What are your requirements, other than "work in a prison"? To what type of security are you referring?

HI,

Does anyone have any experience / anecdotal evidence of using the GIMP in prisons or situations where security was of paramount importance. Coming accross resistance and would like to be able to point to precedent.

Thanks a lot,

Si

---------------------------------------------------------------- This email is confidential and solely intended for the recipient(s) to whom
it is addressed. If you have received this mail in error, please reply to the sender of this email advising this error. The contents of any email from any employee of Future Prospects does not necessarily reflect the opinion of the company.

Draw a picture of a "shiv"?

sorry.

I can't imagine GIMP being a problem. That being said, it's linked to libraries that have occasionally had security issues. Both closed and open source rendering libraries have at various times suffered from buffer overflows.

I tend to see resistance to FOSS solutions with these inane arguments that force you to prove a negative. "GIMP (or whatever) could start a nuclear war, can you prove it won't?". I say, then lets make that a testing prerequisite for any app, including the one you want to use.

jim

Simon Davis wrote:

HI,

Does anyone have any experience / anecdotal evidence of using the GIMP in prisons or situations where security was of paramount importance. Coming accross resistance and would like to be able to point to precedent.

Thanks a lot,

Si

Simon Davis wrote:

Does anyone have any experience / anecdotal evidence of using the GIMP in prisons or situations where security was of paramount importance.

I can imagine that there's a high interest in controlling what exactly gets into a prison and what gets out. Dr. Mabuse (I forgot in which movie exactly) did get plans for robberies out of the asylum after all - in plain sight, disguised as childish drawings due to his mental state.

As for the "in" part, a prison will probably face the same problems as anyone who's using a computer these days - lots of criminals trying to remotely install software on your system. Only in this case some of the users on the inside may actually want it to be installed.

Similar for the "out" part. I don't know if the stereotypical case of Dr. Mabuse is thinking along the right path here, but I do guess that in this case the software in general shouldn't allow anyone to have more rights than he is allowed to.

Coming accross resistance and would like to be able to point to precedent.

Out of interest, what kind of resistance? A general "oh what is this magic thing with knobs on it" (which I doubt (and hope) can't happen anywhere nowadays), or something more elaborated - like "does this comply to security regulations act ABC123?"

IMO knowing more about this last part is paramount for heling with your problem.

HTH,
Michael

On a more practical note, when I'm looking at a new app, the first thing I do is search over at securityfocus.com to see what it's exploit history has been. If I see a pattern, or something I can't remediate, I pass.

jim

Ok, so the issue is that open source software might contain some sort of back door. I guess you could tell your bosses the following:

* Every bank on earth uses open source software, whether it's openssh, bind, sendmail, Linux, ant, junit, apache, etc. * Every fortune 500 company in the world (many of which have *very* stringent security requirements) also use the above-mentioned open source software.
* Every large government institution on earth uses this open source software too.

So yes, while it is possible that some back-door has been written into an open-source program, it's highly unlikely, especially for large, well-respected projects like Gimp.

HTH!

Tom Purl

That is exactly the type of resistance that I am expecting. Certain bodies will trust Micorsoft / Adobe etc because they never cause problems (ahem!) I think the fear is that the because the source code is open it could be tinkered with to allow a backdoor to do... something.

Would have thought that I'm not the first person to have met this kind of objection and was just wondering if / how others had dealt with it. Would be a shame to capitulate and have to use Adobe stuff.

The work that I am planning to do involves running creative educational projects using the GIMP.

Cheers,

Simon

Simon Davis - IT in the Community 01904 634748 - http://www.futureprospects.org.uk/ 24 Swingate
York
YO1 8AZ

----- Message from jmf@jim-liesl.org --------- Date: Thu, 26 Oct 2006 16:06:45 -0700 From: jim feldman
Reply-To: jim feldman
Subject: Re: [Gimp-user] GIMP used in prisons / secure institutions To: Simon Davis
Cc: gimp-user@lists.XCF.Berkeley.EDU

Draw a picture of a "shiv"?

sorry.

I can't imagine GIMP being a problem. That being said, it's linked to libraries that have occasionally had security issues. Both closed and open source rendering libraries have at various times suffered from buffer overflows.

I tend to see resistance to FOSS solutions with these inane arguments that force you to prove a negative. "GIMP (or whatever) could start a nuclear war, can you prove it won't?". I say, then lets make that a testing prerequisite for any app, including the one you want to use.

jim

Simon Davis wrote:

HI,

Does anyone have any experience / anecdotal evidence of using the GIMP in prisons or situations where security was of paramount importance. Coming accross resistance and would like to be able to point to precedent.

Thanks a lot,

Si

----- End message from jmf@jim-liesl.org -----

---------------------------------------------------------------- This email is confidential and solely intended for the recipient(s) to whom
it is addressed. If you have received this mail in error, please reply to the sender of this email advising this error. The contents of any email from any employee of Future Prospects does not necessarily reflect the opinion of the company.