Ean Schuessler <[email protected]> writes: > Hi, > > > My girlfriend downloaded the GIMP windows build referenced off the > GIMP.org website and it seems to have a Malware/Adware package called > "Sweetpacks" bundled with it. I realize that the Windows version of > GIMP is linked with a "hey, this isn't us" kind of disclaimer but the > fact that GIMP.org links to it gives the sense that its contents are > trustworthy or, at least, not hostile. If there is really no > validation of that distribution and it contains these kinds of > softwares then it may not be such a good idea to have GIMP.org linking > to it.
I guess you're referring to this paragraph from gimp.org/downloads:
GIMP for Windows
The GIMP team doesn't officially provide any Windows installers. You can,
however, install GIMP easily using the Windows installers by Jernej Simončič.
Download GIMP 2.8.6 – Installer for Windows XP SP3 or later
which _should_ link to http://gimp-win.sourceforge.net/ ? That page says
gimp-2.8.6-setup.exe should have an md5sum of
c0e253c5c4124c8b881ca44828839f5e (and I get that too when I download the
exe). I don't have a windows to test with, maybe someone else can
confirm that md5sum on this list, or maybe you could check if your
download has a different md5sum?
(Could it be that someone has registered some similar-looking typo to
gimp.org and is serving malware? Or that some already-installed malware
is redirecting downloads?)
--
Kevin Brubeck Unhammer
GPG: 0x766AC60C
pgp7_BC1a_eDT.pgp
Description: PGP signature
_______________________________________________ gimp-user-list mailing list List address: [email protected] List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
