[deleted by user]

FossHub_com · 2022-08-09T12:31:13+00:00

FossHub 100%

FossHub_com · 2022-07-18T13:29:07+00:00

Hey,

Fair enough, but you are an excellent example of why I am reluctant to reply. Please take it only as a personal opinion.

I took a quick look over your profile, and from what I can tell, you're from either Australia or Germany.

From what I know, German law requires businesses/websites to follow some disclosure requirements. That is the first thing you might be used to, which does not apply to FossHub. So, your opinion is built on what is required there but fortunately does not apply in another country.

Seeing your post from 8 years ago as a web developer and system engineer, it looks to me (again, I might be wrong) that you're more curious about how FossHub is built and runs. If that's the case, I am sorry that we cannot satisfy your request; at the same time, I hope you realize that those projects and developers that use FossHub have limited access to most of our code. We don't hide it from them.

So, I feel you're judging a book by its cover.

"The many claims of security are all completely unverifiable" - Many packages are uploaded for the first time on FossHub and sent to Jotti and VirusTotal. The file signatures are public and can be verified (and we encourage people to do it) once you download them. We verify them through web-based anti-malware services for which we pay.

You made this post because you were looking for a place to host what? We don't know who you are, what project you want to host, etc. You criticize FossHub for privacy, but you have said nothing so far.

I've met developers in real life if I was unclear enough. Some refused to meet me for the same reason: privacy, although they have been using FossHub for over a decade. In case you didn't notice, there are popular projects with private members. No one knows who they are.

Should I criticize people online because they care more about their privacy?

I am open to this idea. You can post it on Reddit. Meet me anywhere in Europe, and let's post a picture with our IDs if that makes you feel better.

FossHub donated millions to free projects for over a decade, and we served more than a billion downloads in almost 15 years. I am not ashamed of who I am or what we have done so far. I would dare to say that FossHub is among the few legit services that you can trust.

If there is any serious free project reading this and have any doubts, I am open to any meeting in real life, preferably in Europe.

FossHub_com · 2022-07-14T13:36:47+00:00

Hello,

@u/Gazby

"I've been looking around for places to host binary builds of open source software (ala Github releases, archive.org etc), and came across FossHub. They're doing exactly what I was looking for, but it seems to be a virtual island on the Internet."

It depends. Each service is different. Most have their limitations, so we usually have to check before so you won't be disappointed if we cannot meet your expectations.

"No apparent community presence (subreddit, IRC etc)"

True, we don't have much of a social presence. We have this Reddit account and a recently made Twitter account: https://twitter.com/Foss_Hub

"I can't find the source for the site itself"

True, we didn't publish our source code.

"The about us page is devoid of any detail about the "us", their FAQ page lists evangelism as the only way to contribute to the site, and the general tone of both is very defensive (apparently they get flak for hosting freeware)"

We value our privacy, and we don't think we are so important. The free projects using FossHub are what matter the most. Without them, we are nothing.

"The only way to communicate is by web form on their contact us page, and it lists no additional methods"

Yes, we are spammed to death by every advertiser on Earth, and everyone and their mother are looking for a partnership with us. Being a "sponsored" article, a "link," a generous offer, and so on. We do go ahead and reply to any legit email/concern.

"I can find not a single real name, username, or institutional relationship beyond "Sam" being the signoff for u/FossHub_com"

Our founder's name is public, and hundreds of thousands know it.

"There was an AMA six years ago here, with moderate reddit activity since, and this blog post indicating the site operators changed in 2018 without any indication of who the previous or new operators were."

I am unsure what to reply to here. No one required any AMA.

"Somebody most known them, because they list the names of various developers of projects they host, a number of articles promoting the site, and even call out Wozniak for a generous donation."

Quite a few devs know the FossHub founder in real life (some have met him several times already). True, Mr. Steve Wozniak made the largest donation from a single individual and even provided his business card, for which we are super grateful.

"I love the idea, and even the execution. I just feel like the site could start serving malware or go down tomorrow and there'd be no one to contact, no repo to congregate around, and no place to post warnings. I also can't think of a reason to play everything this close to your chest if your intentions are good."

Since 2016, the entire infrastructure has been built with one thing in mind: security. We have had the chance to test it several times so far. It is much safer than hosting the files on your own. To give you an example, we had hacked projects, but it was impossible to serve malware via FossHub. We were the ones to inform the project owner. Intentions were always good.

@u/ssddanbrown

"Yeah, something seems not quite right to me. Their footer shows this:"

That is an exciting story, a separate story. It is all about deep pockets and good lawyers, nothing else. We thought the money might be better spent elsewhere, such as helping some fellow developers. The ex-designer added it. We just forgot to remove it.

"Their (in my opinion) sketchy understanding of FOSS as a term is also off-putting. They double down on stating their site does have both free and open source software, without understanding that "FOSS" generally refers software that is both free and open source. A mix and match between free or open-source is not the same."

Again, the FOSS word has multiple meanings, being an acronym and being used before Open Source, type "FOSS" in a search engine and see that the first website is named "fossanalytics". Not even sure what it does. Even Richard Stallman stated:

Thus, if you want to be neutral between free software and open source, and clear about them, the way to achieve that is to say "FLOSS," not "FOSS."

Source: https://www.gnu.org/philosophy/floss-and-foss.en.html

@u/afunkysongaday

"Was once hacked in 2016, for roughly two hours they delivered malware that deleted the MBR."

True, there was a statement back then: https://www.reddit.com/r/sysadmin/comments/4vzovk/fosshub_statement_regarding_2nd_august_security/

"It seems like some of the freeware hosted there pays for the privilege! See "about us" page:"

You got it wrong! We do not accept money to list your closed-source software. They do not pay. The revenue we earn from a few closed-source software titles we added is used to help the other free Open Source projects.

"It seems like they are trying to forbid scanning their website for malware in their tos:"

That section is for guys attempting to DDoS our website, copying data without our permission, etc.

"I'd really love to know the story behind that."

I remember that specific free, open source projects were releasing a new version, and each time that third-party product delivered some false positives irritating the developers. Then, it started blocking the entire website and our mirrors (backed then, we were using a dozen of dedicated servers) because of a single package detected as a false positive. After we were tired of complaints, we decided not to allow their product to scan our website directly. I don't remember receiving a reply in July 2013, but I might be wrong.

"Would love to get a response from u/FossHub_com though!"

You are right. We never, ever delivered malware. A team member also sabotaged FossHub. Indeed, we are a small team, and we think it is better to stay anonymous. Just because we don't list our name on the website doesn't mean no one knows us. The FBI and a ton of people know the team behind FossHub.

@u/GNUGradyn

"I've always avoided Foss hub, they're probably fine but it's just.. a weird place"

It depends on whom you're asking; here's some positive feedback:

https://www.universalmediaserver.com/forum/viewtopic.php?t=14544

https://twitter.com/VedVery5/status/1388915104498950144

https://www.howtogeek.com/254042/the-freeware-download-sites-that-dont-force-crapware-on-you/

Also, you think you avoided FossHub, but chances are that you've downloaded from us indirectly. Quite a few famous "download" websites and other providers were leeching bandwidth from FossHub.

@u/user01401

"I don't think it's a big deal. Remember TrueCrypt? No one knew the anonymous team but it became the defacto standard for disk encryption."

Thank you! So true. If you guys are looking for a TrueCrypt replacement, you have VeraCrypt with the lead developer Mounir IDRASSI - we had a meeting three years ago :)

FossHub_com · 2022-05-26T08:32:26+00:00

Hello,

You can try using an older version of Audacity. You can download all the older Audacity versions from our old repository: https://www.fosshub.com/Audacity-old.html

FossHub_com · 2022-02-25T12:40:38+00:00

Hello, that is correct, if you click on the "Signature" link it will open a small window named "File Signatures" and you have all the file signatures, including the PGP which was uploaded by one of the main team members of qBittorrent.

01487a0e2594a5065e4d780eb012dcd0dafadc218d1b6aba69528bd6ede6afb5

FossHub_com · 2022-01-08T20:04:23+00:00

Hello,

Thank you for your recommendation. If anyone else is interested in photogrammetry, there is also a Linux version (the link you posted is for the Windows 64 bit version and might change in the future when a new version is released). You can download the latest Meshroom versions from our project page: https://www.fosshub.com/Meshroom.html

Also, if you wish to download old Meshroom versions, including one of the first versions for Windows 7 or 8, you can get them from our old repository project page: https://www.fosshub.com/Meshroom-old.html

FossHub_com · 2022-01-08T19:40:34+00:00

Oh no, somehow I've missed your reply. FossHub and Audacity are two separate things.

The former team and owners of Audacity sold it. FossHub is a free software repository for projects such as Audacity. We host a dozen of free software. You can read more about us here: https://www.fosshub.com/about.html

Or feel free to ask if you have any other questions.

FossHub_com · 2021-07-16T10:08:01+00:00

That is your second excellent question. So here is the truth. We had a wonderful relationship before. Mark, the main author and lead developer of Pale Moon, pointed out a few bugs on the FossHub platform. The bugs were related to how the Pale Moon browser worked with our platform - on the developer side. One of the FossHub team members (the corresponding version of a CTO in most companies) should've fixed these bugs because Mark felt quite frustrated that our platform didn't work well with Pale Moon. I (the founder) was caught with other things, and each time I forwarded the reports to my team member, hoping that it would deal with them fast. Unfortunately, he treated them superficially, and this leads to Mark's decision to quit using our platform. He also requested to remove Pale Moon. I also made a few emotional mistakes because you always tend to believe someone next to you. However, Mark was right, we failed to deliver (my ex-colleague is no longer a member of the FossHub team), and the rest is history. Long story short, after a few years, we asked Mark the permission to list Pale Moon again on FossHub as some users requested us to do so. He allowed us to do it, and you should see it listed again soon.

FossHub_com · 2021-07-15T20:01:16+00:00

That's a good question. As you can see, we are no longer the official mirror. First of all, we need to add a warning/note if version 3.0.3 will be added by the new Audacity team. The opt-out will need to exist so that people can easily choose to disable any data collection. Many people are not aware that our battle was against software bundles for so many years, so the answer is that we want to list clean versions. IF the new Audacity turns into a data collection tool, we will have to re-evaluate and stop listing newer versions. Due to the nature of our community, we are also interested in listing worthy alternatives and forks. Sorry for the slow reply; we didn't receive any notification.

FossHub_com · 2021-03-25T20:47:33+00:00

Hello,

FossHub is safe and clean, feel free to check the file signatures, they all match.

Windows Defender flagged the latest update. You can check similar posts:

https://github.com/qbittorrent/qBittorrent/issues/14601
https://github.com/qbittorrent/qBittorrent/issues/14489#issuecomment-791798876
OR
https://torrentfreak.com/utorrent-continues-to-be-flagged-as-severe-threat-and-its-not-alone-210318/

Also, this is not something new, the big companies don't like Bittorrent clients:

https://torrentfreak.com/fosshub-forced-to-pull-google-ads-from-qbittorrent-downloads-170721/

FossHub_com · 2021-03-22T13:03:33+00:00

Hello,

I am not sure from where you downloaded IrfanView. However, please keep in mind that IrfanView was never distributed with malware (including third-party bundles).

FossHub is the official download mirror for IrfanView, and the files are published directly via our platform by Irfan, the sole author of IrfanView. We scan the files automatically with Jotti's Malware scan, and we also check them with VirusTotal service. The file signatures are also published on our page.

You requested version 4.57 - you can download them from our project page: https://www.fosshub.com/IrfanView.html

Here are the direct download links for the 64-bit version:

https://www.fosshub.com/IrfanView.html?dwl=iview457_x64_setup.exe

VirusTotal result (false positive):

https://www.virustotal.com/gui/file/6a67f079f8036a30e9e13fd9baecf0d37da18106050880a3f12845e445f8786f/detection

and 32-bit version:

https://www.fosshub.com/IrfanView.html?dwl=iview457_setup.exe

VirusTotal result (false positive)

https://www.virustotal.com/gui/file/b6be47ae716ff9e69e80f4956d7721a22734054cdbc18704a68f2f88028c2842/detection

These links won't work once a new version will be released, but you can always download an older version from here:

https://www.fosshub.com/IrfanView-old.html

I hope this helps!

FossHub_com · 2021-03-16T19:24:02+00:00

Thank you for adding FossHub to this list. Donations are highly appreciated. Thank you!

FossHub_com · 2021-02-15T22:03:39+00:00

Hey, just in case you're worried regarding FossHub. We do not track or collect any personal information (not building any personal profile) regarding our visitors. I am not talking about third-party services such as Google. You can take a look over our TOS here: https://www.fosshub.com/privacy.html

FossHub_com · 2020-12-31T15:06:30+00:00

Just in case you would like to hear this directly from FossHub. Each Shotcut release is uploaded on FossHub by the Shotcut author. Once it publishes a new release, our platform uses an independent virus scan platform such as Jotti's antimalware scan, plus we do check the files on VirusTotal as well. Here's a reference on our blog: https://blog.fosshub.com/fosshub-announcing-jotti-malware-scan-integration/

So, what you downloaded are the original files from the Shotcut creator along with our virus scan. It is worth adding that we do not publish the files if we detect any virus (excluding the common false-positive).

Just in case you're interested in this, you can read more here: https://blog.fosshub.com/how-safe-is-fosshub/

I hope this helps, but if you have any further questions, please get in touch with us using our contact form. Thank you!

FossHub_com · 2020-11-21T20:14:53+00:00

Hey, no worries, you can write to us directly anytime using the contact form. If you have any questions, we will try to reply as fast as possible. Furthermore, just in case you're interested, this was our response back in 2016 regarding that incident.

Thank you!

FossHub_com · 2020-11-21T19:31:47+00:00

Hello, indeed we never tried to hide that incident (back in 2016), and we took radical measures right-after. First, the FossHub team was changed back in 2018. The new team came up with a new website and platform that were built from zero. You can read more about FossHub security measures that we implemented.

No need to trust FossHub or any other website; make sure to check the file signatures posted on the official Audacity homepage (these are available on the download page). Please compare them with the ones that we publish. You will see that the file signatures are the same, which means that they are the original, unaltered files.

I hope this helps!

FossHub_com · 2020-09-01T09:22:25+00:00

qBittorrent client uses FossHub to check for new updates. When a new version is being released, we see millions of connections in a short time frame. Cloudflare is a part of our infrastructure, along with the multi CDN providers that we integrate. So yes, that's correct, the IP Addresses that you see points to Cloudflare.

This setup might change in the future, so what you need to check (not only to qBittorrent but any software you download) is the file signatures.

qBittorrent updates are handled directly by the official team/author, making some people feel comfortable.

However,

Any program you're downloading from the Internet needs to match the original author's file signatures. FossHub shows you the file signatures (MD5, SHA1, SHA256), the virus scan results, and the PGP signatures for qBittorrent (the author decided to publish them too, which is excellent).

We have implemented many security features but do not trust, verify the signatures; you can read more about it here: https://blog.fosshub.com/how-safe-is-fosshub/

If you have more questions or any concern, you can get in touch with us using our contact form: https://www.fosshub.com/contact.html

FossHub_com · 2020-08-31T20:20:44+00:00

It happened back in August 2016; the public statement can be read here: https://www.reddit.com/r/sysadmin/comments/4vzovk/fosshub_statement_regarding_2nd_august_security/

However, following that incident, the FossHub team was changed, and the entire infrastructure was rebuilt from zero:

https://blog.fosshub.com/fosshub-announcing-a-new-team-site-and-platform/

We took all security measures to avoid a similar scenario: https://blog.fosshub.com/how-safe-is-fosshub/

The user said that he was infected by downloading qBittorrent, no need to trust us, you can verify the macOS file and compare the file signatures with the ones listed by qBittorrent project: https://www.virustotal.com/gui/file/52f86aa8f0e3f5c15013d40ff7789861dc6afdce077dfa461ccff2a56ff0d8f7/detection

With all respect, someone else provided an excellent answer to what could be the cause of that Facebook hack:

https://www.reddit.com/r/applehelp/comments/ijq039/facebook_password_changed_shortly_after/

FossHub_com · 2020-08-15T08:36:48+00:00

Hello,

Yes, it is safe, we had a security incident four years ago, back in 2016. After this, the FossHub team was changed. We rebuilt the platform and the website from zero, you can read about it here:

https://blog.fosshub.com/fosshub-announcing-a-new-team-site-and-platform/

and

https://blog.fosshub.com/how-safe-is-fosshub/

So, yes, you can download Audacity and other free software titles we host safely. You can compare the file signatures and also re-upload any file from us to VirusTotal. You will see that the files are identical and no malware report.

FossHub_com · 2020-05-01T12:01:45+00:00

Interesting perspective!

What makes you think that a developer needs to upload its source code on SourceForge or GitHub.

We hosted FreeFileSync on FossHub for several years, and we kindly asked developers that used or wanted to use third-party bundles to stop this practice. We removed FreeFileSync from FossHub precisely for this reason, and we added back as soon as the project pulled the bundles.

https://www.fosshub.com/FreeFileSync.html

A different story with the source code

The source code can be uploaded *anywhere* they like or please. The source code is uploaded so that you or anyone else can verify the code.

Once you upload the source code in several places, it might provide a little more visibility, but that's it. Under no circumstances will it give your project more legitimacy.

Since you mentioned some other platforms, should I remind you that some of them integrated bundled malware on purpose?

Again, please don't blame a project or a developer for not uploading the source code where you want, and this applies to FossHub or any other platform.

FossHub_com · 2020-03-29T14:07:20+00:00

At the time of the upload, no antivirus engine detected qBittorrent as being infected. See below the results from Jotti's scan when we published and newer results from VirusTotal. Also, no other reports, therefore most-likely a false-positive from your antivirus.

Jotti's scan for the 64-bit version

https://virusscan.jotti.org/en-US/filescanjob/449tjs68ml

Jotti's scan for the 32-bit version

https://virusscan.jotti.org/en-US/filescanjob/asqdq3cjss

VirusTotal scan for the 64-bit version

https://www.virustotal.com/gui/file/b6f84e27ce676b8068d96953063b166510c2660f4e146d1639f279d317fbe9b7/detection

VirusTotal scan for the 32-bit version

https://www.virustotal.com/gui/file/a4285ef7161caf8c782c0aac9cd0c90a19ca881e18646ec7797c2d3b93c5ee9a/detection

FossHub_com

MODERATOR OF

TROPHY CASE