There is zero excuse for what they did, and zero excuse for what they have been doing for the past years.
Once again reposting what I said in the other thread (which seems to have been modded off the frontpage, sad).
I'm one of the lead devs of LXQt and an LXDE sysadmin. We use Sourceforge for our mailing lists and some LXDE legacy stuff.
I'm absolutely sick of them. It's not the first time this has happened. I've been pushing for us to move off SF for a while and this is a good occasion to push for it harder.
I've sent an email [1] detailing plans to move. I am urging everyone who still has projects on Sourceforge to do the same.
If you have similar migration problems to solve as the ones I've highlighted in the email, please contact me directly and we can share the workload. My email is available on my Github profile [2].
It's unfortunate there aren't many good hosted mailing list services out there. Google Groups makes it hard to use without a google id, and mailman is tricky to setup/maintain.
>I am urging everyone who still has projects on Sourceforge to do the same.
Where is that other great free service which hosts large binary assets, web sites, wikis, forums, and trackers i.e. everything you need for a project.
Github is only a solution for software without meaningful binary assets where the user is expected to build the software himself and no community interaction beyond pull requests and issue reports is desired.
There is no free alternative to SF for many users, that is the problem. And well, "free", that is the key word here, at the end of the day SF has to make money somehow. As a non-paying SF user I cannot really complain about ads.
Given that the parent company of SF.net was recently purchased by Hot Topic, of all companies (presumably primarily for ThinkGeek), I doubt SF.net is long for this world.
Edit: doh, I didn't realize they had been sold off already. Never mind. :)
>This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.
4) The reason why they did it is actually completely irrelevant. "I killed him because he slept with my wife" doesn't change the fact that you committed murder.
Doesn't GPL have to say something about this? Wouldn't this mean that the adware would need to be open sourced?
Edit: The difference between murder and manslaughter has now been explained, multiple, multiple times. Manslaughter is still a crime and in that way it is still the same. The comparison was used as a device to elaborate why the reasoning was unimportant, the difference between murder and manslaughter isn't important within that context. Suffice to say, now that I have been corrected repeatedly over this nonsense, this would have been a better anecdote:
> "I killed him because he slept with my wife" doesn't change the fact that you killed someone.
They use the term abandoned when really, it sounds like the more correct description is that the client decided to go with a different service. In that case, it would be akin to G+ reviving your profile page after you moved to Facebook, and populating it with your Facebook posts without your permission. That doesn't seem ok
> 1) There is nothing clear and open about the project being abandoned by the author
Then you say:
> 2) The author left SourceForge...
Pretty sure if you left SF with the project still up on SF, any reasonable person could consider that abandoning the project. A more responsible thing would have been to remove the project entirely and shut it down.
> 3) Is SourceForge just going to maintain any project that leaves them and makes a mirror?
I assume you mean the only obvious option is to remove the project entirely (or disable from view) for those that leave. Leaving up old code at the scale of GIMP has the potential for leaving up unpatched code that is still downloaded and used. If your opinion is that nothing should have been done at all, I think that's far worse than what anything SF did.
This alone seems like reason enough not to use SourceForge even if just for mirroring a project. Which is what a lot of projects do including some Linux Distributions, what are alternative hosts at that point though?
Whenever a download link (and more often than not, for me, it's usually for a server-based tool) goes to Sourceforge, I cringe - more than a little. For Linux based tools, its because a simple 'wget' for a file is going to end up with a comlex filename that I have to rename. This, at least, is a simple problem for me to fix.
For desktop software, I'm more concerned after hearing of projects being wrapped in Adware/malware. This is a particular problem on sites like http://download.cnet.com. I've been online since at least 1996, and those sites used to be great to be able to find useful software. Now, I prefer to not install much new software, in order to keep a stable desktop (and it does work - I've only had to wipe my desktop and install Windows from scratch once or twice in my entire online career, I get new PCs more often).
I've even seen jobs posted on some sites to work on open-source code - but then the project is hosted on sourceforge.net, and so it is using Subversion for version control. While I may be expert on the underlying technologies that particular project used (and the language) - its not something that would ever convince me to help them - not even while being well paid (and working remotely, which is what I'm aiming to do from now on).
So, this is a reminder (and a very harsh one) that trusting third parties with your projects may be a risky decision. I see many people suggesting moving off of SourceForge to Github. While we moved most of our stuff to github years ago, and I like github and have no major complaints about them today, I'm having doubts about the wisdom of staying on any third party hosting site, no matter how nice they seem today.
Let's put this in context: SourceForge was once (this was many, many years ago) a deeply trustworthy entity. They were excellent stewards of Open Source projects. They consistently took guidance from the community, and wouldn't have chosen profits over users or projects (though, certainly, they've profited).
Markets change, leadership changes, acquisitions happen. One day, we may not recognize github as the entity we know today, just as we don't recognize the entity that SourceForge has become.
I'm not saying don't move to github. Obviously, nobody should be starting new projects on SourceForge and github is one of the better third party alternatives. But, it may be worth thinking about what happens when we as an Open Source community build up another SF.net like entity. A central repository for all the most popular Open Source software, controlled by one profit-driven corporation.
Maybe it was worth the tradeoff. Maybe SourceForge provided enough value over the years to where it's not worth belly-aching about having to rebuild our communities around new tools (maybe even another third party tool), and to educate users that SourceForge is now an untrustworthy provider that should be avoided. Maybe we have to just mourn the loss of a once great supporter of Open Source software and move on to another that will likely, someday, also turn its back on Open Source values in pursuit of profits.
I hate trash-talking SourceForge so harshly, as projects I've been involved in have been well-served by SF.net in the past (and even now, we're pushing out terabytes of downloads through their mirrors, even though we've moved our revision control to github long ago). But, the company as it exists today is nothing like what it once was. I must assume none of the original founders remain given how far this strays from the original vision of the thing, and certainly it's been through multiple acquisitions and leadership changes. Maybe I shouldn't feel so bad about it...maybe the SourceForge I knew has been dead for years, and I just didn't notice as it's taken a while to start to smell.
People, even hackers, get unreasonably attached to names. Your last paragraph is key. If the company operating SourceForge today were doing what they're doing today under any other banner, no one looking to evaluate the options available to them would come away with the conclusion that TAFKA SourceForge would be the thing to go with.
Why can't someone make a hosting site with a no crapware rule? I understand monetization is a big issue, but I'd be willing to sit through a 10-15 second forced ad to get a nice FOSS product. This mentality of installing random "utilities" and search hijackers on PC's needs to end. I can't imagine these things outpaying video ads directed right at our demographic.
In the age of cheap bandwidth and cheap servers, how is this not massively profitable?
> "Mirrored projects are sometimes used to deliver easy-to-decline third-party offers."
If they just mirrored the project, no one would be complaining. Having another place to download copies of the official releases is a good idea.
The issue is they changed the release. They advertised it as "mirror of Gimp-Win version X". And it wasn't. It was Gimp-Win version X with a boatload of adware / crapware. This made the Gimp-Win people upset that the crapware was being falsely associated with their product.
If SF had advertised it as "SF Version of Gimp-Win with magic crapware", people would be less upset. And fewer people would download it, of course. Which isn't what SF wants.
Their self-serving statement about "mirror" is a lie. The people who wrote it should be ashamed of themselves.
When would that have been, the year 2000? I remember as early as 2003 thinking they were junk because of the intrusive banner ads with no borders that only said "Download Now!" You actually had to look for the smallest download link, verify it was actual text, then hover over it to check to see if the URL ended in your expected file name.
Let's be blatant and honest: this is "SF-GIMP" not GIMP. It's being operated here under the guise of the authors and currently not sufficiently identified as a fork.
SF skirts "adoption responsibility" by simply writing a post to some unrelated blog article after the fact and create a collection of unrelated "deceptive ad blocking" website tools.
They show their true colors in the last paragraph:
We welcome further discussion about how SourceForge can best serve the GIMP-Win author.
Just stop. How disingenuous can you be? What a disgrace.
Do we really need to go there? Ok, how about: "completely suspend and remove the project, and don't let the name be reclaimed."
Source Forge is trying to convince us they never thought of that. Really? Give me a break. You knew. You just don't care. Fine, you don't. But don't try to play that off as ignorance. "Oh, yeah, please enlighten us with further discussion!" Get out of here, stop wasting our time.
They could just as well have done away with the blog post and put up an image of a giant middle finger, instead. At least that would have been honest.
I moved my project to github after one of their "enticing" offers installed a vpn client that redirected all my traffic and inserted ads into my browsing, when I installed filezilla. The installer they add is designed to make it very easy to install their "offers"without your realising it. I'm very wary of any code on sf now.
The Filezilla team also deserve some credit in that case, as they opted-in to the ads on purpose (the Filezilla team gets kickbacks from each adware install).
> My employer runs a sourceforge mirror – i am going to start some discussion if we can turn it off.
Please do. IIRC, most (all?) of their mirrors are provided by third-parties who are graciously offering their resources and SourceForge is taking advantage of them to serve up and profit from adware/malware installers.
In all fairness, the page for gimp-win on sourceforge clearly states it is a mirror of a project that is no longer distributed by the upstream author through sourceforge --
"Hey, this isn't a SourceForge project! Check out the SourceForge Open Source Mirror Directory for more information. " -> this links to a page that explains in detail what you are getting.
I don't have a windows installation handy so I can't 'test' the SF installer to see if the adware or add-on programs are easy to identify and accept or refuse -- has anybody tried that?
I've heard about how SF has been some financial trouble, but isn't all this adware nonsense just going to hurt them more in the end? Surely some crowdfunding option could've been more of a viable effort...
They've been getting scummier and scummier. They've been doing this ad bundling thing for years, and their entire website is basically unusable without adblock. Someone at Slashdot enterprises has no idea what they're doing. At any rate, SourceForge is going to die soon. I wouldn't be surprised if Google starts to delist them for distributing malware.
Dice Holdings also bought Slashdot, and now there are things that look out of place, like the Kate Upton ad for God of War, Slashdot Deals [1], and annoying ads as tweets on the twitter account which made me unfollow.
That is some crazy amount of spin. SourceForge started their path down the scummy side a while ago but this is really taking it to a new level.
You'd think that if they really cared, they would back pedal on what they did, but no, instead, they double down by trying to justify what they did and "welcoming further discussions".
Also, this:
> deliver easy-to-decline third-party offers
How about delivering third-party offers that users need to opt in instead?
Adobe pull this same scummy move with Flash downloads; Oracle do it with Java too. Surprised me recently setting up someone's Win 8.1 laptop as I had thought that such moves were now illegal in the EU - perhaps they are?
> It appears that +SourceForge took over the control of the 'GIMP for Windows' account and is now distributing an ads-enabled installer of GIMP. They also locked out original owner of the account, Jernej Simončič, who has been building the Windows versions of GIMP for our project for years.
tl;dr "Hey, it's not our fault that we adopted policies so offensive to the project maintainer that they utterly washed their hands of us, but the license of GIMP basically prevents them from preventing us from distributing the software inside of our third-party shovelware bundle..."
Good job SourceForge. A++ would never download anything from again.
Why don't they (SourceForge but also all the other software vendors out there, even Oracle with the Java and Ask.com bundling) just have it so it automatically installs all the crapware instead of asking you? Last I checked, it was because this would get them treated as outright malicious. I suggest that we consider such offers where the default option is to install them to be considered as malicious as installing them without asking.
[+] [-] scrollaway|10 years ago|reply
Once again reposting what I said in the other thread (which seems to have been modded off the frontpage, sad).
I'm one of the lead devs of LXQt and an LXDE sysadmin. We use Sourceforge for our mailing lists and some LXDE legacy stuff.
I'm absolutely sick of them. It's not the first time this has happened. I've been pushing for us to move off SF for a while and this is a good occasion to push for it harder.
I've sent an email [1] detailing plans to move. I am urging everyone who still has projects on Sourceforge to do the same.
If you have similar migration problems to solve as the ones I've highlighted in the email, please contact me directly and we can share the workload. My email is available on my Github profile [2].
[1] http://sourceforge.net/p/lxde/mailman/message/34148903/ [2] https://github.com/jleclanche
[+] [-] Touche|10 years ago|reply
[+] [-] copx|10 years ago|reply
Where is that other great free service which hosts large binary assets, web sites, wikis, forums, and trackers i.e. everything you need for a project.
Github is only a solution for software without meaningful binary assets where the user is expected to build the software himself and no community interaction beyond pull requests and issue reports is desired.
There is no free alternative to SF for many users, that is the problem. And well, "free", that is the key word here, at the end of the day SF has to make money somehow. As a non-paying SF user I cannot really complain about ads.
[+] [-] hamburglar|10 years ago|reply
Edit: doh, I didn't realize they had been sold off already. Never mind. :)
[+] [-] baldfat|10 years ago|reply
1) There is nothing clear and open about the project being abandoned by the author
2) The author left SourceForge due to their business practices and this allows SourceForge to take over the repos and continue making money?
3) Is SourceForge just going to maintain any project that leaves them and makes a mirror?
The sad state of Download.com and SourceForge keeps getting grimmer and grimmer.
[+] [-] ntakasaki|10 years ago|reply
YCombinator also invested in a company that did this.
http://www.istartedsomething.com/20130115/y-combinator-is-fu...
Here's pg's response:
>2. The apps that get installed are "crapware."
>This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.
https://news.ycombinator.com/item?id=5092711
[+] [-] jarcane|10 years ago|reply
The search hijacker that came with my copy of FileZilla Server was the first such infection I've had in a decade.
[+] [-] ww520|10 years ago|reply
[+] [-] zamalek|10 years ago|reply
Doesn't GPL have to say something about this? Wouldn't this mean that the adware would need to be open sourced?
Edit: The difference between murder and manslaughter has now been explained, multiple, multiple times. Manslaughter is still a crime and in that way it is still the same. The comparison was used as a device to elaborate why the reasoning was unimportant, the difference between murder and manslaughter isn't important within that context. Suffice to say, now that I have been corrected repeatedly over this nonsense, this would have been a better anecdote:
> "I killed him because he slept with my wife" doesn't change the fact that you killed someone.
[+] [-] jrochkind1|10 years ago|reply
That it is open source does generally allow anyone to do this, right?
But yeah, Sourceforge sucks.
[+] [-] TrevorJ|10 years ago|reply
[+] [-] jasonlotito|10 years ago|reply
Then you say:
> 2) The author left SourceForge...
Pretty sure if you left SF with the project still up on SF, any reasonable person could consider that abandoning the project. A more responsible thing would have been to remove the project entirely and shut it down.
> 3) Is SourceForge just going to maintain any project that leaves them and makes a mirror?
I assume you mean the only obvious option is to remove the project entirely (or disable from view) for those that leave. Leaving up old code at the scale of GIMP has the potential for leaving up unpatched code that is still downloaded and used. If your opinion is that nothing should have been done at all, I think that's far worse than what anything SF did.
[+] [-] mahouse|10 years ago|reply
Well, why not?
[+] [-] simosx|10 years ago|reply
Here is the list, http://sourceforge.net/u/sf-editor1/profile/ http://sourceforge.net/u/sf-editor2/profile/ http://sourceforge.net/u/sf-editor3/profile/
[+] [-] castell|10 years ago|reply
[+] [-] ww520|10 years ago|reply
https://mail.gnome.org/archives/gimp-developer-list/2015-May...
[+] [-] giancarlostoro|10 years ago|reply
[+] [-] abulman|10 years ago|reply
For desktop software, I'm more concerned after hearing of projects being wrapped in Adware/malware. This is a particular problem on sites like http://download.cnet.com. I've been online since at least 1996, and those sites used to be great to be able to find useful software. Now, I prefer to not install much new software, in order to keep a stable desktop (and it does work - I've only had to wipe my desktop and install Windows from scratch once or twice in my entire online career, I get new PCs more often).
I've even seen jobs posted on some sites to work on open-source code - but then the project is hosted on sourceforge.net, and so it is using Subversion for version control. While I may be expert on the underlying technologies that particular project used (and the language) - its not something that would ever convince me to help them - not even while being well paid (and working remotely, which is what I'm aiming to do from now on).
[+] [-] SwellJoe|10 years ago|reply
Let's put this in context: SourceForge was once (this was many, many years ago) a deeply trustworthy entity. They were excellent stewards of Open Source projects. They consistently took guidance from the community, and wouldn't have chosen profits over users or projects (though, certainly, they've profited).
Markets change, leadership changes, acquisitions happen. One day, we may not recognize github as the entity we know today, just as we don't recognize the entity that SourceForge has become.
I'm not saying don't move to github. Obviously, nobody should be starting new projects on SourceForge and github is one of the better third party alternatives. But, it may be worth thinking about what happens when we as an Open Source community build up another SF.net like entity. A central repository for all the most popular Open Source software, controlled by one profit-driven corporation.
Maybe it was worth the tradeoff. Maybe SourceForge provided enough value over the years to where it's not worth belly-aching about having to rebuild our communities around new tools (maybe even another third party tool), and to educate users that SourceForge is now an untrustworthy provider that should be avoided. Maybe we have to just mourn the loss of a once great supporter of Open Source software and move on to another that will likely, someday, also turn its back on Open Source values in pursuit of profits.
I hate trash-talking SourceForge so harshly, as projects I've been involved in have been well-served by SF.net in the past (and even now, we're pushing out terabytes of downloads through their mirrors, even though we've moved our revision control to github long ago). But, the company as it exists today is nothing like what it once was. I must assume none of the original founders remain given how far this strays from the original vision of the thing, and certainly it's been through multiple acquisitions and leadership changes. Maybe I shouldn't feel so bad about it...maybe the SourceForge I knew has been dead for years, and I just didn't notice as it's taken a while to start to smell.
[+] [-] carussell|10 years ago|reply
[+] [-] drzaiusapelord|10 years ago|reply
In the age of cheap bandwidth and cheap servers, how is this not massively profitable?
[+] [-] epaga|10 years ago|reply
Makes me pretty sad since I still remember the days when SourceForge was one of the good guys.
[+] [-] adekok|10 years ago|reply
If they just mirrored the project, no one would be complaining. Having another place to download copies of the official releases is a good idea.
The issue is they changed the release. They advertised it as "mirror of Gimp-Win version X". And it wasn't. It was Gimp-Win version X with a boatload of adware / crapware. This made the Gimp-Win people upset that the crapware was being falsely associated with their product.
If SF had advertised it as "SF Version of Gimp-Win with magic crapware", people would be less upset. And fewer people would download it, of course. Which isn't what SF wants.
Their self-serving statement about "mirror" is a lie. The people who wrote it should be ashamed of themselves.
[+] [-] moron4hire|10 years ago|reply
[+] [-] Rexxar|10 years ago|reply
https://en.wikipedia.org/wiki/Geeknet#Initial_public_offerin...
http://www.nytimes.com/1999/12/10/business/a-tiny-company-wi...
[+] [-] ncr100|10 years ago|reply
How this was done was wrong.
SF writes: "Mirrored projects are sometimes used to deliver easy-to-decline third-party offers, and the original downloads are always available."
It's wrong because it's disingenuous - an insincere representation of the GIMP maintainers package, to include adware in the package.
SF insufficiently differentiates this "gimp-win" project with the small, coded byline: "Brought to you by: sf-editor1" (http://sourceforge.net/projects/gimp-win/files/)
Let's be blatant and honest: this is "SF-GIMP" not GIMP. It's being operated here under the guise of the authors and currently not sufficiently identified as a fork.
SF skirts "adoption responsibility" by simply writing a post to some unrelated blog article after the fact and create a collection of unrelated "deceptive ad blocking" website tools.
RECOMMENDATIONS TO SF:
* Be up front and bold about "adopting"!
* Free software or not this adoption stinks!
[+] [-] nothrabannosir|10 years ago|reply
We welcome further discussion about how SourceForge can best serve the GIMP-Win author.
Just stop. How disingenuous can you be? What a disgrace.
Do we really need to go there? Ok, how about: "completely suspend and remove the project, and don't let the name be reclaimed."
Source Forge is trying to convince us they never thought of that. Really? Give me a break. You knew. You just don't care. Fine, you don't. But don't try to play that off as ignorance. "Oh, yeah, please enlighten us with further discussion!" Get out of here, stop wasting our time.
They could just as well have done away with the blog post and put up an image of a giant middle finger, instead. At least that would have been honest.
[+] [-] astrodust|10 years ago|reply
RubyForge folded and the world was better off.
[+] [-] neomech|10 years ago|reply
[+] [-] Someone1234|10 years ago|reply
[+] [-] helb|10 years ago|reply
My employer runs a sourceforge mirror – i am going to start some discussion if we can turn it off.
Also, old HN post on "what happened to Sourceforge": https://news.ycombinator.com/item?id=6700115
[+] [-] jlgaddis|10 years ago|reply
Please do. IIRC, most (all?) of their mirrors are provided by third-parties who are graciously offering their resources and SourceForge is taking advantage of them to serve up and profit from adware/malware installers.
[+] [-] bill_from_tampa|10 years ago|reply
"Hey, this isn't a SourceForge project! Check out the SourceForge Open Source Mirror Directory for more information. " -> this links to a page that explains in detail what you are getting.
I don't have a windows installation handy so I can't 'test' the SF installer to see if the adware or add-on programs are easy to identify and accept or refuse -- has anybody tried that?
[+] [-] Xylemon|10 years ago|reply
[+] [-] coldpie|10 years ago|reply
[+] [-] forthefuture|10 years ago|reply
[+] [-] ntakasaki|10 years ago|reply
[1] https://deals.slashdot.org/?utm_source=slashdot&utm_medium=n...
Would be interesting to see if Slashdot posts this story.
[+] [-] johnduhart|10 years ago|reply
This has to be some prank, they can't be serious about that.
[+] [-] johnduhart|10 years ago|reply
[+] [-] zak_mc_kracken|10 years ago|reply
You'd think that if they really cared, they would back pedal on what they did, but no, instead, they double down by trying to justify what they did and "welcoming further discussions".
Also, this:
> deliver easy-to-decline third-party offers
How about delivering third-party offers that users need to opt in instead?
Terrible, terrible company and organization.
[+] [-] Lawtonfogle|10 years ago|reply
[+] [-] r721|10 years ago|reply
It's as if they know the majority of experienced users would decline those "enticing" offers.
[+] [-] pbhjpbhj|10 years ago|reply
[+] [-] StavrosK|10 years ago|reply
[+] [-] chris-at|10 years ago|reply
> It appears that +SourceForge took over the control of the 'GIMP for Windows' account and is now distributing an ads-enabled installer of GIMP. They also locked out original owner of the account, Jernej Simončič, who has been building the Windows versions of GIMP for our project for years.
[+] [-] DanBC|10 years ago|reply
[+] [-] fixermark|10 years ago|reply
Good job SourceForge. A++ would never download anything from again.
[+] [-] Lawtonfogle|10 years ago|reply
[+] [-] moron4hire|10 years ago|reply
So in other words, GIMP-Win was hijacked, just not by a 3rd party.
[+] [-] _lce0|10 years ago|reply
https://www.stopbadware.org/
Please report the entire website, not just some project. They had distributed enough malware already.