# Did Sourceforge abuse user trust?



## sidetone (Jul 8, 2018)

https://www.pcworld.com/article/293...e-fleeing-sourceforges-free-software-hub.html
https://www.infoworld.com/article/2...sourceforge-commits-reputational-suicide.html

According to this, Sourceforge caused problems for Apache, Gimp and other software projects by trying to package in malware from their webpage, and by using misleading tactics. It suggested to get the download from the original source instead of from Sourceforge. It is a relevant issue for FreeBSD and for the opensource community.


----------



## ShelLuser (Jul 8, 2018)

You are aware that the articles you linked to are at least 3 years old?

This has been going on for a long time already and many developers also ran off because of it.


----------



## sidetone (Jul 8, 2018)

ShelLuser said:


> You are aware that the articles you linked to are at least 3 years old?
> 
> This has been going on for a long time already and many developers also ran off because of it.



I was aware they were from 2015 when I posted it. It wasn't posted anywhere on the forums, so it needs to be more visible from within the FreeBSD community. Some ports still use it, and Sourceforge is still in the Porters Handbook as SF. https://www.freebsd.org/doc/en_US.I...-distfiles.html#makefile-master_sites-popular


----------



## ShelLuser (Jul 8, 2018)

sidetone said:


> It wasn't posted anywhere on the forums, so it needs to be more visible from within the FreeBSD community. Some ports still use it, and Sourceforge is still in the Porters Handbook as SF.


So where's the problem in that?

From my point of view it _should_ be in the Porters handbook, even after all this, because although it may have fallen out of grace it is still one of the main hosting sites used by plenty of projects. Which in itself has nothing to do with FreeBSD but open source in general.

And as long as it's being used it should be listed in the Porters handbook and be made easily available for the ports collection.

It isn't the FreeBSD project but the programmers and developer teams who need to shun Sourceforge. When that happens then you might get a situation where inclusion of SourceForge doesn't serve any purpose anymore because no one is using it any longer. But until that time I think it serves no purpose trying to exclude it, it would only hurt the FreeBSD project.


----------



## sidetone (Jul 8, 2018)

ShelLuser said:


> So where's the problem in that?
> 
> From my point of view it _should_ be in the Porters handbook, even after all this, because although it may have fallen out of grace it is still one of the main hosting sites used by plenty of projects. Which in itself has nothing to do with FreeBSD but open source in general.
> 
> ...


I didn't suggest for it to be taken out of the book. But since it's in the book, the topic needs to be more visible. When someone uses a search engine, the FreeBSD Forums are easier to find. The topic was lacking from FreeBSD forum's search. It doesn't matter if those are old articles, it is still relevant, and deserves a mention in the forums.


----------



## ShelLuser (Jul 8, 2018)

Well, guess we'll agree to disagree   I don't see the added value myself to be honest, but each to their own.


----------



## obsigna (Jul 8, 2018)

sidetone said:


> I didn't suggest for it to be taken out of the book. But since it's in the book, the topic needs to be more visible. When someone uses a search engine, the FreeBSD Forums are easier to find. The topic was lacking from FreeBSD forum's search. It doesn't matter if those are old articles, it is still relevant, and deserves a mention in the forums.


You still are in need to provide newer assertions that SourceForge is still bundling malware. On Feb 9, 2016 the new owner of SourceForge let us know in the initial blog post:


> ... Our first order of business was to terminate the “DevShare” program. As of last week, the DevShare program was completely eliminated. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software ...


https://sourceforge.net/blog/sourceforge-acquisition-and-future-plans/

Can you prove that DevShare or something alike is still going on? In case not, please calm down.


----------



## Spartrekus (Jul 11, 2018)

sidetone said:


> https://www.pcworld.com/article/293...e-fleeing-sourceforges-free-software-hub.html
> https://www.infoworld.com/article/2...sourceforge-commits-reputational-suicide.html
> 
> According to this, Sourceforge caused problems for Apache, Gimp and other software projects by trying to package in malware from their webpage, and by using misleading tactics. It suggested to get the download from the original source instead of from Sourceforge. It is a relevant issue for FreeBSD and for the opensource community.



Sourceforce is like github, ... it is powered by Microsoft !


----------

