Re: [Gimp-developer] New GIMP configure warning/error


On Sat, May 13, 2017 at 3:40 PM, Partha Bagchi <partha1b gmail com> wrote:

On Sat, May 13, 2017 at 8:52 AM, Jehan Pagès <jehan marmottard gmail com>


On Sat, May 13, 2017 at 6:25 AM, Partha Bagchi <partha1b gmail com> wrote:

No, there are at least 2 features affected: open remote files indeed
and the help browser (help will fail showing with an error since our
websites are now https only). This last one was getting quite a lot of
report on the tracker and was very bad experience.
Anyway nowadays https is the standard for web access. Not supporting
this is not acceptable IMO.



You realize that for platforms other than Linux, that if you wish to
glib-networking, you have to install

Yes I realize that dependencies have often dependencies themselves.
Unless there is something which proves to be impossible to compile on
other platforms, I don't see the problem.

gnutls which requires that you install
nettle which in turn requires that you install gmp?

gnutls is a SSL/TLS lib (the feature we need). And from my searches,
nettle is apparently a cryptographic library and gmp would be an
arithmetic library. This does make total sense for a SSL/TLS lib
(which is a cryptographic protocol, and cryptography usually needs a
lot of arithmetic).
I don't see your point. That doesn't seem at all far fetched
dependencies for the feature we need, quite the opposite.

All this because you
want remote help files and remote images be accessed from GIMP? Does
seem reasonable to you?

It does seem absolutely reasonable, yes. I would even say that in
2017, not having support for TLS/SSL when we have web access
requirement would be the thing which is absolutely non-reasonable.

For an image editor, I think this is unreasonable. I don't understand why we
are considering GIMP to be a network aware product due to 2 possible usage
when the rest of GIMP does not depend on it.

GIMP *IS* a network-aware software (not a "product", we are not a
company). Especially with the port to GIO. Right, not everything is
about network, and we don't want this. That's only a few features, and
this won't increase much since we are not into jailing people into
services and fees for web access (once again, we are not a company).
But even if just for a few features, that's still important features.
There is not much arguing that internet access and better interaction
with web/internet resources is considered as granted by most people
nowadays. Let's not be backward please, GIMP should live with its

Is it not possible to ship the
help files as PDFs while disabling URI if TLS/SSL is not installed with the

How do you determine which language to ship? All of them? Also it
needs some code on our website then to make this conditional decision.
And not only our own website but all websites of third party (like
yours). Are you going to write it for yours at least?
So yes, nearly everything is possible. That's more or less work
depending on what you want. And we welcome contributions if you have
good ideas.

Also as said already, that would only make for one of the feature (the
help system). We still need to allow people to access remote files in
a secure way.

I am rerunning a crossbuild again to check that everything is all
right, just to make sure. What I can say is that there exists
pre-built packages for glib-networking (and all the dependencies) so I
could install it and all its dependencies in about 10 seconds inside
my crossbuild environment (using my tool called crossroad, with a
single command: crossroad install glib-networking). So first it means
that glib-networking is buildable for Windows and in you have the
right tools, that's really not much of a hassle. Now on Windows, I
have no idea how hard things are. But I assume you have various helper
tools too.

You mean it's easy on Windows and then on Windows you have no idea how hard
things are? Did you mean Windows it's easy and Mac you don't know? I am not
sure I understand.

I don't build *on* Windows, no. But I build *for* Windows all the
time, as I just explained. Until we got a developer dedicated to
Windows (there is one lately, hopefully he'll stay long!), I was one
of the only ones who would sometimes fix bugs and test on Windows,
taking some of my time to install VMs, cross-building, etc. Please,
there is no need to be unpleasant and smirking at other's work. I am
not unpleasant towards you, I expect the same.

In any case, as Kris mentioned below, you are talking
about bloating the application on both Windows and Mac.

Come on, it's a very small dependency which itself brought 3 more
small dependencies!
I will check right now the size of all deps:

- libgiognutls.dll 117K
- libnettle-6-2.dll 205K
- libgmp-10.dll 437K

I'm not sure about gnutls, I don't find the right lib. But I doubt it
would be huge.
Is that bloating GIMP?

Also that's not how I understood Kris. He was proposing to have
something more adapted to every platform, as well as noting the
problem of shipping dependencies which require to care more about
security. These comments made total sense and were very constructive.
In any case, we are completely open to suggestions and improvements.
If Windows has a SSL/TLS lib by default, you could write a GIO backend
for it, and we could just drop the glib-networking dep in favor of
this specific one. Patches welcome towards one of these goals (or
another alternative if you find one suitable/better; dropping SSL/TLS
support not being suitable).

I really don't see the big deal here. And I don't see on which ground
it may seem acceptable to not have secure protocols support when the
whole internet is fighting these last few years for getting rid of
non-secure protocols (for very obvious and understandable reasons).
This is like trying to go against the flow.

The "internet is fighting is an interesting point of view for an image
editor. :)

As I said, internet is a big part of computer usage these days. We
have to take this into account. Not seeing this (or faking to not see
this) is not our problem. GIMP is not an internet-dedicated software,
nor will it become. That's true. Yet It does not prevent it to have a
few features on this area. And when it does, they should be done right
(i.e. with security in mind).

I will stop answering to any more irrelevant email on this topic.
I will continue to answer to constructive emails which propose
solutions to the problem raised (as were both Pat and Kris emails,
both with interesting alternatives), though.




ZeMarmot open animation film

ZeMarmot open animation film

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]