WingNews logo WingNews GitHub [2]
top | item 9717140

Notepad++ leaves SourceForge

136 points| nreece | 10 years ago |notepad-plus-plus.org | reply

35 comments

order
[+] jskz|10 years ago|reply
Doesn't SourceForge routinely inject malware into the little install bundle executables, too? Once upon a time, SourceForge was revered for its good will and the ripples it was making in the FOSS pond. Too bad the site they've become can't close down soon enough.
[+] davidgerard|10 years ago|reply
It tends to make the download link the wrapper software, which installs the malware and downloads the actual software. This lets them supply e.g. unmodified Firefox binaries but still malware you.
[+] ChuckMcM|10 years ago|reply
I find the rapidly increasing collapse of the 'monetize downloads' business model quite refreshing. I hope Github has enough revenue to not have to revert to things like this in the future.
[+] bdcravens|10 years ago|reply
I imagine so. I don't think SourceForge's commercial offerings ever had much wind behind them, but pretty much every company I've done any kind of work for in recent years has a commercial GitHub account.
[+] davidgerard|10 years ago|reply
I work for a company that uses paid Github, and it's the BEST THING EVER. We will be happy to keep throwing money at Github well into the future. We just outgrew the "platinum" plan ($200/mo), but they have plans all the way up to "aluminium" (with an I) (just over $1000/mo).

They don't suck and we're enormously happy. As the sysadmin whose job it would otherwise be to manage Gitorious or Gitlab locally, I am delighted to be able to outsource this task.

So yeah, I'm extrapolating from anecdote but for the moment I think their prospects of continued payment for services are pretty good.

[+] yuhong|10 years ago|reply
I am thinking Yahoo! should buy them for this reason.
[+] ksec|10 years ago|reply
I have always thought this is something Github could capture on. GitHub is missing download of Compiled Binary, and some forum for user ( not developers ) interaction.

But then Github has always been a Dev focus site.

How will Notepad++ handle the delivery?

[+] tauchunfall|10 years ago|reply
>GitHub is missing download of Compiled Binary

You can create releases from tags and upload artifacts for every release.

GitHub have had a download tab for compiled binaries years ago.

edit: typo

[+] cliffwarden|10 years ago|reply
Github does have "releases" that allow you to attach binaries
[+] stevebmark|10 years ago|reply
There are still major projects hosted on SourceForge?!
[+] LukeShu|10 years ago|reply
- hunspell (one of the major spell-check engines, used by Firefox, LibreOffice, et cetera)

- Mesa3d

- Many Linux-kernel utilities (e2fsprogs, procps-ng (ps, top, uptime, watch, ...), fuse, jfs, sysfsutil, net-tools, NFS, acpiclient/acpid, et cetera)

- PCRE

- Flex (the lexical analyzer generator)

- TCL (the language)

- Many lower-level media libraries (freetype, liba52, libmpeg2, libmtp, libwpd, libpwg, opencore-amr, giflib, libcddb, libebook, libexif, et cetera)

[+] mnl|10 years ago|reply
Besides Notepad++, I have in this box Pidgin, KeePass, DjVuLibre/WinDjView, DOSBox, Freeplane, TeXnicCenter, NAPS2, WikidPad, WinMerge, REDUCE (great CAS), JaxoDraw, MinGW/MSYS, NumPy/SciPy (Windows binaries are there...) and quite a few more.

I don't think REDUCE and JaxoDraw are going anywhere soon. Same for the WP 31S/34S calculator projects. Maxima and matplotlib are there as well.

I really need some of these, so for me blocking SourceForge is not an option even at this moment. It just isn't as easy as the vibe here makes it. I'm just as careful as you should when downloading Windows installers. Block most of the JS there, scan the files, always go for custom setups and when in doubt use sandboxing.

[+] whoopdedo|10 years ago|reply
mingw, mingw-w64, and msys2 are still there. Kind of a big deal because their package managers use SF mirrors.
[+] anotherevan|10 years ago|reply
I think if I was any project leaving sourceforge, I would try and delete as much as possible, including the user account. Failing that, I would upload as the last release an "installer" that just gives notice that downloads through sourceforge are no longer supported due to their scammy behaviour, and a link of where to get the valid download.
[+] lewisl9029|10 years ago|reply
I also just found out today that Mumble has moved their binaries and source to Github as well (the update prompt for 1.2.9 pointed to the Github binary directly).

Last time I checked, their download links all pointed to SourceForge.

https://github.com/mumble-voip/mumble

[+] el_duderino|10 years ago|reply
At least he didn't put out another update that opens a new tab and starts typing out more of his thoughts automatically.
[+] voltagex_|10 years ago|reply
Do you remember which release this was?
[+] datainplace|10 years ago|reply
Sourceforge is to Gamestop as Huffington Post is to Verizon.

Hopefully the new ownership puts an end to the site. Though I expect they will sell it to an outside investor.

[+] ChrisArchitect|10 years ago|reply
so what's the deal with the 'injection'? They've been bundling crapware with the installers for a few years at least right? But for a long while there was always an option on the file list/downloads page that users in the know could click to get a clean installer 'direct download'. That appears removed now, is that what everyone is up in arms about?
[+] davidgerard|10 years ago|reply
A couple of years ago they started using a malware wrapper, that installed adware then did the real download. Projects got very upset and they swore they wouldn't do this again, then offered profitsharing (which some projects took them up on, e.g. Filezilla).

Then, two years after promising they would never do this again, they started doing it again.