Personally, I feel that the SourceForge brand has negative value right now. For me they burnt almost all of their goodwill during their long, long period of neglect and stagnation, then went sharply negative when they started distributing malware.
I'm willing to give the new team the benefit of the doubt; let's just assume they want to create a high quality product. That's great, but I think the first step is starting over with a non-tainted brand.
It may make sense to migrate existing projects and accounts across, or even to build on top of the existing code base, just don't call it SourceForge.
Completely agree. Sourceforge, the brand, is so tainted I can’t even read this on my phone, since a content blocker List I have installed has apparently blocked the entire domain. The brand has been shit in my own mind for a while. Not even going to bother reading this. Why does it still exist? Replaced by GitHub, Bitbucket, and Gitlab.
At this point would even a rebrand matter? Github has such an unspoken strong hold on the developer community that I find it hard to believe that SF will be able to make any dent at all. Github has at least been a respectable stakeholder in the whole process. No shady downloads, ads or stepping over the users in any way. The worst they did was not developing features that would have helped simplify open source development and even that was largely addressed when "Dear Github" rolled around. Even Gitlab and Bitbucket, which are far better products than SF ever was, have not been able to shake GH. Lastly, every package manager developed in the last decade has millions of its packages with repos pointing to GH. If GH shuts down open repos, npm would probably fold up overnight.
- forced users to look at ads and go through two steps in order to download projects
- when that was not enough, injected malware into the files users were downloading
- irrecoverably lost project information
I don’t think they can do anything to salvage their image at this point. The last incident didn’t even inflict too much damage because there wasn’t much left to SourceForge.
Many years ago me and a friend wrote an open source game and we hosted the project on Sourceforge. This was some time in the late 90's. The project got dropped as so many others do because both of us found more interesting things to do.
Now, if you were in this situation and you decided to come back to the old project a few years later (we're now in the early 2000's) wouldn't you expect to be able to continue where you left off?
Not so with Sourceforge. I found that the entire project was deleted. I contacted them and got the answer that it was indeed deleted because it hadn't been touched in however many years it had been.
To give credit where credit is due, they were actually able to recover my code from a backup and restore the project.
The point of this post was just to point out that they've done some user hostile things for a very long time.
To me, this is just another website. There is no history, that was burned when it became an enormous cash grab. I understand they've been making a lot of changes, but if they want tabula rasa, then they have it -- and they have to offer something that entices people to use the product, not rely on the name they inherited.
As someone else already pointed out, I don’t think they’ll be able to rely on the name as it’s been severely tarnished beyond repair. They’ll have to rely on something that is significantly better than what the GitHubs, Bitbuckets, and Gitlabs are offering.
At least it does not belong to Microsoft yet. That seems to be important for some people. ;-) (I actually laughed when I saw that SourceForge has a GitHub importer now... SourceForge! Ha!)
On a more serious note: SourceForge has surely improved a lot, including not shipping malware anymore. The only things that I'd improve are:
1) More reliable SVN servers. Yes, I "still" have SVN projects on SourceForge because I lack motivation to change either the VCS or the hoster. But SourceForge's servers sometimes don't like my attempts to pull from or push to them. I blame the server admins, not the VCS.
2) A better code view. Just like Bitbucket's, SourceForge's code view (especially for diffs) is a mess. That's the one big thing I always liked with GitHub: Reading and comparing commits is perfectly clean.
3) A better project page. It always takes me a while to find the "Code" link on those - although it's always in a similar place.
In the late 90s, I was part of a project, which later became a non-profit called Tux.org, who was trying to be an umbrella organization to help Linux related FLOSS projects. We weren't quite at the model of a fiscal sponsor, but Tux had mirrors of projects and the goal of helping others.
Then Sourceforge came out and I remember as a 20 year old trying to talk with them about where they saw themselves in the community, and they were basically dismissive of the work that we were doing.
Nonetheless, they had (at the time) flashy software that made them attractive and many projects used them. They were genuinely the Github of their day.
The ultimate lesson of Sourceforge is three fold for me:
1. Never trust a commercial entity that you aren't paying to be your single repository
This applies to Sourceforge and Github, ultimately.
2. Never use proprietary software as your core
Sourceforge, like Github, was proprietary and used that to keep people in. Like Github, the interface to the internals were FLOSS (Subversion in SF's case, git in Github's case).
2. We need better verification/validation methods to handle malware
who even owns sourceforge now? it's like coming across an antique toy, who knows how many garage sales and antique stores it must have been living in over the decades - a quick google reminds me it's been at least owned by VA Software, Geeknet, Dice.com (!) and now apparently some company called BIZX. from a usability standpoint, including the release process, the mailing list, and everything else, the site was always of course awful, which wasn't so unreasonable in 2002 but as the years and owners went by it just got worse and worse. Along with the ads/malware, I took issue with it's silly practice that you could never delete a project from it, because that would somehow be denying the fact that you've promised your project is open source. Never mind this means if you wanted to move to some other platform that an ancient fossilized version of your code would stay on Sourceforge forever and confuse users who were unfortunate to find it there first.
If SF wants to attract developers, they should support alternative version control systems like fossil and darcs. I can't think of any reason to use SF for a new project except possibly that you use mercurial and don't like bitbucket. The market for git hosting is extremely competitive and they don't bring much to the table.
That means a UI that has to take into account the idiosyncrasies of different tools. It seems like a recipe for disaster, if focus is what SF needs now.
I wish them good luck and hope they can be a good competitor to gitlab and github. Some competition is always good. I do hope, as unlikely as it is, though that they move away from the Ad based revenue model.
I personally, am not interested in returning to SourceForge due to all reasons articulated in other comments.
Hi, president of SourceForge here. Glad this is trending, albeit a few months later. These articles seem to trend on HN every few months, with many people not realizing SourceForge changed ownership in 2016 and that the new team's been working hard on improving.
To be clear, we had nothing to do with the bundled adware decisions of 2015, and when we took over in 2016, the first thing we did was remove the bundled adware, as well as institute malware scans for every project on the site.
We're working hard to restore trust, so if we win some of you back that would be cool. However, we're just focused on doing right by our million daily users.
Recent history of SourceForge: they migrate data centres, and some things got broken and went missing for several months, and in one of the two cases I’ve checked ended up just disappearing completely, though that could be the project’s decision (specifically, when audacity.sourceforge.net started working again, it didn’t actually, because links that used to work just redirect to the project page).
Sourceforge is something I used extensively, they burned their reputation. I don't care about new management or new owners. I will never use their site again. When I find a package or library that is available only hosted there, I look for an alternative. That is how bad their reputation is.
What’s your FOSS alternative to FlightGear? MinGW? TortoiseSVN? PortableApps? Code::Blocks? 7Zip? QBittorrent? DeSmuME? WinSCP? XAMPP? Boost? The list goes on and on...
These are all applications I’ve used that distribute through SourceForge. This isn’t a snarky comment; It’s a legitimate question. I use most of these programs a lot, and if SourceForge’s brand is so tainted, what is one to do? (Never using these programs is not an answer)
I've used SourceForge for a while for my hobbyist game development. I've never had a problem with them product wise; their tools work well and they're really making solid progress on the redesign.
The malware incident was really bad, but I'm surprised more people won't give them a look given the fact it is new ownership and a much smaller team.
What's strange, to me, is that last week there was a thread with a majority of commenters defending Microsoft and their new attitude towards open source, when Microsoft has been making terrible products whilst being hostile to developers and consumers alike for decades (just my opinion).
Everyone has different grudges for different reasons, I guess. It's a tough and complex problem as a business.
I wish I could upvote you more. I have been a Sourceforge user for the last 15 or so years. There is some software like SQL Squirrel which[1] that I use on a daily basis. The Lazarus[2] project that was on HN front page a few days ago and ART - A reporting tool [3] which are great tools. I presume the developers of these tools are too busy to migrate to other platforms. I understand because these are Open Source applications and I presume the developers have day jobs and family competing for time. I wish Sourceforge well and hopefully they will in time shrug off all the negative sentiments.
If any other Sourceforge team is reading comments, I am a happy user and thank you for providing an alternative platform for Open Source projects.
> defending Microsoft and their new attitude towards open source
What’s odd about that? Isn’t their new attitude better than the old, and perhaps “good enough” (at least compared to other giants)? Are you saying nothing they do should be considered good enough by devs, based on the previous history?
Well, the UI still sucks. They still have their weird download mirror page that reminds me of filesharing sites like RapidShare and Megaupload. So there's that. It doesn't exactly engender trust.
I love the guy challenging the big companies and so want them to succeed. But, when I look at their site I wonder about so many things:
- What do VoIP and Internet Speed Test have to do with what they do.
- I wish they have a business model that is not selling ads or my personal information to others. As long as they do that, it is hard to trust them, especially with their malware past.
- Who are their target users, is it me (a developer) or someone else?
- Why do they equate free to open source. Free means so much more in for developers. I use open source despite it being free to use, but because I know I can use it in interesting ways if I need to.
It feels like it was designed in 2001. I don't think anyone cares about "history" as much as they care about the fact that the brand is old and tired, and even looks it.
If you "browse projects" on their website, they offer you categories, like ERM, CRM, HR, Ecommerce, Accounting.
They just don't work developers, they work for (unsuspecting) ERM software users, in capacity of an open-source app store. That's why it can succeed - if one makes a CRM software, he might mirror there in hope to be stumbled upon by category browsers.
I dont see any reason for this to still exist now that git is a thing... all github would have to do is make their release pages a bit more friendly to non devs and it would demolish sourceforge completely.
[+] [-] Lazare|7 years ago|reply
I'm willing to give the new team the benefit of the doubt; let's just assume they want to create a high quality product. That's great, but I think the first step is starting over with a non-tainted brand.
It may make sense to migrate existing projects and accounts across, or even to build on top of the existing code base, just don't call it SourceForge.
[+] [-] mifreewil|7 years ago|reply
[+] [-] inapis|7 years ago|reply
[+] [-] ahmedalsudani|7 years ago|reply
- forced users to look at ads and go through two steps in order to download projects
- when that was not enough, injected malware into the files users were downloading
- irrecoverably lost project information
I don’t think they can do anything to salvage their image at this point. The last incident didn’t even inflict too much damage because there wasn’t much left to SourceForge.
[+] [-] lokedhs|7 years ago|reply
Now, if you were in this situation and you decided to come back to the old project a few years later (we're now in the early 2000's) wouldn't you expect to be able to continue where you left off?
Not so with Sourceforge. I found that the entire project was deleted. I contacted them and got the answer that it was indeed deleted because it hadn't been touched in however many years it had been.
To give credit where credit is due, they were actually able to recover my code from a backup and restore the project.
The point of this post was just to point out that they've done some user hostile things for a very long time.
[+] [-] rhizome|7 years ago|reply
[+] [-] mmanfrin|7 years ago|reply
[+] [-] mifreewil|7 years ago|reply
[+] [-] rhabarba|7 years ago|reply
On a more serious note: SourceForge has surely improved a lot, including not shipping malware anymore. The only things that I'd improve are:
1) More reliable SVN servers. Yes, I "still" have SVN projects on SourceForge because I lack motivation to change either the VCS or the hoster. But SourceForge's servers sometimes don't like my attempts to pull from or push to them. I blame the server admins, not the VCS.
2) A better code view. Just like Bitbucket's, SourceForge's code view (especially for diffs) is a mess. That's the one big thing I always liked with GitHub: Reading and comparing commits is perfectly clean.
3) A better project page. It always takes me a while to find the "Code" link on those - although it's always in a similar place.
Good luck, SourceForge.
[+] [-] emacsen|7 years ago|reply
Then Sourceforge came out and I remember as a 20 year old trying to talk with them about where they saw themselves in the community, and they were basically dismissive of the work that we were doing.
Nonetheless, they had (at the time) flashy software that made them attractive and many projects used them. They were genuinely the Github of their day.
The ultimate lesson of Sourceforge is three fold for me:
1. Never trust a commercial entity that you aren't paying to be your single repository
This applies to Sourceforge and Github, ultimately.
2. Never use proprietary software as your core
Sourceforge, like Github, was proprietary and used that to keep people in. Like Github, the interface to the internals were FLOSS (Subversion in SF's case, git in Github's case).
2. We need better verification/validation methods to handle malware
We need verified builds
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] zzzeek|7 years ago|reply
[+] [-] pvg|7 years ago|reply
https://news.ycombinator.com/user?id=loganabbott
There was an article about their (last?) acquisition a couple of years ago where they commented at some length.
https://news.ycombinator.com/item?id=11092219
[+] [-] JoshMnem|7 years ago|reply
http://www.marketwired.com/press-release/bizx-subsidiary-sou...
https://www.crunchbase.com/organization/bizx
[+] [-] bachmeier|7 years ago|reply
[+] [-] rhabarba|7 years ago|reply
[+] [-] gtirloni|7 years ago|reply
[+] [-] mataug|7 years ago|reply
I personally, am not interested in returning to SourceForge due to all reasons articulated in other comments.
[+] [-] loganabbott|7 years ago|reply
To be clear, we had nothing to do with the bundled adware decisions of 2015, and when we took over in 2016, the first thing we did was remove the bundled adware, as well as institute malware scans for every project on the site.
We're working hard to restore trust, so if we win some of you back that would be cool. However, we're just focused on doing right by our million daily users.
[+] [-] chrismorgan|7 years ago|reply
[+] [-] paulie_a|7 years ago|reply
[+] [-] colejohnson66|7 years ago|reply
These are all applications I’ve used that distribute through SourceForge. This isn’t a snarky comment; It’s a legitimate question. I use most of these programs a lot, and if SourceForge’s brand is so tainted, what is one to do? (Never using these programs is not an answer)
[+] [-] fuball63|7 years ago|reply
The malware incident was really bad, but I'm surprised more people won't give them a look given the fact it is new ownership and a much smaller team.
What's strange, to me, is that last week there was a thread with a majority of commenters defending Microsoft and their new attitude towards open source, when Microsoft has been making terrible products whilst being hostile to developers and consumers alike for decades (just my opinion).
Everyone has different grudges for different reasons, I guess. It's a tough and complex problem as a business.
[+] [-] mmsimanga|7 years ago|reply
If any other Sourceforge team is reading comments, I am a happy user and thank you for providing an alternative platform for Open Source projects.
[1]https://sourceforge.net/projects/squirrel-sql/ [2]http://www.lazarus-ide.org/ [3]http://art.sourceforge.net/
[+] [-] alkonaut|7 years ago|reply
What’s odd about that? Isn’t their new attitude better than the old, and perhaps “good enough” (at least compared to other giants)? Are you saying nothing they do should be considered good enough by devs, based on the previous history?
[+] [-] nerdponx|7 years ago|reply
[+] [-] vineet|7 years ago|reply
- What do VoIP and Internet Speed Test have to do with what they do.
- I wish they have a business model that is not selling ads or my personal information to others. As long as they do that, it is hard to trust them, especially with their malware past.
- Who are their target users, is it me (a developer) or someone else?
- Why do they equate free to open source. Free means so much more in for developers. I use open source despite it being free to use, but because I know I can use it in interesting ways if I need to.
[+] [-] owenversteeg|7 years ago|reply
[+] [-] peterwwillis|7 years ago|reply
[+] [-] KaoruAoiShiho|7 years ago|reply
[+] [-] jelly_dev|7 years ago|reply
[+] [-] earenndil|7 years ago|reply
I wonder why?
[+] [-] nathantotten|7 years ago|reply
That pretty much says it all.
[+] [-] rhabarba|7 years ago|reply
[+] [-] nbabitskiy|7 years ago|reply
They just don't work developers, they work for (unsuspecting) ERM software users, in capacity of an open-source app store. That's why it can succeed - if one makes a CRM software, he might mirror there in hope to be stumbled upon by category browsers.
edit: some grammar
[+] [-] deevolution|7 years ago|reply
[+] [-] askmike|7 years ago|reply
[+] [-] codazoda|7 years ago|reply
[+] [-] binarycrusader|7 years ago|reply