Sourceforge controversy

[diiz]

So apparently, some Free Software projects are abandoning Sourceforge as a distribution platform, due to Sourceforge's new policy of bundling adware/crapware/malware into their Windows installers.

As a notable example, GIMP is no longer using Sourceforge as the official source for GIMP's Windows binaries:

http://www.gimp.org/

More information here:

http://www.gluster.org/2013/08/how-far- ... as-fallen/

So, if you use Windows, watch out. If you download anything from Sourceforge, be extra careful when installing, read every installer screen carefully and don't let any extra crapware be installed on your computer. Supposedly, no malware gets installed if you don't click the wrong button, but since the installers are closed source, there's also no way to really be sure what gets on your computer.

LMMS also uses Sourceforge, but since I don't use Windows, I've no idea about LMMS Windows packages, and whether they contain this bundled malware. Maybe someone who has access to a Windows computer can test them out and report here.

[Sti-Jay]

I just downloaded LMMS and cancelled before the install. No ads. Maybe because 0.4.15 was uploaded before the new update?

[zonkmachine]

It looks like the adware inclusion is 1 - Voluntary and 2 - A revenue that is shared with the software project. Sounds like people need to lighten up a bit.

From wikipedia:
http://en.wikipedia.org/wiki/Sourceforg ... ontroversy
From SourceForge themselves:
http://sourceforge.net/blog/today-we-of ... -software/

I would probably not want anything like this if I made a project myself but if people want to have a go at this I see nothing wrong with it.

[diiz]

if people want to have a go at this I see nothing wrong with it.

I'm with GIMP developers on this, I see plenty of wrong with it. It's an unethical way of creating revenue. It bundles malware (and make no mistake, we're talking about malware here) with installers, in other words, it compromises the security of the user's computer in exchange for profit. How is this suddenly an acceptable way of monetizing free software projects?

Sure, you can always say that the installation of the malware is optional, you can still install only the software you want, but there's two problems with that: one, the sourceforge installers are closed source, so who knows what they add in there. When we're talking about installers that are made for bundlind questionable software with them for profit, that already shows a disregard of the security of the user, so who's to say they don't sell out their users further and add something nasty in the installers, like spyware, in order to make a little more profit? Two, the installer is made in such a way that for an inexperienced user, it's easy to install the malware by accident, when clicking through installers. Windows users are often very inexperienced users, is it ok to prey on people just because they don't have the leet hax0r computer skills?

It's fine for free software projects to think of ways to make revenue, but those ways should be ethical and respective of user's rights.

[raekman]

if people want to have a go at this I see nothing wrong with it.

I'm with GIMP developers on this, I see plenty of wrong with it. It's an unethical way of creating revenue. It bundles malware (and make no mistake, we're talking about malware here) with installers, in other words, it compromises the security of the user's computer in exchange for profit. How is this suddenly an acceptable way of monetizing free software projects?

This bundling is an opt-in thing. The GIMP developers could just have chosen not to participate in the bundling instead of leaving SF, but whatever. It's their choice. And it's not like bundling wasn't possible before, e.g. LMMS for Windows has come with some other software in the past without any SF involvement. There were some complaints and ATM there are no "secondary offerings" with LMMS.

The problem is, servers cost money, bandwidth costs money, developers need income (unless it's a hobby)... all that money has to come from somewhere. Ads? Evil (I'm guessing those complaining loudest about bundling are often Adblock users, too ). Users paying to get open source software? Not very realistic. Bundling other software? Evil. What's left, donations?

[diiz]

Like I said,

It's fine for free software projects to think of ways to make revenue, but those ways should be ethical and respective of user's rights.

It's just my opinion, I don't think bundling malware in installers is an ethical way of generating revenue, no matter if the project is open or closed source.

This bundling is an opt-in thing. The GIMP developers could just have chosen not to participate in the bundling

AFAIK the bundling wasn't the only reason why GIMP left SF. Read the full announcement on the GIMP homepage.

all that money has to come from somewhere. Ads? Evil (I'm guessing those complaining loudest about bundling are often Adblock users, too ). Users paying to get open source software? Not very realistic. Bundling other software? Evil. What's left, donations?

Why is it not realistic? Works for Ardour, PartedMagic... they charge for binary downloads, you can still download and compile the source for free, but if you want a ready-built binary package you need to pay for it. Ardour even offers free binary versions with reduced functionality, kind of like shareware. In this model the monetization is not in the product per se, but in the service of building the software, and/or providing updates, etc.

Donations are also a viable means for some. Crowdsourcing is another way of doing this, which often gets users' interest more effectively than simply asking for donations - lots of succesful crowdsourcing campaigns have been done to support specific feature additions to free software projects, GIMP recently had a succesful one, IIRC OpenShot had one that was extremely succesful... the reason this can work better than plain donations is that users feel they get some return for their money - if it's a feature that many people want, people will pay for it. I know there's a lot of features I'd be willing to pay money for to get in LMMS...

[Sti-Jay]

The only thing I can say is that I doubt LMMS will move in near future. It will be a long and complicated process, time which could be used on LMMS. These forums are on Sourceforge, the bug-tracker and most importantly the downloading. GIMP has apparently got some random servers around the world, for example the university in Oslo... It is because GIMP is looked upon as the best free image program in the world. LMMS on the other hand is unknown by most people, and only best for windows because there is so few others, for linux that is another story.

So the sad truth. Until LMMS actually become as popular as GIMP or someone badly wants to host servers for LMMS, Sourceforge probably is the best solution.

[diiz]

The only thing I can say is that I doubt LMMS will move in near future. It will be a long and complicated process, time which could be used on LMMS. These forums are on Sourceforge, the bug-tracker and most importantly the downloading. GIMP has apparently got some random servers around the world, for example the university in Oslo... It is because GIMP is looked upon as the best free image program in the world. LMMS on the other hand is unknown by most people, and only best for windows because there is so few others, for linux that is another story.

So the sad truth. Until LMMS actually become as popular as GIMP or someone badly wants to host servers for LMMS, Sourceforge probably is the best solution.

I'm not saying LMMS should move out of Sourceforge... that's up to the LMMS developers to decide, whatever they consider the best solution. To me personally it doesn't make much difference, as I don't use Windows, and I compile my LMMS from source anyway. I can understand if there isn't a better choice to host the files (that is also free). But I also think LMMS users should be aware of this, that SF is no longer a safe place to download, so they know to be careful and not download or install anything suspicious.

The other reason why GIMP parted ways with Sourceforge was SF's policy of allowing predatory ads on the site:

SourceForge, once a useful and trustworthy place to develop and host FLOSS applications, has faced a problem with the ads they allow on their sites - the green "Download here" buttons that appear on many, many adds leading to all kinds of unwanted utilities have been spotted there as well.

So my main concern here is just telling people who use Windows to be careful, be sure you click on the correct link when downloading and not on an ad, and pay attention when you install programs in Windows.

[pauljs75]

It's always possible to do what LibreOffice did, post an official torrent on the download page. Of course that means you'll have to trust that enough developers (and perhaps users) keep a torrent client going to host the files. But if a program has enough dedicated users, it's not too hard to have the momentum necessary to make torrenting a reliable method of obtaining software. (For open source torrenting is probably more ideal than relying on some commercial service's servers where TOS and therefore QOS may be subject to change. Might have a "good guy" hosting for now, but if something happens or he sells out...)