I started off with a misunderstanding of what a content distribution
system means to GIMP, after speaking to Peter Sikking (guiguru) I
understand it to be:
-a process of packaging, hosting (not us, website/browser based) and
then installing, where we aim to make the install, uninstall much
easier than it is now.
"One click install"
a user clicks on a link within a browser to
"http://www.x.y/package.gimppackage" for example, it gets downloaded
and the normal workflow happens as per browser/platform. For example
in firefox it says would you like to have program x automatically
handle this file or would you like to just download it. where x is
GIMP. I assume other browsers do similar things, yet for some time I
have used Firefox almost exclusively.
I don't think I see the security argument anymore, we are not
fundamentally changing the way scripts/plugins/other are installed
just automating the process. Any security here was and still would be
based on trust, short of having someone with the time/skill to analyse
The way I see it now is a zip/tar.gz containing package.xml and other
files, where package.xml describes the contents of a package. using a
custom extension to identify it is a gimp package.
-where package.xml describes the name of each package, and files
contained version and version of gimp required to use scripts/plugins
etc but only what is required for install unistall.
p.s. currently for me it is exam season, hopefully followed by
summer-job season :), so as usual the winds determine the amount of
time I have to spend.
Gimp-developer mailing list