Ean Schuessler <e...@brainfood.com> writes:

> Hi, 
> My girlfriend downloaded the GIMP windows build referenced off the
> GIMP.org website and it seems to have a Malware/Adware package called
> "Sweetpacks" bundled with it. I realize that the Windows version of
> GIMP is linked with a "hey, this isn't us" kind of disclaimer but the
> fact that GIMP.org links to it gives the sense that its contents are
> trustworthy or, at least, not hostile. If there is really no
> validation of that distribution and it contains these kinds of
> softwares then it may not be such a good idea to have GIMP.org linking
> to it.

I guess you're referring to this paragraph from gimp.org/downloads:

    GIMP for Windows

    The GIMP team doesn't officially provide any Windows installers. You can, 
however, install GIMP easily using the Windows installers by Jernej Simončič.

        Download GIMP 2.8.6 – Installer for Windows XP SP3 or later

which _should_ link to http://gimp-win.sourceforge.net/ ? That page says
gimp-2.8.6-setup.exe should have an md5sum of
c0e253c5c4124c8b881ca44828839f5e (and I get that too when I download the
exe). I don't have a windows to test with, maybe someone else can
confirm that md5sum on this list, or maybe you could check if your
download has a different md5sum?

(Could it be that someone has registered some similar-looking typo to
gimp.org and is serving malware? Or that some already-installed malware
is redirecting downloads?)

Kevin Brubeck Unhammer

GPG: 0x766AC60C

Attachment: pgp7_BC1a_eDT.pgp
Description: PGP signature

gimp-user-list mailing list
List address:    gimp-user-list@gnome.org
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list

Reply via email to