Ean Schuessler <ean brainfood com> writes:
Hi, My girlfriend downloaded the GIMP windows build referenced off the GIMP.org website and it seems to have a Malware/Adware package called "Sweetpacks" bundled with it. I realize that the Windows version of GIMP is linked with a "hey, this isn't us" kind of disclaimer but the fact that GIMP.org links to it gives the sense that its contents are trustworthy or, at least, not hostile. If there is really no validation of that distribution and it contains these kinds of softwares then it may not be such a good idea to have GIMP.org linking to it.
I guess you're referring to this paragraph from gimp.org/downloads:
GIMP for Windows
The GIMP team doesn't officially provide any Windows installers. You can, however, install GIMP easily
using the Windows installers by Jernej Simončič.
Download GIMP 2.8.6 – Installer for Windows XP SP3 or later
which _should_ link to http://gimp-win.sourceforge.net/ ? That page says
gimp-2.8.6-setup.exe should have an md5sum of
c0e253c5c4124c8b881ca44828839f5e (and I get that too when I download the
exe). I don't have a windows to test with, maybe someone else can
confirm that md5sum on this list, or maybe you could check if your
download has a different md5sum?
(Could it be that someone has registered some similar-looking typo to
gimp.org and is serving malware? Or that some already-installed malware
is redirecting downloads?)
--
Kevin Brubeck Unhammer
GPG: 0x766AC60C
Attachment:
pgpEe9y34E0F5.pgp
Description: PGP signature