If you’ve followed any tech news aggregator in the past week, you’ve probably seen the story about how SourceForge is taking over admin accounts for existing projects and injecting adware in installers for packages like GIMP. For anyone not following the story, SourceForge has a long history of adware laden installers, but they used to be opt-in. It appears that the process is now mandatory for many projects.
How is it possible that someone, somewhere, thinks that censoring SourceForge’s adware bundling on Slashdot is a net positive for Slashdot Media, the holding company that owns Slashdot and SourceForge? A quick search on either Google or Google News shows that the story has already made it to a number of major tech publications, making the value of suppressing the story nearly zero in the best case.
I find this entire situation incredible. Sourceforge was my go to site for FOSS and I have been using them for as long as I can remember.
Ever since the Linux world has moved to repositories where a simple yum install or apt-get loads up the entire package it has been awhile since I perused Sourceforge. I have a set of FOSS utilities for PCs that I always download from the site that produced the software, not Sourceforge. Many of those sites are listed on the sidebar under Tools.
All this started on Sourceforge a couple of years ago but people seem to be upset that it has recently hit the popular photo editor GIMP for Windows. On Linux it’s just:
sudo yum install gimp
… and that’s all there is to it. No adware, malware, nothing to worry about … so far.
As for FileZilla, the ftp program Sourceforge began making custom installers for a couple years ago, I prefer WinSCP on my Windows boxes nowadays although I have used FileZilla for many many years. Always download from the source site of the software and you shouldn’t have any problems. Sourceforge was the last one standing and now they have gone the route taken by CNET and Download.com many many years ago.
Here’s a Reddit thread posted a year ago about FileZilla and Sourceforge so this story isn’t something new.
That’s really deceptive. Filezilla for example, the big green DOWNLOAD button that is the correct way for downloading a file says the file name. Yet when you click it, you are taken to a page that offers you a different file name.Someone also pointed out that it’s signed by ASK.com and reporting back in with ASK.com for data. I never want ask.com associated with anything I do.