As the current maintainer for GIMP on MacPorts, I wanted to report that
we had an incident this morning where the file checksums (md5, sha1,
rmd160) for the new 2.6.2 gimp distribution on one of the GIMP mirrors
failed to match those of the official GIMP site and the other mirrors for that
The offending site has been removed from our list of GIMP mirrors but I thought
that someone in the GIMP developer community might want to know about it
as it could represent a possible attack.
Hope this is the right forum for this.
Gimp-developer mailing list