Re: [Gimp-developer] Fwd: Gimp Registry Future

[Bertrand Denoix <bertrand denoix laposte net>]

On 04/12/2014 02:36 AM, Joao S. O. Bueno wrote:
> Just for the record, I second all of Jehan's concerns -
> Although I don't think the "GIMP authenticated server" should be the only
> possible way to install managed plug-ins:
>
> Users should be given an option to change the plug-in server to
> "unofficial" ones.
> They just should be very clearly warned on
> doing so that they will be then installing any random binary.
> (changing the server does not have to be an easy task).

I don't think supporting unofficial servers would be very useful as long 
as it is still possible to install plugins manually as it is done now, 
since people who would know how to switch servers would definitely know 
how do that too... Gimp's  plug-in distribution model should be closer 
to Mozilla's than to Apple or Android.

All in all the root problem is the initial "trustable" source. If you 
download Gimp from the official site it's OK (assuming you are using 
HTTPS to connect to it). But then most of the Linux users get their Gimp 
(as well as several plugins) from the distro repository, or a more 
recent version from an Ubuntu  PPA or its equivalent for other distros. 
Many Window users download Partha's packages (that come with built-in 
plug-ins) and there are also a couple of trusted sources for OSX 
(including Partha's). Forum users are often warned about dodgy sources, 
but unfortunately they come to the forum after the download (GimpShop is 
obviously making many misled converts since Adobe's policy changes).


Last, for the average user out there, binary, Scheme or Python have 
about the same degree of readability.