Re: [Gimp-user] GIMP used in prisons / secure institutions
Ok, so the issue is that open source software might contain some sort of back door. I guess you could tell your bosses the following: * Every bank on earth uses open source software, whether it's openssh, bind, sendmail, Linux, ant, junit, apache, etc. * Every fortune 500 company in the world (many of which have *very* stringent security requirements) also use the above-mentioned open source software. * Every large government institution on earth uses this open source software too. So yes, while it is possible that some back-door has been written into an open-source program, it's highly unlikely, especially for large, well-respected projects like Gimp. HTH! Tom Purl > That is exactly the type of resistance that I am expecting. Certain > bodies will trust Micorsoft / Adobe etc because they never cause > problems (ahem!) I think the fear is that the because the source code > is open it could be tinkered with to allow a backdoor to do... > something. > > Would have thought that I'm not the first person to have met this kind > of objection and was just wondering if / how others had dealt with it. > Would be a shame to capitulate and have to use Adobe stuff. > > The work that I am planning to do involves running creative > educational projects using the GIMP. > > Cheers, > > Simon > > > > Simon Davis - IT in the Community > 01904 634748 - http://www.futureprospects.org.uk/ > 24 Swingate > York > YO1 8AZ > > > - Message from [EMAIL PROTECTED] - > Date: Thu, 26 Oct 2006 16:06:45 -0700 > From: jim feldman <[EMAIL PROTECTED]> > Reply-To: jim feldman <[EMAIL PROTECTED]> > Subject: Re: [Gimp-user] GIMP used in prisons / secure institutions >To: Simon Davis <[EMAIL PROTECTED]> >Cc: gimp-user@lists.XCF.Berkeley.EDU > > >> Draw a picture of a "shiv"? >> >> sorry. >> >> I can't imagine GIMP being a problem. That being said, it's linked to >> libraries that have occasionally had security issues. Both closed and >> open source rendering libraries have at various times suffered from >> buffer overflows. >> >> I tend to see resistance to FOSS solutions with these inane arguments >> that force you to prove a negative. "GIMP (or whatever) could start a >> nuclear war, can you prove it won't?". I say, then lets make that a >> testing prerequisite for any app, including the one you want to use. >> >> jim >> >> >> >> Simon Davis wrote: >>> HI, >>> >>> Does anyone have any experience / anecdotal evidence of using the >>> GIMP in prisons or situations where security was of paramount >>> importance. Coming accross resistance and would like to be able to >>> point to precedent. >>> >>> Thanks a lot, >>> >>> Si >>> >>> > > > - End message from [EMAIL PROTECTED] - > > > > > This email is confidential and solely intended for the recipient(s) to > whom > it is addressed. If you have received this mail in error, please reply to > the sender of this email advising this error. The contents of any email > from any employee of Future Prospects does not necessarily reflect the > opinion of the company. > > > > ___ > Gimp-user mailing list > Gimp-user@lists.XCF.Berkeley.EDU > https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user > ___ Gimp-user mailing list Gimp-user@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
Re: [Gimp-user] GIMP used in prisons / secure institutions
That is exactly the type of resistance that I am expecting. Certain bodies will trust Micorsoft / Adobe etc because they never cause problems (ahem!) I think the fear is that the because the source code is open it could be tinkered with to allow a backdoor to do... something. Would have thought that I'm not the first person to have met this kind of objection and was just wondering if / how others had dealt with it. Would be a shame to capitulate and have to use Adobe stuff. The work that I am planning to do involves running creative educational projects using the GIMP. Cheers, Simon Simon Davis - IT in the Community 01904 634748 - http://www.futureprospects.org.uk/ 24 Swingate York YO1 8AZ - Message from [EMAIL PROTECTED] - Date: Thu, 26 Oct 2006 16:06:45 -0700 From: jim feldman <[EMAIL PROTECTED]> Reply-To: jim feldman <[EMAIL PROTECTED]> Subject: Re: [Gimp-user] GIMP used in prisons / secure institutions To: Simon Davis <[EMAIL PROTECTED]> Cc: gimp-user@lists.XCF.Berkeley.EDU Draw a picture of a "shiv"? sorry. I can't imagine GIMP being a problem. That being said, it's linked to libraries that have occasionally had security issues. Both closed and open source rendering libraries have at various times suffered from buffer overflows. I tend to see resistance to FOSS solutions with these inane arguments that force you to prove a negative. "GIMP (or whatever) could start a nuclear war, can you prove it won't?". I say, then lets make that a testing prerequisite for any app, including the one you want to use. jim Simon Davis wrote: HI, Does anyone have any experience / anecdotal evidence of using the GIMP in prisons or situations where security was of paramount importance. Coming accross resistance and would like to be able to point to precedent. Thanks a lot, Si - End message from [EMAIL PROTECTED] - This email is confidential and solely intended for the recipient(s) to whom it is addressed. If you have received this mail in error, please reply to the sender of this email advising this error. The contents of any email from any employee of Future Prospects does not necessarily reflect the opinion of the company. ___ Gimp-user mailing list Gimp-user@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
Re: [Gimp-user] GIMP used in prisons / secure institutions
On a more practical note, when I'm looking at a new app, the first thing I do is search over at securityfocus.com to see what it's exploit history has been. If I see a pattern, or something I can't remediate, I pass. jim ___ Gimp-user mailing list Gimp-user@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
Re: [Gimp-user] GIMP used in prisons / secure institutions
Simon Davis wrote: > Does anyone have any experience / anecdotal evidence of using the GIMP > in prisons or situations where security was of paramount importance. I can imagine that there's a high interest in controlling what exactly gets into a prison and what gets out. Dr. Mabuse (I forgot in which movie exactly) did get plans for robberies out of the asylum after all - in plain sight, disguised as childish drawings due to his mental state. As for the "in" part, a prison will probably face the same problems as anyone who's using a computer these days - lots of criminals trying to remotely install software on your system. Only in this case some of the users on the inside may actually want it to be installed. Similar for the "out" part. I don't know if the stereotypical case of Dr. Mabuse is thinking along the right path here, but I do guess that in this case the software in general shouldn't allow anyone to have more rights than he is allowed to. > Coming accross resistance and would like to be able to point to precedent. Out of interest, what kind of resistance? A general "oh what is this magic thing with knobs on it" (which I doubt (and hope) can't happen anywhere nowadays), or something more elaborated - like "does this comply to security regulations act ABC123?" IMO knowing more about this last part is paramount for heling with your problem. HTH, Michael -- GIMP > http://www.gimp.org | IRC: irc://irc.gimp.org/gimp Wiki > http://wiki.gimp.org | .de: http://gimpforum.de Plug-ins > http://registry.gimp.org | ___ Gimp-user mailing list Gimp-user@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
Re: [Gimp-user] GIMP used in prisons / secure institutions
Draw a picture of a "shiv"? sorry. I can't imagine GIMP being a problem. That being said, it's linked to libraries that have occasionally had security issues. Both closed and open source rendering libraries have at various times suffered from buffer overflows. I tend to see resistance to FOSS solutions with these inane arguments that force you to prove a negative. "GIMP (or whatever) could start a nuclear war, can you prove it won't?". I say, then lets make that a testing prerequisite for any app, including the one you want to use. jim Simon Davis wrote: HI, Does anyone have any experience / anecdotal evidence of using the GIMP in prisons or situations where security was of paramount importance. Coming accross resistance and would like to be able to point to precedent. Thanks a lot, Si ___ Gimp-user mailing list Gimp-user@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
Re: [Gimp-user] GIMP used in prisons / secure institutions
What are your requirements, other than "work in a prison"? To what type of security are you referring? > HI, > > Does anyone have any experience / anecdotal evidence of using the GIMP > in prisons or situations where security was of paramount importance. > Coming accross resistance and would like to be able to point to > precedent. > > Thanks a lot, > > Si > > > > This email is confidential and solely intended for the recipient(s) to > whom > it is addressed. If you have received this mail in error, please reply to > the sender of this email advising this error. The contents of any email > from any employee of Future Prospects does not necessarily reflect the > opinion of the company. > > > > ___ > Gimp-user mailing list > Gimp-user@lists.XCF.Berkeley.EDU > https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user > ___ Gimp-user mailing list Gimp-user@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
[Gimp-user] GIMP used in prisons / secure institutions
HI, Does anyone have any experience / anecdotal evidence of using the GIMP in prisons or situations where security was of paramount importance. Coming accross resistance and would like to be able to point to precedent. Thanks a lot, Si This email is confidential and solely intended for the recipient(s) to whom it is addressed. If you have received this mail in error, please reply to the sender of this email advising this error. The contents of any email from any employee of Future Prospects does not necessarily reflect the opinion of the company. ___ Gimp-user mailing list Gimp-user@lists.XCF.Berkeley.EDU https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
