Given the the OP's email address is in the .mil domain "safe" could mean anything from "plays nicely with other apps" to "wont endanger national security". Perhaps a little clarification would be in order.

On Wed July 6 2011 07:20:13 Stefano Rovetta opined:

I think the poster was not asking about facts (is GIMP safe?), but about certifications (is GIMP certified as safe?).

I don't think it is possible to reassure him about this. In fact, the GPL has a "NO WARRANTY" clause.

If he/his customer wants something certified, I think he has to pay for the certification - which does not imply that the software is actually safe (there is no a priori way to tell this), but only that it has passed some tests.

By the way...

It is an application that receives

services from the OS ?

I don't know of any program that does not receive services from the OS. At the bare minimum, memory management (virtual memory) and process management (process startup and scheduling, execution) are up to the OS in all cases. I don't know how this question should be interpreted.

--Stefano

On Tuesday, July 05, 2011 09:39:39 am Baughman, Richard P

USA CIV (US) wrote:

Good morning,

Have a customer requesting GIMP 2.6.x for project

starting within 2 weeks.

IT department requires the software to be tested and

approved prior to any

new software being installed within our Enterprise.

Basically I understand GIMP to operate at the

desktop...

It is an application that receives

services from the OS

? what system ports (if any) are utilized by GIMP ? does the program traverse internet (80, 8080, 443

etc )

? are there any known vulnerabilities

Appreciate your time and assistance.

Thanks Rick

_______________________________________________ Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user

Gimp is an Open Source program that runs on MSWin, OS X and

Linux. It is similar in purpose to Photoshop but does not produce CMYK output, just RGB.

To install Gimp you download it over the Internet. Please visit http://www.gimp.org for details.

The user can click on the help facility and view the Gimp Manual in an html viewer. Other than that there is no operational connection to the internet. No ports are opened. It is a stand-alone local program.

Gimp has been in use for many years on many systems in

many shops. It is not scary.

I know of no vulnarabilities. But I operate on Linux where

vulnerabilities are seldom an issue.

_______________________________________________ Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user

Good morning and thanks for all the input.

Your information has been a great help and it is my understanding that GIMP does not utilize System ports to operate.
Meaning that Port 41 (Graphics) for example is not used by GIMP. All services are provided by OS. GIMP works at Layer 7 at the "front end" of OS.

The certification is Enterprise (Global) mandate for any new software requests. to ensure it is safe for use through the Enterprise after going through several Vulnerability tests.
The most difficult part is obtaining the information not necessarily the certification itself.

Thanks again

-----Original Message----- From: gimp-user-bounces@lists.XCF.Berkeley.EDU [mailto:gimp-user-bounces@lists.XCF.Berkeley.EDU] On Behalf Of Stefano Rovetta Sent: Tuesday, July 05, 2011 5:20 PM To: gimp-user@lists.XCF.Berkeley.EDU Subject: [Gimp-user] R: Gimp (certification)

I think the poster was not asking about facts (is GIMP safe?), but about certifications (is GIMP certified as safe?).

I don't think it is possible to reassure him about this. In fact, the GPL has a "NO WARRANTY" clause.

If he/his customer wants something certified, I think he has to pay for the certification - which does not imply that the software is actually safe (there is no a priori way to tell this), but only that it has passed some tests.

By the way...

    It is an application that receives

services from the OS ?

I don't know of any program that does not receive services from the OS. At the bare minimum, memory management (virtual memory) and process management (process startup and scheduling, execution) are up to the OS in all cases. I don't know how this question should be interpreted.

--Stefano

On Tuesday, July 05, 2011 09:39:39 am Baughman, Richard P USA CIV (US) wrote:

Good morning,

Have a customer requesting GIMP 2.6.x for project

starting within 2 weeks.

IT department requires the software to be tested and

approved prior to any

new software being installed within our Enterprise.

Basically I understand GIMP to operate at the

desktop...

    It is an application that receives

services from the OS

? what system ports (if any) are utilized by GIMP ? does the program traverse internet (80, 8080, 443

etc )

? are there any known vulnerabilities

Appreciate your time and assistance.

Thanks Rick

_______________________________________________ Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user

Gimp is an Open Source program that runs on MSWin, OS X and

Linux. It is similar in purpose to Photoshop but does not produce CMYK output, just RGB.

To install Gimp you download it over the Internet. Please visit http://www.gimp.org for details.

The user can click on the help facility and view the Gimp Manual in an html viewer. Other than that there is no operational connection to the internet. No ports are opened. It is a stand-alone local program.

Gimp has been in use for many years on many systems in many shops. It is not scary.

I know of no vulnarabilities. But I operate on Linux where

vulnerabilities are seldom an issue.

Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user
_______________________________________________
Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user