New GIMP configure warning/error

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

New GIMP configure warning/error

Partha Bagchi-2
I am getting the following warning:

> WARNING: Your GTK+ version is 2.24.31.
>          The recommended GTK+ version under Windows is 2.24.32 or over.
>          If you continue without updating GTK+, shortcuts won't work with
>          non-latin locales, and vector icons will be disabled.


According to http://ftp.gnome.org/pub/GNOME/sources/gtk+/2.24/, the latest
version is 2.24.31. So, does gtk+ need to be compiled from git to make this
warning go away?

Secondly, I am getting the following error:

> Error: GIMP configuration failed.
>   - Error: missing dependency glib-networking
>       *** Test for glib-networking failed. This is required.


I am perplexed to see that we need glib-networking suddenly since my git
pull from a couple of days ago? Is there a reason to requiring glib
networking support?

Thanks,
Partha
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Alexandre Prokoudine
On Thu, May 11, 2017 at 9:34 PM, Partha Bagchi wrote:

> I am perplexed to see that we need glib-networking suddenly since my git
> pull from a couple of days ago? Is there a reason to requiring glib
> networking support?

To quote from https://git.gnome.org/browse/gimp/commit/?id=bb196607693b2a8fa95f033966506cbf3c377d81

"Use a code test inspired by libsoup configure test. This is a hard
dependency because HTTPS should not be considered an option anymore.
Nowadays most websites will use HTTPS by default, HTTP gives SEO
penalties and browsers are starting to display various security
warnings on HTTP websites. Also the experience will be significantly
degraded without SSL/TLS support since the help browser will fail to
load the manual remotely, and opening various remote files on secure
protocols will fail. Note: the test cannot be performed while
cross-compiling. In this case, we will just display a warning for
packagers to be at least well aware of this dependency."

Alex
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Partha Bagchi-2
On Thu, May 11, 2017 at 2:49 PM, Alexandre Prokoudine <
[hidden email]> wrote:

> On Thu, May 11, 2017 at 9:34 PM, Partha Bagchi wrote:
>
> > I am perplexed to see that we need glib-networking suddenly since my git
> > pull from a couple of days ago? Is there a reason to requiring glib
> > networking support?
>
> To quote from https://git.gnome.org/browse/gimp/commit/?id=
> bb196607693b2a8fa95f033966506cbf3c377d81
>
> "Use a code test inspired by libsoup configure test. This is a hard
> dependency because HTTPS should not be considered an option anymore.
> Nowadays most websites will use HTTPS by default, HTTP gives SEO
> penalties and browsers are starting to display various security
> warnings on HTTP websites. Also the experience will be significantly
> degraded without SSL/TLS support since the help browser will fail to
> load the manual remotely, and opening various remote files on secure
> protocols will fail. Note: the test cannot be performed while
> cross-compiling. In this case, we will just display a warning for
> packagers to be at least well aware of this dependency."
>
> Alex
>
> Yes, I read the quote but am still perplexed. the only (?) place we need
http/https support is to load images from an URI? Is it not sufficient to
make that optional instead of introducing one more dependency?
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Jehan Pagès
In reply to this post by Partha Bagchi-2
Hi,

On Thu, May 11, 2017 at 8:34 PM, Partha Bagchi <[hidden email]> wrote:
> I am getting the following warning:
>
>> WARNING: Your GTK+ version is 2.24.31.
>>          The recommended GTK+ version under Windows is 2.24.32 or over.
>>          If you continue without updating GTK+, shortcuts won't work with
>>          non-latin locales, and vector icons will be disabled.

This is not new at all but has been so for a few months for the Windows build.
See commit b73458632.

> According to http://ftp.gnome.org/pub/GNOME/sources/gtk+/2.24/, the latest
> version is 2.24.31. So, does gtk+ need to be compiled from git to make this
> warning go away?

It won't even. The git version is 2.24.31 even in the gtk-2-24 branch.
It seems like there is no development version bump for the micro
version in GTK+. This said, using the git version would still get you
the fix that is warned about (even though the warning still displays,
but since there was no dev version bump, we can't do without).

The fix will be officially released in a stable GTK+ version with
2.24.32. We just took some advance (since it is master and only a
warning, that's acceptable).

> Secondly, I am getting the following error:
>
>> Error: GIMP configuration failed.
>>   - Error: missing dependency glib-networking
>>       *** Test for glib-networking failed. This is required.
>
>
> I am perplexed to see that we need glib-networking suddenly since my git
> pull from a couple of days ago? Is there a reason to requiring glib
> networking support?

Alexandre answered to this. The commit message is indeed verbose
enough to explain why we decided that it should be a mandatory
dependency. :)

Jehan

> Thanks,
> Partha
> _______________________________________________
> gimp-developer-list mailing list
> List address:    [hidden email]
> List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
> List archives:   https://mail.gnome.org/archives/gimp-developer-list



--
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Jehan Pagès
In reply to this post by Partha Bagchi-2
Hi,

On Thu, May 11, 2017 at 8:53 PM, Partha Bagchi <[hidden email]> wrote:

> On Thu, May 11, 2017 at 2:49 PM, Alexandre Prokoudine <
> [hidden email]> wrote:
>
>> On Thu, May 11, 2017 at 9:34 PM, Partha Bagchi wrote:
>>
>> > I am perplexed to see that we need glib-networking suddenly since my git
>> > pull from a couple of days ago? Is there a reason to requiring glib
>> > networking support?
>>
>> To quote from https://git.gnome.org/browse/gimp/commit/?id=
>> bb196607693b2a8fa95f033966506cbf3c377d81
>>
>> "Use a code test inspired by libsoup configure test. This is a hard
>> dependency because HTTPS should not be considered an option anymore.
>> Nowadays most websites will use HTTPS by default, HTTP gives SEO
>> penalties and browsers are starting to display various security
>> warnings on HTTP websites. Also the experience will be significantly
>> degraded without SSL/TLS support since the help browser will fail to
>> load the manual remotely, and opening various remote files on secure
>> protocols will fail. Note: the test cannot be performed while
>> cross-compiling. In this case, we will just display a warning for
>> packagers to be at least well aware of this dependency."
>>
>> Alex
>>
>> Yes, I read the quote but am still perplexed. the only (?) place we need
> http/https support is to load images from an URI? Is it not sufficient to
> make that optional instead of introducing one more dependency?

No, there are at least 2 features affected: open remote files indeed
and the help browser (help will fail showing with an error since our
websites are now https only). This last one was getting quite a lot of
report on the tracker and was very bad experience.
Anyway nowadays https is the standard for web access. Not supporting
this is not acceptable IMO.

Jehan

> _______________________________________________
> gimp-developer-list mailing list
> List address:    [hidden email]
> List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
> List archives:   https://mail.gnome.org/archives/gimp-developer-list



--
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Alexandre Prokoudine
In reply to this post by Partha Bagchi-2
On Thu, May 11, 2017 at 9:53 PM, Partha Bagchi wrote:

>> warnings on HTTP websites. Also the experience will be significantly
>> degraded without SSL/TLS support since the help browser will fail to
>> load the manual remotely, and opening various remote files on secure
>> protocols will fail. Note: the test cannot be performed while
>> cross-compiling. In this case, we will just display a warning for
>> packagers to be at least well aware of this dependency."
>>
>> Yes, I read the quote but am still perplexed. the only (?) place we need
> http/https support is to load images from an URI?

Jehan explicitly mentioned at least two reasons in the quote above. I
really have no foggiest idea why you only see one.

Alex
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Partha Bagchi-2
In reply to this post by Jehan Pagès
On Thu, May 11, 2017 at 3:03 PM, Jehan Pagès <[hidden email]>
wrote:

> Hi,
>
> On Thu, May 11, 2017 at 8:53 PM, Partha Bagchi <[hidden email]> wrote:
> > On Thu, May 11, 2017 at 2:49 PM, Alexandre Prokoudine <
> > [hidden email]> wrote:
> >
> >> On Thu, May 11, 2017 at 9:34 PM, Partha Bagchi wrote:
> >>
> >> > I am perplexed to see that we need glib-networking suddenly since my
> git
> >> > pull from a couple of days ago? Is there a reason to requiring glib
> >> > networking support?
> >>
> >> To quote from https://git.gnome.org/browse/gimp/commit/?id=
> >> bb196607693b2a8fa95f033966506cbf3c377d81
> >>
> >> "Use a code test inspired by libsoup configure test. This is a hard
> >> dependency because HTTPS should not be considered an option anymore.
> >> Nowadays most websites will use HTTPS by default, HTTP gives SEO
> >> penalties and browsers are starting to display various security
> >> warnings on HTTP websites. Also the experience will be significantly
> >> degraded without SSL/TLS support since the help browser will fail to
> >> load the manual remotely, and opening various remote files on secure
> >> protocols will fail. Note: the test cannot be performed while
> >> cross-compiling. In this case, we will just display a warning for
> >> packagers to be at least well aware of this dependency."
> >>
> >> Alex
> >>
> >> Yes, I read the quote but am still perplexed. the only (?) place we need
> > http/https support is to load images from an URI? Is it not sufficient to
> > make that optional instead of introducing one more dependency?
>
> No, there are at least 2 features affected: open remote files indeed
> and the help browser (help will fail showing with an error since our
> websites are now https only). This last one was getting quite a lot of
> report on the tracker and was very bad experience.
> Anyway nowadays https is the standard for web access. Not supporting
> this is not acceptable IMO.
>
> Jehan
>

Hi,

You realize that for platforms other than Linux, that if you wish to
install glib-networking, you have to install gnutls which requires that you
install nettle which in turn requires that you install gmp? All this
because you want remote help files and remote images be accessed from GIMP?
Does this seem reasonable to you?

Thanks,
Partha
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Jehan Pagès
Hi,

On Sat, May 13, 2017 at 6:25 AM, Partha Bagchi <[hidden email]> wrote:

>
>
> On Thu, May 11, 2017 at 3:03 PM, Jehan Pagès <[hidden email]>
> wrote:
>>
>> Hi,
>>
>> On Thu, May 11, 2017 at 8:53 PM, Partha Bagchi <[hidden email]> wrote:
>> > On Thu, May 11, 2017 at 2:49 PM, Alexandre Prokoudine <
>> > [hidden email]> wrote:
>> >
>> >> On Thu, May 11, 2017 at 9:34 PM, Partha Bagchi wrote:
>> >>
>> >> > I am perplexed to see that we need glib-networking suddenly since my
>> >> > git
>> >> > pull from a couple of days ago? Is there a reason to requiring glib
>> >> > networking support?
>> >>
>> >> To quote from https://git.gnome.org/browse/gimp/commit/?id=
>> >> bb196607693b2a8fa95f033966506cbf3c377d81
>> >>
>> >> "Use a code test inspired by libsoup configure test. This is a hard
>> >> dependency because HTTPS should not be considered an option anymore.
>> >> Nowadays most websites will use HTTPS by default, HTTP gives SEO
>> >> penalties and browsers are starting to display various security
>> >> warnings on HTTP websites. Also the experience will be significantly
>> >> degraded without SSL/TLS support since the help browser will fail to
>> >> load the manual remotely, and opening various remote files on secure
>> >> protocols will fail. Note: the test cannot be performed while
>> >> cross-compiling. In this case, we will just display a warning for
>> >> packagers to be at least well aware of this dependency."
>> >>
>> >> Alex
>> >>
>> >> Yes, I read the quote but am still perplexed. the only (?) place we
>> >> need
>> > http/https support is to load images from an URI? Is it not sufficient
>> > to
>> > make that optional instead of introducing one more dependency?
>>
>> No, there are at least 2 features affected: open remote files indeed
>> and the help browser (help will fail showing with an error since our
>> websites are now https only). This last one was getting quite a lot of
>> report on the tracker and was very bad experience.
>> Anyway nowadays https is the standard for web access. Not supporting
>> this is not acceptable IMO.
>>
>> Jehan
>
>
> Hi,
>
> You realize that for platforms other than Linux, that if you wish to install
> glib-networking, you have to install

Yes I realize that dependencies have often dependencies themselves.
Unless there is something which proves to be impossible to compile on
other platforms, I don't see the problem.

> gnutls which requires that you install
> nettle which in turn requires that you install gmp?

gnutls is a SSL/TLS lib (the feature we need). And from my searches,
nettle is apparently a cryptographic library and gmp would be an
arithmetic library. This does make total sense for a SSL/TLS lib
(which is a cryptographic protocol, and cryptography usually needs a
lot of arithmetic).
I don't see your point. That doesn't seem at all far fetched
dependencies for the feature we need, quite the opposite.

> All this because you
> want remote help files and remote images be accessed from GIMP? Does this
> seem reasonable to you?

It does seem absolutely reasonable, yes. I would even say that in
2017, not having support for TLS/SSL when we have web access
requirement would be the thing which is absolutely non-reasonable.

I am rerunning a crossbuild again to check that everything is all
right, just to make sure. What I can say is that there exists
pre-built packages for glib-networking (and all the dependencies) so I
could install it and all its dependencies in about 10 seconds inside
my crossbuild environment (using my tool called crossroad, with a
single command: crossroad install glib-networking). So first it means
that glib-networking is buildable for Windows and in you have the
right tools, that's really not much of a hassle. Now on Windows, I
have no idea how hard things are. But I assume you have various helper
tools too.

I really don't see the big deal here. And I don't see on which ground
it may seem acceptable to not have secure protocols support when the
whole internet is fighting these last few years for getting rid of
non-secure protocols (for very obvious and understandable reasons).
This is like trying to go against the flow.

Jehan

> Thanks,
> Partha



--
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Kristian Rietveld

> On 13 May 2017, at 14:52, Jehan Pagès <[hidden email]> wrote:
>>
>> You realize that for platforms other than Linux, that if you wish to install
>> glib-networking, you have to install
>
> Yes I realize that dependencies have often dependencies themselves.
> Unless there is something which proves to be impossible to compile on
> other platforms, I don't see the problem.

A possible problem is that all of these extra dependencies have to be shipped in macOS and Windows packages. If in any of these dependencies serious bugs (e.g. security) are found, we need to ship updated packages. A problem like this does not exist on Linux since you would typically simply update the distribution packages (although not sure how that will work for Flatpak).

A potential solution could be to write a Mac-specific GIO TLS backend that depends on macOS system libraries which can be shipped instead of the default TLS backend that depends on gnutls.


regards,

-kris.

_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Pat David
Is it not possible to invoke the default browser and hand off the https
responsibility to it?
On Sat, May 13, 2017 at 8:05 AM Kristian Rietveld <[hidden email]> wrote:

>
> > On 13 May 2017, at 14:52, Jehan Pagès <[hidden email]>
> wrote:
> >>
> >> You realize that for platforms other than Linux, that if you wish to
> install
> >> glib-networking, you have to install
> >
> > Yes I realize that dependencies have often dependencies themselves.
> > Unless there is something which proves to be impossible to compile on
> > other platforms, I don't see the problem.
>
> A possible problem is that all of these extra dependencies have to be
> shipped in macOS and Windows packages. If in any of these dependencies
> serious bugs (e.g. security) are found, we need to ship updated packages. A
> problem like this does not exist on Linux since you would typically simply
> update the distribution packages (although not sure how that will work for
> Flatpak).
>
> A potential solution could be to write a Mac-specific GIO TLS backend that
> depends on macOS system libraries which can be shipped instead of the
> default TLS backend that depends on gnutls.
>
>
> regards,
>
> -kris.
>
> _______________________________________________
> gimp-developer-list mailing list
> List address:    [hidden email]
> List membership:
> https://mail.gnome.org/mailman/listinfo/gimp-developer-list
> List archives:   https://mail.gnome.org/archives/gimp-developer-list
>
--
https://patdavid.net
GPG: 66D1 7CA6 8088 4874 946D  18BD 67C7 6219 89E9 57AC
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Jehan Pagès
In reply to this post by Kristian Rietveld
Hi!

On Sat, May 13, 2017 at 3:05 PM, Kristian Rietveld <[hidden email]> wrote:

>
>> On 13 May 2017, at 14:52, Jehan Pagès <[hidden email]> wrote:
>>>
>>> You realize that for platforms other than Linux, that if you wish to install
>>> glib-networking, you have to install
>>
>> Yes I realize that dependencies have often dependencies themselves.
>> Unless there is something which proves to be impossible to compile on
>> other platforms, I don't see the problem.
>
> A possible problem is that all of these extra dependencies have to be shipped in macOS and Windows packages. If in any of these dependencies serious bugs (e.g. security) are found, we need to ship updated packages. A problem like this does not exist on Linux since you would typically simply update the distribution packages (although not sure how that will work for Flatpak).
>
> A potential solution could be to write a Mac-specific GIO TLS backend that depends on macOS system libraries which can be shipped instead of the default TLS backend that depends on gnutls.

Of course, this would make total sense. If there is such a backend (or
if someone, like you on MacOS, write it! ;P), we could have different
dependencies for different platforms. No prob. :-)

Jehan

>
> regards,
>
> -kris.
>



--
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Partha Bagchi-2
In reply to this post by Jehan Pagès
On Sat, May 13, 2017 at 8:52 AM, Jehan Pagès <[hidden email]>
wrote:

> Hi,
>
> On Sat, May 13, 2017 at 6:25 AM, Partha Bagchi <[hidden email]> wrote:
> >
> >
>
> >> No, there are at least 2 features affected: open remote files indeed
> >> and the help browser (help will fail showing with an error since our
> >> websites are now https only). This last one was getting quite a lot of
> >> report on the tracker and was very bad experience.
> >> Anyway nowadays https is the standard for web access. Not supporting
> >> this is not acceptable IMO.
> >>
> >> Jehan
> >
> >
> > Hi,
> >
> > You realize that for platforms other than Linux, that if you wish to
> install
> > glib-networking, you have to install
>
> Yes I realize that dependencies have often dependencies themselves.
> Unless there is something which proves to be impossible to compile on
> other platforms, I don't see the problem.
>
> > gnutls which requires that you install
> > nettle which in turn requires that you install gmp?
>
> gnutls is a SSL/TLS lib (the feature we need). And from my searches,
> nettle is apparently a cryptographic library and gmp would be an
> arithmetic library. This does make total sense for a SSL/TLS lib
> (which is a cryptographic protocol, and cryptography usually needs a
> lot of arithmetic).
> I don't see your point. That doesn't seem at all far fetched
> dependencies for the feature we need, quite the opposite.
>
> > All this because you
> > want remote help files and remote images be accessed from GIMP? Does this
> > seem reasonable to you?
>
> It does seem absolutely reasonable, yes. I would even say that in
> 2017, not having support for TLS/SSL when we have web access
> requirement would be the thing which is absolutely non-reasonable.
>
For an image editor, I think this is unreasonable. I don't understand why
we are considering GIMP to be a network aware product due to 2 possible
usage when the rest of GIMP does not depend on it. Is it not possible to
ship the help files as PDFs while disabling URI if TLS/SSL is not installed
with the package?

>
> I am rerunning a crossbuild again to check that everything is all
> right, just to make sure. What I can say is that there exists
> pre-built packages for glib-networking (and all the dependencies) so I
> could install it and all its dependencies in about 10 seconds inside
> my crossbuild environment (using my tool called crossroad, with a
> single command: crossroad install glib-networking). So first it means
> that glib-networking is buildable for Windows and in you have the
> right tools, that's really not much of a hassle. Now on Windows, I
> have no idea how hard things are. But I assume you have various helper
> tools too.
>
You mean it's easy on Windows and then on Windows you have no idea how hard
things are? Did you mean Windows it's easy and Mac you don't know? I am not
sure I understand. In any case, as Kris mentioned below, you are talking
about bloating the application on both Windows and Mac.

>
> I really don't see the big deal here. And I don't see on which ground
> it may seem acceptable to not have secure protocols support when the
> whole internet is fighting these last few years for getting rid of
> non-secure protocols (for very obvious and understandable reasons).
> This is like trying to go against the flow.
>
The "internet is fighting is an interesting point of view for an image
editor. :)

>
> Jehan
>
> > Thanks,
> > Partha
>
>
>
> --
> ZeMarmot open animation film
> http://film.zemarmot.net
> Patreon: https://patreon.com/zemarmot
> Tipeee: https://www.tipeee.com/zemarmot
>
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Jehan Pagès
In reply to this post by Pat David
Hi,

On Sat, May 13, 2017 at 3:15 PM, Pat David <[hidden email]> wrote:
> Is it not possible to invoke the default browser and hand off the https
> responsibility to it?

That's definitely a possibility, and even a good one IMO.

We have a few issues with our webkit internal browser, one of them is
that we still use an old webkit version (because of GTK+2; newer
versions are for GTK+3), which is therefore deprecated. Security wise,
this is not fine. Though obviously since this browser is made only to
reach our manual, which are static pages, and cannot be used to reach
random pages, the risk is lessened. That's even more a reason to make
sure we have SSL/TLS activated, because if GIMP requests the help
browser to reach https://gimp.org, we want to drop the connection in
case of MITM, especially because of the broken webkit.

This issue will disappear with GIMP 3, where we should be able to
update the dependency. This will still be some work to do so. Maybe at
this point, it could be wise to just drop the webkit dependency and
make the browser do all the work. On the other hand, a minimal help
browser is still nice. That's not an easy decision IMO.

We could also drop the help browser even for GTK+2 builds, but then it
needs some minimal patch to not have GIMP consider this as a lesser
GIMP. If not mistaken, when the browser is not built-in, right now
GIMP would complain and display a popup asking you if you want to use
your web browser instead. We would need to get rid of this warning if
we start considering the system browser as the defaults display mode
of the manual. That's probably really easy, but I have more pressing
things I want to do for 2.10. Patches are welcome for discussion
though. I believe it still makes sense in a security point of view
considering the deprecated webkit we use, so I would be in favor of
the patch (even if just as a temporary fix until we get to GIMP 3 and
can migrate to newer webkit).

Finally it does not totally deal with the glib-networking need. We
still need support for https for opening remote files. Nowadays not
having support for https while pretending having support for remote
file access is not ok. The web is slowly getting into a full https
state, and all the web browser companies are pushing toward this.
Fighting this is useless (and also wrong; full https is good IMO).
So even with this one use case, we would still need glib-networking.

Kris' idea though totally makes sense if developers of other platform
don't want of gnutls (which I can understand, especially if they
platform have — I don't know — a default local implementation for
TLS). Patches welcome. :-)

Jehan

> On Sat, May 13, 2017 at 8:05 AM Kristian Rietveld <[hidden email]> wrote:
>>
>>
>> > On 13 May 2017, at 14:52, Jehan Pagès <[hidden email]>
>> > wrote:
>> >>
>> >> You realize that for platforms other than Linux, that if you wish to
>> >> install
>> >> glib-networking, you have to install
>> >
>> > Yes I realize that dependencies have often dependencies themselves.
>> > Unless there is something which proves to be impossible to compile on
>> > other platforms, I don't see the problem.
>>
>> A possible problem is that all of these extra dependencies have to be
>> shipped in macOS and Windows packages. If in any of these dependencies
>> serious bugs (e.g. security) are found, we need to ship updated packages. A
>> problem like this does not exist on Linux since you would typically simply
>> update the distribution packages (although not sure how that will work for
>> Flatpak).
>>
>> A potential solution could be to write a Mac-specific GIO TLS backend that
>> depends on macOS system libraries which can be shipped instead of the
>> default TLS backend that depends on gnutls.
>>
>>
>> regards,
>>
>> -kris.
>>
>> _______________________________________________
>> gimp-developer-list mailing list
>> List address:    [hidden email]
>> List membership:
>> https://mail.gnome.org/mailman/listinfo/gimp-developer-list
>> List archives:   https://mail.gnome.org/archives/gimp-developer-list
>
> --
> https://patdavid.net
> GPG: 66D1 7CA6 8088 4874 946D  18BD 67C7 6219 89E9 57AC



--
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Alexandre Prokoudine
In reply to this post by Partha Bagchi-2
On Sat, May 13, 2017 at 4:40 PM, Partha Bagchi wrote:

> For an image editor, I think this is unreasonable. I don't understand why
> we are considering GIMP to be a network aware product due to 2 possible
> usage when the rest of GIMP does not depend on it. Is it not possible to
> ship the help files as PDFs while disabling URI if TLS/SSL is not installed
> with the package?

Our help system is context-sensitive. Please take that into consideration.

Alex
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Jehan Pagès
In reply to this post by Partha Bagchi-2
Hi,

On Sat, May 13, 2017 at 3:40 PM, Partha Bagchi <[hidden email]> wrote:

>
>
> On Sat, May 13, 2017 at 8:52 AM, Jehan Pagès <[hidden email]>
> wrote:
>>
>> Hi,
>>
>> On Sat, May 13, 2017 at 6:25 AM, Partha Bagchi <[hidden email]> wrote:
>> >
>> >
>>
>> >> No, there are at least 2 features affected: open remote files indeed
>> >> and the help browser (help will fail showing with an error since our
>> >> websites are now https only). This last one was getting quite a lot of
>> >> report on the tracker and was very bad experience.
>> >> Anyway nowadays https is the standard for web access. Not supporting
>> >> this is not acceptable IMO.
>> >>
>> >> Jehan
>> >
>> >
>> > Hi,
>> >
>> > You realize that for platforms other than Linux, that if you wish to
>> > install
>> > glib-networking, you have to install
>>
>> Yes I realize that dependencies have often dependencies themselves.
>> Unless there is something which proves to be impossible to compile on
>> other platforms, I don't see the problem.
>>
>> > gnutls which requires that you install
>> > nettle which in turn requires that you install gmp?
>>
>> gnutls is a SSL/TLS lib (the feature we need). And from my searches,
>> nettle is apparently a cryptographic library and gmp would be an
>> arithmetic library. This does make total sense for a SSL/TLS lib
>> (which is a cryptographic protocol, and cryptography usually needs a
>> lot of arithmetic).
>> I don't see your point. That doesn't seem at all far fetched
>> dependencies for the feature we need, quite the opposite.
>>
>> > All this because you
>> > want remote help files and remote images be accessed from GIMP? Does
>> > this
>> > seem reasonable to you?
>>
>> It does seem absolutely reasonable, yes. I would even say that in
>> 2017, not having support for TLS/SSL when we have web access
>> requirement would be the thing which is absolutely non-reasonable.
>
> For an image editor, I think this is unreasonable. I don't understand why we
> are considering GIMP to be a network aware product due to 2 possible usage
> when the rest of GIMP does not depend on it.

GIMP *IS* a network-aware software (not a "product", we are not a
company). Especially with the port to GIO. Right, not everything is
about network, and we don't want this. That's only a few features, and
this won't increase much since we are not into jailing people into
services and fees for web access (once again, we are not a company).
But even if just for a few features, that's still important features.
There is not much arguing that internet access and better interaction
with web/internet resources is considered as granted by most people
nowadays. Let's not be backward please, GIMP should live with its
time.

> Is it not possible to ship the
> help files as PDFs while disabling URI if TLS/SSL is not installed with the
> package?

How do you determine which language to ship? All of them? Also it
needs some code on our website then to make this conditional decision.
And not only our own website but all websites of third party (like
yours). Are you going to write it for yours at least?
So yes, nearly everything is possible. That's more or less work
depending on what you want. And we welcome contributions if you have
good ideas.

Also as said already, that would only make for one of the feature (the
help system). We still need to allow people to access remote files in
a secure way.

>> I am rerunning a crossbuild again to check that everything is all
>> right, just to make sure. What I can say is that there exists
>> pre-built packages for glib-networking (and all the dependencies) so I
>> could install it and all its dependencies in about 10 seconds inside
>> my crossbuild environment (using my tool called crossroad, with a
>> single command: crossroad install glib-networking). So first it means
>> that glib-networking is buildable for Windows and in you have the
>> right tools, that's really not much of a hassle. Now on Windows, I
>> have no idea how hard things are. But I assume you have various helper
>> tools too.
>
> You mean it's easy on Windows and then on Windows you have no idea how hard
> things are? Did you mean Windows it's easy and Mac you don't know? I am not
> sure I understand.

I don't build *on* Windows, no. But I build *for* Windows all the
time, as I just explained. Until we got a developer dedicated to
Windows (there is one lately, hopefully he'll stay long!), I was one
of the only ones who would sometimes fix bugs and test on Windows,
taking some of my time to install VMs, cross-building, etc. Please,
there is no need to be unpleasant and smirking at other's work. I am
not unpleasant towards you, I expect the same.

> In any case, as Kris mentioned below, you are talking
> about bloating the application on both Windows and Mac.

Come on, it's a very small dependency which itself brought 3 more
small dependencies!
I will check right now the size of all deps:

glib-networking:
- libgiognutls.dll 117K
- libnettle-6-2.dll 205K
- libgmp-10.dll 437K

I'm not sure about gnutls, I don't find the right lib. But I doubt it
would be huge.
Is that bloating GIMP?

Also that's not how I understood Kris. He was proposing to have
something more adapted to every platform, as well as noting the
problem of shipping dependencies which require to care more about
security. These comments made total sense and were very constructive.
In any case, we are completely open to suggestions and improvements.
If Windows has a SSL/TLS lib by default, you could write a GIO backend
for it, and we could just drop the glib-networking dep in favor of
this specific one. Patches welcome towards one of these goals (or
another alternative if you find one suitable/better; dropping SSL/TLS
support not being suitable).

>> I really don't see the big deal here. And I don't see on which ground
>> it may seem acceptable to not have secure protocols support when the
>> whole internet is fighting these last few years for getting rid of
>> non-secure protocols (for very obvious and understandable reasons).
>> This is like trying to go against the flow.
>
> The "internet is fighting is an interesting point of view for an image
> editor. :)

As I said, internet is a big part of computer usage these days. We
have to take this into account. Not seeing this (or faking to not see
this) is not our problem. GIMP is not an internet-dedicated software,
nor will it become. That's true. Yet It does not prevent it to have a
few features on this area. And when it does, they should be done right
(i.e. with security in mind).

I will stop answering to any more irrelevant email on this topic.
I will continue to answer to constructive emails which propose
solutions to the problem raised (as were both Pat and Kris emails,
both with interesting alternatives), though.

Jehan


>>
>> Jehan
>>
>> > Thanks,
>> > Partha
>>
>>
>>
>> --
>> ZeMarmot open animation film
>> http://film.zemarmot.net
>> Patreon: https://patreon.com/zemarmot
>> Tipeee: https://www.tipeee.com/zemarmot
>
>



--
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Simone Karin Lehmann
In reply to this post by Jehan Pagès

> Am 13.05.2017 um 15:50 schrieb Jehan Pagès <[hidden email]>:
>
>
> We have a few issues with our webkit internal browser, one of them is
> that we still use an old webkit version (because of GTK+2; newer
> versions are for GTK+3), which is therefore deprecated. Security wise,
> this is not fine. Though obviously since this browser is made only to
> reach our manual, which are static pages, and cannot be used to reach
> random pages, the risk is lessened. That's even more a reason to make
> sure we have SSL/TLS activated, because if GIMP requests the help
> browser to reach https://gimp.org, we want to drop the connection in
> case of MITM, especially because of the broken webkit.
>
> This issue will disappear with GIMP 3, where we should be able to
> update the dependency. This will still be some work to do so. Maybe at
> this point, it could be wise to just drop the webkit dependency and
> make the browser do all the work. On the other hand, a minimal help
> browser is still nice. That's not an easy decision IMO.
>
> We could also drop the help browser even for GTK+2 builds, but then it
> needs some minimal patch to not have GIMP consider this as a lesser
> GIMP. If not mistaken, when the browser is not built-in, right now
> GIMP would complain and display a popup asking you if you want to use
> your web browser instead. We would need to get rid of this warning if
> we start considering the system browser as the defaults display mode
> of the manual. That's probably really easy, but I have more pressing
> things I want to do for 2.10. Patches are welcome for discussion
> though. I believe it still makes sense in a security point of view
> considering the deprecated webkit we use, so I would be in favor of
> the patch (even if just as a temporary fix until we get to GIMP 3 and
> can migrate to newer webkit).
>
I’ve just made those patches for OS X and included them into my version on gimp.lisanet.de.
It just uses the system defined web browser for accessing online help and I’ve even written
a plugin which replaces the help browser with the system-wide web browser and still offers
context sensitive help.

Just have a look at my patches at my SorceForge SVN repository https://sourceforge.net/p/gimponosx/code/HEAD/tree/GimpPorts/ports/graphics/gimp2/files/
They are just a few lines of Cocoa API calls...

Simone



_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Michael Natterer
In reply to this post by Partha Bagchi-2
Hi,

Since I'm not sure to which mail to reply, I'll reply to the thread's
original mail...

I'll keep it short:

- additional dependency: Í could not care less about some more
  MB to build/install/distribute in order to get whatever
  feature.

- networking code: that's a tough one, we are running into
  security issues here, but since we are using a completely
  broken old webkit version, can we really make it worse... :)

One thing that IMO went wrong with this change is that it should
have gone into master in the first place, and not just picked
to gimp-2-8 right away. We should really only push stuff to 2-8
when we are 100% sure.

Regards,
Mitch

On Thu, 2017-05-11 at 14:34 -0400, Partha Bagchi wrote:

> I am getting the following warning:
>
> > WARNING: Your GTK+ version is 2.24.31.
> >          The recommended GTK+ version under Windows is 2.24.32 or
> > over.
> >          If you continue without updating GTK+, shortcuts won't
> > work with
> >          non-latin locales, and vector icons will be disabled.
>
>
> According to http://ftp.gnome.org/pub/GNOME/sources/gtk+/2.24/, the
> latest
> version is 2.24.31. So, does gtk+ need to be compiled from git to
> make this
> warning go away?
>
> Secondly, I am getting the following error:
>
> > Error: GIMP configuration failed.
> >   - Error: missing dependency glib-networking
> >       *** Test for glib-networking failed. This is required.
>
>
> I am perplexed to see that we need glib-networking suddenly since my
> git
> pull from a couple of days ago? Is there a reason to requiring glib
> networking support?
>
> Thanks,
> Partha
> _______________________________________________
> gimp-developer-list mailing list
> List address:    [hidden email]
> List membership: https://mail.gnome.org/mailman/listinfo/gimp-develop
> er-list
> List archives:   https://mail.gnome.org/archives/gimp-developer-list
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Kristian Rietveld
In reply to this post by Jehan Pagès

> On 13 May 2017, at 15:21, Jehan Pagès <[hidden email]> wrote:
>> A potential solution could be to write a Mac-specific GIO TLS backend that depends on macOS system libraries which can be shipped instead of the default TLS backend that depends on gnutls.
>
> Of course, this would make total sense. If there is such a backend (or
> if someone, like you on MacOS, write it! ;P), we could have different
> dependencies for different platforms. No prob. :-)

FWIW, a Windows-native GIO TLS backend has recently appeared:

    https://github.com/centricular/glib-schannel

This could potentially be shipped for Windows instead of glib-networking + gnutls dependencies.


regards,

-kris.

_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New GIMP configure warning/error

Jehan Pagès
Hi,

On Wed, Jul 5, 2017 at 9:27 PM, Kristian Rietveld <[hidden email]> wrote:

>
>> On 13 May 2017, at 15:21, Jehan Pagès <[hidden email]> wrote:
>>> A potential solution could be to write a Mac-specific GIO TLS backend that depends on macOS system libraries which can be shipped instead of the default TLS backend that depends on gnutls.
>>
>> Of course, this would make total sense. If there is such a backend (or
>> if someone, like you on MacOS, write it! ;P), we could have different
>> dependencies for different platforms. No prob. :-)
>
> FWIW, a Windows-native GIO TLS backend has recently appeared:
>
>     https://github.com/centricular/glib-schannel
>
> This could potentially be shipped for Windows instead of glib-networking + gnutls dependencies.

Nice.
If a Windows dev could test, and if it works well, please we would
welcome the patch to have it tested in the configure script as an
alternative. Someone was noting that the GNU implementation was also
fixing proxy connection issues, no? I wonder if this new backend also
takes care of this aspect (if not, that's not as necessary as TLS
support, but that's worth noting).
Thanks for the news.

Jehan

> regards,
>
> -kris.
>



--
ZeMarmot open animation film
http://film.zemarmot.net
Patreon: https://patreon.com/zemarmot
Tipeee: https://www.tipeee.com/zemarmot
_______________________________________________
gimp-developer-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list
List archives:   https://mail.gnome.org/archives/gimp-developer-list
Loading...