Good morning and thanks for all the input.

Your information has been a great help and it is my understanding that GIMP 
does not utilize 
System ports to operate.
Meaning that Port 41 (Graphics) for example is not used by GIMP. All services 
are provided by OS.
GIMP works at Layer 7 at the "front end" of OS.

The certification is Enterprise (Global) mandate for any new software requests.
to ensure it is safe for use through the Enterprise after going through several 
Vulnerability tests.  
The most difficult part is obtaining the information not necessarily the 
certification itself.

Thanks again



-----Original Message-----
From: gimp-user-boun...@lists.xcf.berkeley.edu 
[mailto:gimp-user-boun...@lists.xcf.berkeley.edu] On Behalf Of Stefano Rovetta
Sent: Tuesday, July 05, 2011 5:20 PM
To: gimp-user@lists.XCF.Berkeley.EDU
Subject: [Gimp-user] R: Gimp (certification)

I think the poster was not asking about facts (is GIMP safe?), but about 
certifications (is GIMP certified as safe?).

I don't think it is possible to reassure him about this. In fact, the GPL has a 
"NO WARRANTY" clause.

If he/his customer wants something certified, I think he has to pay for the 
certification - which does not imply that the software is actually safe (there 
is no a priori way to tell this), but only that it has passed some tests.

By the way...

> >     It is an application that receives
> services from the OS ? 

I don't know of any program that does not receive services from the OS.
At the bare minimum, memory management (virtual memory) and process management 
(process startup and scheduling, execution) are up to the OS in all cases. I 
don't know how this question should be interpreted.

--Stefano


> On Tuesday, July 05, 2011 09:39:39 am Baughman, Richard P USA CIV (US) 
> wrote:
> > Good morning,
> > 
> > Have a customer requesting GIMP 2.6.x for project
> starting within 2 weeks.
> > 
> > IT department requires the software to be tested and
> approved prior to any
> > new software being installed within our Enterprise.
> > 
> > Basically I understand GIMP to operate at the
> desktop...
> >     It is an application that receives
> services from the OS
> > 
> > ? what system ports (if any) are utilized by GIMP ? does the program 
> > traverse internet (80, 8080, 443
> etc )
> > ? are there any known vulnerabilities
> > 
> > Appreciate your time and assistance.
> > 
> > Thanks
> > Rick
> > 
> > 
> > _______________________________________________
> > Gimp-user mailing list
> > Gimp-user@lists.XCF.Berkeley.EDU
> > https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
> 
> Gimp is an Open Source program that runs on MSWin, OS X and
> 
> Linux. It is similar in purpose to Photoshop but does not produce CMYK 
> output, just RGB.
> 
> To install Gimp you download it over the Internet. Please visit 
> http://www.gimp.org for details.
> 
> 
> The user can click on the help facility and view the Gimp Manual in an 
> html viewer. Other than that there is no operational connection to the 
> internet. No ports are opened. It is a stand-alone local program.
> 
> 
> 
>  Gimp has been in use for many years on many systems in many shops. It 
> is not scary.
> 
> I know of no vulnarabilities. But I operate on Linux where
> 
> vulnerabilities are seldom an issue. 


_______________________________________________
Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
_______________________________________________
Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user

Reply via email to