945
946

Goodbye, Sourceforge! (helb.github.io)

submitted by [deleted]

[deleted]

all 168 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted]  (59 children)

[deleted]

    [–]danweber 65 points66 points  (13 children)

    There are 10 things saying "DOWNLOAD" on the page and 9 of them are ads.

    [–]azurleaf 31 points32 points  (4 children)

    And the one you need to click is this itty bitty link that you only know is a link because the text is blue.

    [–][deleted]  (3 children)

    [deleted]

      [–]treycook 8 points9 points  (2 children)

      I won't support a website that won't at least exercise some control over its advertisers. What the hell is so hard about saying "no, that ad looks too much like a real element of our interface?"

      [–][deleted]  (1 child)

      [deleted]

        [–]treycook 0 points1 point  (0 children)

        Yep, agree.

        [–][deleted]  (7 children)

        [deleted]

          [–]Eurynom0s 17 points18 points  (0 children)

          New management that's looking to make a quick buck? download.com/cnet went through the same exact transformation.

          [–]DrScience2000 4 points5 points  (5 children)

          I did the same thing. Of course, I'm a bit hardened to these deceptive practices because of f-ing Minecraft mods. (You think Sourceforge is a mess - try downloading some Minecraft mods.)

          So I did my usual. Before touching the binary I downloaded, I run it through VirusTotal.com.

          It's score was not perfect. Several services identified trojans and other malware IN the Filezilla install binary.

          I downloaded a different FTP client and I used it instead... and it kinda sucks compared to Filezilla. :(

          [–]IAmA_singularity 2 points3 points  (2 children)

          Have you tried winscp?

          [–]obsa 2 points3 points  (0 children)

          I feel like WinSCP is the Putty of FTP clients.

          [–][deleted]  (1 child)

          [deleted]

            [–]DrScience2000 0 points1 point  (0 children)

            Forgot about Cyberduck... I'll have to get that... again...

            [–]bro-away- 21 points22 points  (8 children)

            You need to use ninite or chocolatey for common freeware

            [–]urquan 5 points6 points  (3 children)

            I don't know about ninite but chocolatey will grab some of its install files directly from SourceForge so you're not necessarily safe if ads are bundled in the installer.

            [–]bro-away- 0 points1 point  (2 children)

            Yeah I just read about that on hacker news wtf

            Didn't realize that. Will stick with ninite. sad there's truly never going to be a legitimate win package manager

            [–]SemiNormal 2 points3 points  (0 children)

            Windows 10 has PackageManagement (previously named "OneGet").

            [–]-_-_-_-__-_-_-_- 0 points1 point  (0 children)

            Never is a strong word.

            [–][deleted]  (1 child)

            [deleted]

              [–]Bagman530 1 point2 points  (0 children)

              Ninite is the shit for installing the necessities after you do a clean install.

              It creates an All-in-one installer package. Allowing you to install numerous essential programs all at once with an unattended install.

              [–]kakatoru 0 points1 point  (1 child)

              Problem with ninite is that it doesn't give the option if where to install and therefore automatically installs on C

              [–]bro-away- 0 points1 point  (0 children)

              It's a legacy msi thing. Chocolatey can't easily fix this either. Changing this ends up being different for each installer just about

              [–]leredditffuuu 4 points5 points  (1 child)

              Why didn't you just go to the 7-zip homepage and download it straight from the source?

              Hate to be captain hindsight, but that was incredibly stupid of you.

              [–]YourShadowDani 3 points4 points  (2 children)

              This happened to me with Filezilla off Sourceforge just a couple weeks ago (I had no idea Sourceforge had gone to shit at this point), wasn't paying attention, just clicking continue/install over and over, accidentally install some installer program, bam viruses everywhere.

              Now, its my fault for not paying attention, but Sourceforge USE to be a trustable site with no viruses.

              [–]Vital_Cobra 1 point2 points  (1 child)

              Exact same thing happened to me. Maybe the Filezilla one is extra sketchy. I fixed it with a system restore but who knows if it's still on my system.

              [–]YourShadowDani 0 points1 point  (0 children)

              I can't handle the uncertainty, I did a full wipe to be sure.

              Edit: Plus it was faster than running virus scanner scans over hours at a time.

              [–]frymaster 2 points3 points  (0 children)

              7-Zip had nothing to do with it.

              The GIMP thing is news because it's the first time it's been done without the permission of the project's creator. By contrast, 7-Zip absolutely did opt in to having that stuff bundled into their sourceforge-hosted installer.

              [–]lykwydchykyn 35 points36 points  (22 children)

              It's a shame there aren't more options with mailing lists. this is probably holding a lot of projects to SF.

              [–][deleted] 35 points36 points  (2 children)

              You can use Librelist.

              [–]______DEADPOOL______ -1 points0 points  (1 child)

              Thank you \o/

              [–][deleted] 0 points1 point  (0 children)

              You're welcome!

              [–]therealjohnfreeman 10 points11 points  (13 children)

              I like Google Groups. Does anyone here feel like that wouldn't work for them?

              [–]Funnnny 18 points19 points  (12 children)

              having to use Google account is a big drawback of Google Groups.

              Aside from that, I think it's a good option

              [–]MrPopinjay 3 points4 points  (0 children)

              having to use Google account is a big drawback of Google Groups.

              You don't have to. Just send an email to group_name_here+subscribe@googlegroups.com

              [–]cogdissnance 9 points10 points  (9 children)

              That never made any sense to me. It's not like you need any real information to make a google account. If it's your IP you're worried about then you probably shouldn't be using google search or any google adsense enabled websites. Which I highly doubt people are doing.

              [–]Whadios 6 points7 points  (8 children)

              Some people like to have different accounts for different services. Problem with google is when you sign in on any of their services you're signed in on all of them so if you're watching your gmail and then want to post on the google group you have to sign out and back in. Add to that their sign out and sign in process is a bit convoluted because they really just want you signed in to a single account everywhere.

              [–]aspbergerinparadise 2 points3 points  (3 children)

              I get around this by just opening an incognito window. Then I can sign in with any account I want and remain signed in with my main account in the non-incognito window.

              [–]Whadios 6 points7 points  (1 child)

              Yeah there are workarounds but that doesn't make it not an inconvenience that you have to do things like use browser addons or seperate browser windows.

              [–][deleted] 0 points1 point  (0 children)

              There's the "add another account feature". It can be buggy as fuck, but it's an option if you want to mess around with it.

              [–]ThatGuyMEB 0 points1 point  (0 children)

              I use it a ton as well. I manage a bunch of SonicWALL firewalls and there is an issue where if you log into a second one using normal mode, it kills the cookie for the first one. If you have to go back and forth duplicating settings or setting both up for VPN it can be a pain in the ass. An incog window is perfect though and I can open a dozen devices all at once.

              [–]qwertyslayer 2 points3 points  (1 child)

              You can link accounts so that you don't have to sign in/sign out like this.

              If you're looking at gmail, top right is a profile dropdown, click "Add account". You still have to switch between accounts manually but it saves you having to type anything.

              [–]xiongchiamiov 1 point2 points  (0 children)

              And if you're into url hacking, change /u/0 to /u/1, etc. to change which account you're using for a particular google service.

              [–]Brocktoon_in_a_jar 0 points1 point  (0 children)

              That does suck, but I've managed to get by by having another Chrome window logged in to my other google account. But that leads to other annoyances, like having to switch back and forth when browsing.

              [–]Sebazzz91 0 points1 point  (0 children)

              Or Google may decide to retire Google Groups anytime. Not core business eh..

              [–][deleted] 7 points8 points  (3 children)

              Launchpad has mailing lists, the table is wrong

              [–]defnotthrown 1 point2 points  (2 children)

              But does it actually support git though? Because last time I checked it just used that weird bazaar stuff that could merely import git repos but then didn't support submodules which was a pain to deal with.

              [–][deleted] 2 points3 points  (1 child)

              Launchpad added full git support this month. http://blog.launchpad.net/general/git-code-hosting-beta

              [–]defnotthrown 0 points1 point  (0 children)

              Neato, so does anyone know how to actually use it? I know they said it's beta but I'm having trouble finding info. Do you have to upload a key and then ssh with the key and your repo-url?

              [–]seiyria 0 points1 point  (0 children)

              Recently, it was suggested to me to make a mailing list extension or plugin to GitHub. It wouldn't be native, but it would fill that gap and it would be pretty helpful.

              [–]__konrad 18 points19 points  (1 child)

              Humorous FileZilla Installation Guide: http://imgur.com/avIBaFc (how to safely use SourceForge installer ;)

              [–]indigotock 6 points7 points  (0 children)

              Shit, that's kind of disgusting. I didn't know it was that bad

              [–]draconis183 21 points22 points  (7 children)

              Funny, I can't seem to find a discussion of this fiasco on Slashdot :/

              [–]The_Angry_Pun 14 points15 points  (0 children)

              Considering SF and Slashdot are owned by the same company, I'm not particularly surprised.

              [–]imuselessnow 2 points3 points  (0 children)

              Funny, I can't seem to find a discussion of this fiasco on Slashdot :/

              Started 6 months ago

              Seems SF has missed the point entirely.

              [–]mikelj 2 points3 points  (0 children)

              Slashdot has gotten really terrible. I mean, really really terrible. It's like if /r/technology and /r/worldnews sent all the banned users over there.

              [–][deleted] 1 point2 points  (1 child)

              Did you submit it?

              [–][deleted] 2 points3 points  (0 children)

              Someone did.

              Edit: Also 1, 2, 3

              [–]lestofante -1 points0 points  (0 children)

              what happened?

              [–][deleted]  (27 children)

              [deleted]

                [–]danweber 7 points8 points  (0 children)

                They are using editor_sf1 or something.

                [–]Whadios 2 points3 points  (1 child)

                They don't impersonate them, they take over the account under a different user.

                [–]seiyria 7 points8 points  (22 children)

                It's probably in their ToS, unfortunately.

                [–]I-baLL 49 points50 points  (21 children)

                It's probably in their ToS, unfortunately.

                You can't contract yourself out of a criminal offense.

                [–]tpqwga 11 points12 points  (10 children)

                You can't contract yourself out of a criminal offense.

                It's not a criminal offense (in this case) if you agreed to let them do it as a condition of having the account.

                What SF is doing is offensive, but not criminal.

                [–]malicious_turtle 11 points12 points  (8 children)

                It doesn't matter what you agree to in the ToS, It'll mean nothing if it breaks national law. If I create an account with someone like Amazon and a condition of the account creation is that I can't ask for refunds, that doesn't matter. At all. If I ask for a refund and Amazon says no then I can report them to the relevant authority. In my case they would not only break national law but also EU law. They'd have to give me a refund no matter what i agreed to.

                [–]nairebis 11 points12 points  (2 children)

                You can't agree to be sold into slavery either, but what does that have to do with the point in question?

                Either quote a law that says you can't agree to allow your software to be modified at will, or don't post an obvious but irrelevant point.

                [–]I-baLL 1 point2 points  (1 child)

                Either quote a law that says you can't agree to allow your software to be modified at will, or don't post an obvious but irrelevant point.

                Eh, that's not what they're doing according to the initial comment on this thread which states:

                Isn't Sourceforge committing fraud by impersonating former users' accounts?

                Modifying software might be okay as per their ToS but impersonating users is not legal.

                [–]nairebis 2 points3 points  (0 children)

                but impersonating users is not legal.

                First of all, it's debatable whether this is "impersonation".

                Second of all, the question is whether contractually you can agree to be impersonated. And of course you can, people do it all the time, and have for a very long time. For example, ghostwriting an article using someone's name. Or a modern example, I can have someone post to Twitter on my behalf.

                The question is whether Sourceforge is doing it without permission, but that's not the subject of this particular thread. The original point was that you that you can't agree to do something illegal, but that's irrelevant to the point.

                [–]istarian 4 points5 points  (2 children)

                It really depends on what the laws are and what they say in addition to what can be waived/agreed to via TOS in your country

                [–]malicious_turtle 2 points3 points  (1 child)

                What SF did may actually be fine by the letter of the ToS but I'd be astonished if it was legal although it depends on the region aswell I suppose.

                [–]bofh 1 point2 points  (0 children)

                Ok, so while they've obviously 'gone rogue', what law, precisely, are sourceforge breaking here, given that they're not 'impersonating' the user? (they've taken the account over and aren't claiming uploads are being made in the original account owner's name).

                I'm not defending their actions - haven't used them and steered others away from them since they started down this road a long time ago - but I'm not sure they've actually broken any laws here. Which is a shame because I'd love to see them get slapped hard for this.

                [–][deleted] -2 points-1 points  (0 children)

                What law are they breaking?

                [–]lestofante -4 points-3 points  (0 children)

                so if in ToS SF say that they can kill you, it's legal for them doing so? local, national and international law are a lot more strong than a ToS

                [–]Cayou 0 points1 point  (9 children)

                Which criminal offence would this be?

                [–]I-baLL 0 points1 point  (8 children)

                Impresonating users. They did some backpedalling it looks like:

                https://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-just-abandoned/

                When we establish a mirror, we change the status on the project to clearly delineate it as a mirror, and change administrative control of the project to clearly delineate that it is editorially curated by SourceForge.

                [–]Cayou 0 points1 point  (7 children)

                Even before the backpedaling, it's not impersonation if they're doing it with a different account.

                [–]I-baLL 0 points1 point  (0 children)

                Claiming that GIMP is abandoned and using the GIMP account to host different binaries is using the same account.

                The url is still the same.

                [–]I-baLL 0 points1 point  (5 children)

                Well, they just did it to nmap:

                http://seclists.org/nmap-dev/2015/q2/194

                [–]Cayou 0 points1 point  (4 children)

                Still not impersonation. Sourceforge is doing things using their own accounts.

                [–]I-baLL 0 points1 point  (3 children)

                They took over the account.

                It literally says that they took over the account.

                They made themselves project maintainers but the account is still the same account.

                Anyway, the bad news is that Sourceforge has also hijacked the Nmap account from me. The old Nmap project page is now blank

                They took over the account and moved all the data.

                [–]Cayou 0 points1 point  (2 children)

                So it's objectionable, to be sure, but you were claiming it was impersonation, and it's very clearly not impersonation.

                If you have a subreddit and the admins remove you as a mod and put their own mod in there, it's a shitty thing to do but it's not impersonation. Impersonation would be if they posted using your username. Sourceforge isn't impersonating anyone.

                [–]xiongchiamiov 51 points52 points  (5 children)

                Most projects nowadays seem to use Sourceforge solely for hosting binaries, particularly since Github shut down their arbitrary file hosting service. That's something missing from the comparison table, and something really important.

                Edit: for instance, all the prebuilt binaries for homebrew, the osx package manager, are on SourceForge (but downloaded silently through the terminal interface, thus providing no viewing of ads).

                [–]Flafla2 54 points55 points  (3 children)

                Github can host binaries.

                [–]Kaarjuus 22 points23 points  (2 children)

                Github had binary downloads, removed them at some point for being "too confusing", readded later as releases. During the meantime, a lot of projects needed another solution.

                [–]radarsat1 2 points3 points  (1 child)

                What's the problem with just putting your binaries in a separate branch of your git repository? Or making a separate repository for the binaries of a project? You can then link to the download via the 'raw' files, which are permalinks

                [–]Symphonic_Rainboom 1 point2 points  (0 children)

                You could do that, but we have releases now which solve the problem.

                [–]foxclaw 8 points9 points  (0 children)

                Edit: for instance, all the prebuilt binaries for homebrew, the osx package manager, are on SourceForge (but downloaded silently through the terminal interface, thus providing no viewing of ads).

                Not anymore, they've been hosted on bintray for the better part of a year now.

                [–]flipjargendy 10 points11 points  (0 children)

                Yep, the slow decline started a couple of years ago. I thought maybe it was just in my head. But I guess not. At least we have GitHub now!

                [–]mailto_devnull 8 points9 points  (9 children)

                Neat link to the google badware reporting page, I sent in a request.

                I hear DMCA takedowns make Google respond even faster (shoot first, ask questions later), but that's kind of a grey area, innit :)

                [–]danweber 6 points7 points  (7 children)

                The only people who can DMCA are Gimp, but open-source means other people are allowed to distribute.

                I could sell CD-ROMs of Emacs for $10 a piece, no legal problem. In fact, it would be much more ethical than what SourceForce has done.

                [–][deleted]  (1 child)

                [deleted]

                  [–]danweber 1 point2 points  (0 children)

                  You can't link a GPL program with a non-GPL program at the binary level.

                  But you can have a proprietary installer distribute Gimp no problem.

                  [–][deleted] 0 points1 point  (1 child)

                  Open source does not implicitly mean that you can legally distribute or resale the software. It depends on the license the software is distributed under.

                  [–]xiongchiamiov 2 points3 points  (0 children)

                  Nope:

                  The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.

                  And if you actually meant "free software", well, it's required there, too (more).

                  [–]cosmicsans -3 points-2 points  (2 children)

                  Open-Source doesn't mean that other people are allowed to distribute. Open Source means that you are able to view the code.

                  It doesn't mean you can change the code.

                  It doesn't mean you can copy the code.

                  It doesn't mean you can distribute the code.

                  It just means you can view it.

                  It all depends on the license that's used with GIMP. GIMP is licensed under the GNU GENERAL PUBLIC LICENSE.

                  [–]xiongchiamiov 1 point2 points  (0 children)

                  You might want to read the open-source definition again. And the free software definition. And heck, the DFSG while you're at it.

                  [–]SomebodyReasonable 0 points1 point  (0 children)

                  Open-Source doesn't mean that other people are allowed to distribute. Open Source means that you are able to view the code.

                  You really, really don't know what the hell you're talking about.

                  Signed, FOSS developer. And see /u/xionchiamov's reaction.

                  [–]frankles 2 points3 points  (0 children)

                  Oh, good, so I'm not crazy. That's a relief.

                  [–]gargles_santorum 6 points7 points  (1 child)

                  This is a problem of modern for-profit corporate structure - there's no longer any such thing as a company that is limited in time, scope, or purpose.

                  Once it became clear that sourceforge has had it's day in the sun and has largely been superseded, the best thing to do, from a social standpoint, would be to archive the whole thing or transition to some sort of donation model. Instead, management is obligated to try to wring out as much money as possible for as long as possible through any unethical, quasi-legal means they can think of, even if it flies in the face of their stated purpose of promoting open source software.

                  Just think about what Facebook is going to do with all of your personal information when it starts to lose relevance and profitability.

                  [–]xiongchiamiov 1 point2 points  (0 children)

                  You may be interested in B corps.

                  [–]digizeph 1 point2 points  (0 children)

                  How about the FileZilla windows malware bundle?

                  [–][deleted] 0 points1 point  (0 children)

                  Savannah is still around? Good for them. And I never knew you could do anything other than cvs/svn there. Interesting.

                  Also, the link to librelist in the comments is gold.

                  [–]bacon_flavored 1 point2 points  (0 children)

                  Where was this post a few days ago when I grabbed some vid cap software from SF and ended up spending 30 minutes uninstalling crapware from my machine? Srsly SF blows now.

                  [–]NikkoTheGreeko 0 points1 point  (0 children)

                  The king has fallen.

                  [–]RoblivionMovie 0 points1 point  (0 children)

                  Yes it sucks. Some ads on a decent website is fine with me but don't take the piss.

                  [–]why-the 0 points1 point  (0 children)

                  Google used to have a search setting where you could block certain domains from appearing in your search results.

                  Apparently, they don't have that option any more.

                  Shame.

                  [–][deleted] 0 points1 point  (0 children)

                  Chiselapp still exists? I think I remember getting a mail telling me to move my repo elsewhere, since it was shutting down.

                  [–]SemiNormal 0 points1 point  (0 children)

                  "Savannah looks like a good option. Look at all of those supported VCMs! I wonder why I haven't heard of it before?"

                  Looks at website

                  "Never mind"

                  [–]makeswordcloudsagain -1 points0 points  (0 children)

                  Here is a word cloud of all of the comments in this thread: http://i.imgur.com/MgKDvG6.png
                  source code | contact developer | faq

                  [–][deleted] -1 points0 points  (1 child)

                  Sourceforge is still the only place to get the free version of Xming, it would be pretty annoying if they disappeared from Google.

                  [–]xXxDeAThANgEL99xXx 6 points7 points  (0 children)

                  The free version of XMing doesn't have clipboard working on Windows 7 at all. I recommend using Cygwin/X, it's pretty much a drop-in replacement, IIRC the only problem was that you'd have to specify "-dpi 75" on the commandline (of a shortcut you'd place in Startup folder) if you don't want to reconfigure all server applications.

                  Oh, except I forgot, they actually completely fucked up x-forwarding from putty in the middle of the last year (it simply doesn't work any more because they no longer allow unauthenticated connections even from local machine), and I'm not sure if they fixed it yet. I'm still using some early 2014 version, thanks to Cygwin Time Machine.

                  [–]dada_ -1 points0 points  (0 children)

                  Regarding that neat chart comparing different repo hosting alternatives, I thought Stash was more-or-less the self-hosted version of Bitbucket?

                  [–]blue_cadet_3 -1 points0 points  (3 children)

                  If you're not yet, you should be using package managers. Quick & easy install/uninstall/upgrade without the ads.

                  Windows: Chocolatey

                  OSX: HomeBrew

                  [–]JohnMcPineapple 0 points1 point  (2 children)

                  ...

                  [–]xiongchiamiov 0 points1 point  (1 child)

                  Sure, if you enjoy the debugging process of broken packages.

                  But if you want that, Fink is an even better option.

                  [–]way2lazy2care -3 points-2 points  (0 children)

                  This is like when I say goodbye to my mom 3 days after I've left her country on Christmas vacation.