Nice list. Got Audacity there, for instance.
This is very confusing.
Having a look through that accounts project history is a little fishy (http://sourceforge.net/u/sf-editor1/profile/)....
People who host software there should move to a different platform.
Here are some possibilities I can think of, but I'm curious if they're correct:
- Mailing list hosting
- Non-git repository hosting, for projects that prefer CVS or SVN
- Shell account (though it doesn't seem very useful)
- Features GitHub has but few others do (binary hosting, website hosting, etc.) and the project wants to avoid GitHub
Are there others?
Another reason for quite a while was binary hosting, which github originally supported, then discontinued, but finally added again in July 2013. Additionally, the ability to use any open source license or combinations of licenses, as Google Code supported binary downloads during the time github didn't but only permitted one license per project and only from a subset of open source licenses (originally a small subset, later expanded). Google Code, of course, is sunsetting now. And github now supports multiple licenses as well as binary releases.
That said, with projects and people leaving SF, and their UI leaving a lot to be desired, there are so many more options I'd first use for project discovery.
(But yes, right now, if you're on Git, GitHub will give you binary downloads and all licenses.)
[1] See the top story on http://www.gimp.org/
That said, looking at the top story, I guess they consciously chose not to do that and then things went sour.
It appears they switched the GIMP project on SF back to directly downloading the standard GIMP installer, at least that's what I see right now in Firefox at 3:30pm NYC time.
In other words: "Yes, we take your project and wrap it in an adware installer."
Does anybody have a copy of the "value added" installer?
How did it work? Was it a wrapper which contained a copy of the official installer? Did it have the same filename? Was there some identifier in the URL? A cookie?
In other words, can we programmatically identify other hijacked projects?
It seems they've disabled the ability for the GIMP downloader installer posted earlier today to be able to download GIMP now. Possibly so other sites don't distribute it further thinking it's the real GIMP installer?
Why are we doing this? We want the SourceForge software directory to be as useful as possible. When you come here to search for a piece of software, we want you to be able to find it, and find the most up to date releases. And if that software isn't hosted on SourceForge, we still want you to be able to find it. Or if a SourceForge project has been abandoned, we want it moved to the mirror and maintained, so you can always find the newest releases. Millions of people use SourceForge every day to search for Open Source software, and we want to give them the best experience possible, even if the best answer to their search is a project hosted elsewhere, or an abandoned project newly maintained by the SourceForge team.
That's so underhanded and nasty that it's difficult to believe. If true, it means SourceForge has effectively become the nemesis of every software developer who ever used their services. And, it means every software developer who cares about software freedom and privacy must move everything off of SourceForge.
We host Webmin on SF.net, still, and it is downloaded over 3 million times per year, making it one of the most popular packages in the system administration category for over a decade (last I checked a few years ago, it was second only to phpmyadmin). They've never done anything weird or underhanded with our stuff (but most of our packages are signed and setup in such a way that fiddling with them would be somewhat challenging). Given its popularity, I would assume it would be a likely target for this sort of thing. But, maybe it's only "abandoned" projects? (Whatever that means, since it sounds like the original author in this case did not consider their project abandoned.)
Fortunately, we've moved to our mirror infrastructure since quite some time, and it's faster and way better.
Btw, if any other open source project needs help to distribute their binaries (because of the size), please contact me.
PS-EDIT: signing the installer was a good idea, I guess :)
I'm one of the lead devs of LXQt and an LXDE sysadmin. We use Sourceforge for our mailing lists and some LXDE legacy stuff.
I'm absolutely sick of them. It's not the first time this has happened. I've been pushing for us to move off SF for a while and this is a good occasion to push for it harder.
I've sent an email [1] detailing plans to move. I am urging everyone who still has projects on Sourceforge to do the same.
If you have similar migration problems to solve as the ones I've highlighted in the email, please contact me directly and we can share the workload. My email is available on my Github profile [2].
[1] http://sourceforge.net/p/lxde/mailman/message/34148903/ [2] https://github.com/jleclanche
They really really need to up their game if they want to stay relevant. Most of the stuff I find pointing me to SF these days is usually abandoned (GIMP and Pidgin are probably notable exception).
