Hanno Böck wrote: Hi, I'm not a GIMP dev or involved in any way, but a quick comment from me. One obvious thing: The easier you make it to find the legitimate / real download the less likely people will look for it elsewhere. Now let's assume I'm a windows user, not super skilled, but I heared that GIMP is a good graphics tool and I want to get it. Right now if I go to the gimp webpage I see a big download button. That looks good. However then it gets murky. I get to a download page that will offer me a bunch of stuff I don't need and don't understand. See https://mail.gnome.org/archives/gimp-developer-list/2015-May/msg00034.html (the mail thread gets constructive beyond the first post). In this thread, there is work on proposal for the downloads pages that makes both the torrent link and the direct link (to e.g. the Windows .exe file) more obvious. The reason for emphasizing the torrent file over the direct link was to spread knowledge of BitTorrent and put less load on our server, but having both as equals should work just as fine. There has been another proposal on our #gimp IRC channel to make the platform selection available again, I'm currently checking the status of that. -- Regards, Michael GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
Re: [Gimp-developer] What next after sourceforge.net?
On Fri, May 29, 2015 at 2:35 PM, Michael Schumacher schum...@gmx.de wrote: See https://mail.gnome.org/archives/gimp-developer-list/2015-May/msg00034.html (the mail thread gets constructive beyond the first post). In this thread, there is work on proposal for the downloads pages that makes both the torrent link and the direct link (to e.g. the Windows .exe file) more obvious. The reason for emphasizing the torrent file over the direct link was to spread knowledge of BitTorrent and put less load on our server, but having both as equals should work just as fine. There has been another proposal on our #gimp IRC channel to make the platform selection available again, I'm currently checking the status of that. Yeah... most non-technical people haven't heart of torrents (except for maybe the ones downloading illegal software, movies, and music). The largest link for Windows on that page is a misleading .torrent link (as a normal person would expect to download the software to install it rather than download a file that requires them to install other software to install it). In fact, the direct download link for Windows is a tiny this link at the end of the description paragraph underneath the GIANT torrent link. There are plenty of trusted binary hosting services for open source projects. One not need look far for alternate hosting if the worry is GIMP infrastructure overload. Personally I feel the Download button on the front page should actually download the software (detecting your browser language and platform). Then perhaps make the link on the right called Downloads or More Downloads where users can find the comprehensive list of items to download to their heart's content. Regardless of the way in which the downloads are presented. I do think the downloads page is pretty busy. My friends need someone like me to help them sort it out when they're getting their copy of GIMP. I feel that flow is in need of improvement. SAM -- I prefer to encrypt my email GPG FINGERPRINT 4096 KEY 8D8B F0E2 42D8 A068 572E BF3C E8F7 3234 7257 E65F https://keybase.io/samrocketman Learn how to encrypt your email with the Email Self Defense guide: https://emailselfdefense.fsf.org/en/ ___ gimp-developer-list mailing list List address:gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
[Gimp-developer] What next after sourceforge.net?
Sourceforge deceived us but this problem seems to be more
widespread. What are some steps we can take to avoid problems for users
and inform them?
(For purposes of defining malware below: A user wishes to install
GIMP. The user does not expect the installer to side-load other software
that is often undesirable, whether it does so without asking or not.)
From The Free On-line Dictionary of Computing (20 July 2014) [foldoc]:
malware
security Any {software} designed to do something that the
user would not wish it to do, hasn't asked it to do, and often
has no knowledge of until it's too late.
First, note that Sourceforge doesn't appear as that old project
host. Even if we don't have a project there, they mirror projects with
the side-loading malware installer so that they can profit from the work
of others. They are able to do this because Sourceforge was once trusted
by users as a reputed provider of free software. The installer that
eventually gets used is ender's, so they are not even building GIMP for
Windows. They have made no contributions to GIMP for Windows. We have
not asked them to continue to update a mirror for GIMP.
Sourceforge is not alone in making such side-loading malware installers.
A Google web search for gimp or gimp download returns numerous
crapware results and just 1 legitimate result. They all claim to make
GIMP available for download. Note that you will not find
free-as-in-beer commercial software like Google Earth for download
through their malware installers on these websites (they link to the
respective software's website for these), just free software projects
which are not capable of defending themselves are chosen to exploit.
The GNU GPL gives a lot of freedom to use, modify and redistribute
software. Many developers/contributors of free software actually want
this. They put their hearts and minds into improving software so that
the general public can benefit from the software and don't face any
restrictions. There is little that contributors expect.
There are some who are taking advantage of that freedom by
misrepresenting the creators of that software and fool the public in
order to profit. Profiting from free software is a good thing, but there
are right and wrong ways to do it.
When it comes to software projects, copyright and name (the mark) are
two rights that creators of the effects have. The GNU GPL gives a lot of
rights away so that the software is free. But it doesn't exactly allow
misrepresentation and masquerade.
Many distros ship GIMP, even slightly patched versions for bugfixes or
better integration into their environments. This improves the experience
for users. Formally registering a GIMP trademark may not be seen in a
good light by distributions, even if we readily wish to see them use the
name. See Firefox vs. Iceweasel for example.
Even though GIMP is an established project, we generally don't want to
spend time as contributors to fight a legal battle. There are even
questions of whether we *should*, i.e., whether an established free
software project has to register trademarks and involve lawyers to
protect it from being misused this way.
Looking forward, we would like to protect our users in some way. This
would actually make a difference to users, rather than fighting some
battles.
1. Discourage wrapping of real installer inside a side-loading installer
Red Hat distributes ISO images of its Enterprise Linux project to its
customers. The ISO images contain RPM packages, which further contain
compiled binaries of various projects licensed, among others, under the
GNU GPL license. Though Red Hat distributes the sources for all
software, the ISO images are not put up for redistribution.
The GIMP installer EXE file is a binary archive, that contains, within
it, the compiled object files from GIMP's source code, and various
resources and other files. The installer EXE, though it is a program, is
not technically a derived work as per the GNU GPL as it is not ever
linked to GIMP. The installer EXE is also signed by ender (Jernej
Simončič).
It is non-trivial to make this GIMP installer EXE for those who have not
spent a significant amount of time learning how to do this. The way that
most side-loading malware installers like Sourceforge.net's operate, is
that after installing crapware, when the time comes to actually install
GIMP, they take ender's installer as-is and run it.
Without losing sight of the principles of free software, we might add a
notice alongside this binary installer about what kinds of activity are
not allowed with this specific installer EXE so that our users don't end
up being fooled.
2. Cleanup search results
-
If a user searches for gimp, they ought not to see downloads for GIMP
that fool the user into installing other things on the machine. There is
only one legitimate result for the actual stable release of
