> Am 13.05.2017 um 15:50 schrieb Jehan Pagès <jehan.marmott...@gmail.com>: > > > We have a few issues with our webkit internal browser, one of them is > that we still use an old webkit version (because of GTK+2; newer > versions are for GTK+3), which is therefore deprecated. Security wise, > this is not fine. Though obviously since this browser is made only to > reach our manual, which are static pages, and cannot be used to reach > random pages, the risk is lessened. That's even more a reason to make > sure we have SSL/TLS activated, because if GIMP requests the help > browser to reach https://gimp.org, we want to drop the connection in > case of MITM, especially because of the broken webkit. > > This issue will disappear with GIMP 3, where we should be able to > update the dependency. This will still be some work to do so. Maybe at > this point, it could be wise to just drop the webkit dependency and > make the browser do all the work. On the other hand, a minimal help > browser is still nice. That's not an easy decision IMO. > > We could also drop the help browser even for GTK+2 builds, but then it > needs some minimal patch to not have GIMP consider this as a lesser > GIMP. If not mistaken, when the browser is not built-in, right now > GIMP would complain and display a popup asking you if you want to use > your web browser instead. We would need to get rid of this warning if > we start considering the system browser as the defaults display mode > of the manual. That's probably really easy, but I have more pressing > things I want to do for 2.10. Patches are welcome for discussion > though. I believe it still makes sense in a security point of view > considering the deprecated webkit we use, so I would be in favor of > the patch (even if just as a temporary fix until we get to GIMP 3 and > can migrate to newer webkit). >
I’ve just made those patches for OS X and included them into my version on gimp.lisanet.de. It just uses the system defined web browser for accessing online help and I’ve even written a plugin which replaces the help browser with the system-wide web browser and still offers context sensitive help. Just have a look at my patches at my SorceForge SVN repository https://sourceforge.net/p/gimponosx/code/HEAD/tree/GimpPorts/ports/graphics/gimp2/files/ They are just a few lines of Cocoa API calls... Simone
_______________________________________________ gimp-developer-list mailing list List address: gimp-developer-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
