User: Password:
|
Log in / New account

SourceForge replacing GIMP Windows downloads

By Nathan Willis
May 28, 2015

In 2013, we reported that SourceForge.net had started to redirect the download links clicked on by some users, providing those users with an installer program that bundled in not just the software the user had requested, but a set of side-loaded "utilities" as well. The practice raised the ire of many in the community, even though it was an optional service that SourceForge offered to project owners. Matters may have changed recently, however, as the GIMP project discovered that "GIMP for Windows" downloads had suddenly become side-loading installers—and that the project could no longer access the SourceForge account that was used to distribute them.

As a refresher, the SourceForge side-loading installer was rolled out in 2013 as a program called DevShare, an optional service made available to SourceForge projects. The program replaced the generic installer package that a project uploaded for users with a customized installer that bundled in several smaller programs provided by SourceForge revenue partners. These side-loaded programs had a generally negative reputation—as "adware," "annoyware," or simply junk that consumed the user's computing resources uninvited.

But there were, at least initially, some clearly defined limits. DevShare only provided side-loading installers for Windows downloads, and project owners were told that they would have full control over what their program's installers contained. Nevertheless, a lot of projects found DevShare unacceptable and some of them—including GIMP—decided to move their project infrastructure off of SourceForge entirely. Perhaps notably, SourceForge responded to GIMP's departure in a blog post, highlighting the opt-in nature and transparency of DevShare—even reassuring the community that "we will NEVER bundle offers with any project without the developers consent."

Since late 2013, GIMP has hosted its downloads for all platforms (including Windows) at the gimp.org site. Up to that point, Jernej Simončič had been the maintainer of the GIMP for Windows project account at SourceForge, which the GIMP team had used to release Windows-specific installers. After the migration away from SourceForge, the GIMP for Windows account went dormant.

So it was a surprise that, on May 26, GIMP user "Ofnuts" first sent an email to the GIMP developers' list reporting that the GIMP for Windows page was now serving up DevShare side-loading installers. Ofnuts noted that the SourceForge project page was still the target of many links (which, of course, makes it rank high in search results), and suggested that it would be better to break those links than to have users download a side-loading installer.

Simončič then replied that he could no longer access the GIMP for Windows account, "apparently due to inactivity, although they haven't done anything like that with a few other inactive projects I'm a member of" and that SourceForge had not replied to his request that it stop distributing the unauthorized installer. Jehan Pagès noted that the SourceForge page included several packages posted after the GIMP team had left SourceForge, and that "this is clearly an impersonation of the official GIMP team. The GPL license allows anyone to do forks of GIMP, or do alternative packages. But that does not give them the right to pretend to be the official upstream."

The GIMP team then posted a notice on Google Plus, accusing SourceForge of hijacking the GIMP for Windows account, and warning users to download releases only from gimp.org itself. It also added an announcement to the GIMP home page warning users against downloading the SourceForge packages. The chain of events was quickly picked up by Hacker News, Reddit, and other online discussion forums.

A little more investigating revealed that administrative access for the GIMP for Windows project had been removed from Simončič's account entirely, replaced by the sf-editor1 account. In the Hacker News discussion, "makomk" reported that GIMP was not alone in this regard. In fact, makomk said, SourceForge seems to have adopted a new policy of "taking over the project pages of projects that've moved off Sourceforge and running the pages themselves as mirrors (apparently with added extras in the installers)." This program is described by SourceForge as the SourceForge Open Source Mirror Directory.

Furthermore, the sf-editor1 account is now listed as the administrator of well over 100 open-source projects, some of which are certainly mirrors of projects (such as Firefox) that have never have been hosted at SourceForge in the past. Others (such as VLC) are former SourceForge-hosted projects that have been abandoned and turned into mirrors. For some projects with lengthy histories, it is hard to say for sure whether or not the project ever had a SourceForge account at some point in the past. Exactly which projects are affected by the side-loading installer behavior is not yet clear.

For its part, SourceForge has since posted a reply on its blog, saying that the GIMP for Windows project "was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current." The post also claims that it changed the status of the project "to clearly delineate it as a mirror, and change administrative control of the project to clearly delineate that it is editorially curated by SourceForge." It goes on to say that SourceForge has not heard from GIMP for Windows's author:

Since our change to mirror GIMP-Win, we have received no requests by the original author to resume use of this project. We welcome further discussion about how SourceForge can best serve the GIMP-Win author.

That statement would certainly seem to contradict Simončič's account of recent events (Simončič said in the GIMP IRC channel that he first contacted the company about the issue on May 16). It is also debatable whether or not the current SourceForge project page adequately communicates that GIMP for Windows is a mirror. There are, for example, no links on the page that take the user to gimp.org—only links to the main SourceForge Open Source Mirror Directory page.

Regardless of whether or not the SourceForge project page looks like a mirror, though, the central problem remains that it has been replacing GIMP's official Windows builds with something else, and not informing users of that fact. By late in the day on May 27, several GIMP team members (such as Michael Schumacher) were reporting that the installers offered on the GIMP for Windows page no longer included the problematic side-loaded bundles. But the GIMP team has still not heard back from SourceForge representatives.

In the mailing-list discussion, Joao S. O. Bueno suggested that the team should take the matter to the GNOME Foundation for assistance. I spoke briefly to some members of the GIMP development team who said that, as of now, there is no plan to pursue any legal resolution to the situation—but that this is as much a pragmatic decision as anything else. Right now, the team just wants to "kick up a bit of a fuss" and quickly inform the public of what is going on. Requesting any formal legal advice would take much longer.

At the moment, the GIMP team appears to be winning the public-relations battle, so "kicking up a fuss" may prove to be the winning strategy. Nevertheless, there are still a lot of unanswered questions from this series of events, not the least of which is how many other open-source projects in SourceForge's mirror directory are still delivering Windows installers that are side-loaded with unrequested software addons—without the consent of the project teams. Given that the site performs OS detection and geolocation before redirecting a download request to a specific installer file, it can be a bit difficult to say for sure which projects' downloads are being affected—but the development community is certainly taking a close look.

(Log in to post comments)

SourceForge replacing GIMP Windows downloads

Posted May 28, 2015 14:30 UTC (Thu) by mordocai (subscriber, #71668) [Link]

"Since our change to mirror GIMP-Win, we have received no requests by the original author to resume use of this project. We welcome further discussion about how SourceForge can best serve the GIMP-Win author."

From the rest of the article, the GIMP windows dev didn't ask for control back of the project. He asked for them to cease their activity of providing downloads containing a modified installer. They twisted their words but I don't think they out-right lied. Very "clever" of them.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 10:20 UTC (Fri) by ewan (subscriber, #5533) [Link]

Or they're not acknowledging him as 'the GIMP-Win author'.

That is ballsy...

Posted May 28, 2015 15:25 UTC (Thu) by qrthur (guest, #101682) [Link]

So much *obscurantism* from a supporter of the open source and free software.

That is ballsy...

Posted May 28, 2015 17:07 UTC (Thu) by bronson (subscriber, #4806) [Link]

Sourceforge hasn't been a supporter of free software for years. Dice Holdings know it's over and are milking it for every last drop of revenue before shuttering it.

That is ballsy...

Posted May 29, 2015 8:41 UTC (Fri) by qrthur (guest, #101682) [Link]

Shuttering down SourceForce? No way, it generates A LOT of trafic, and a lot of the visitors are just lambda users that will get scammed by their new trick. I forsee a long and bright financial future.

Lambda users on Sourceforge

Posted May 31, 2015 20:06 UTC (Sun) by giraffedata (subscriber, #1954) [Link]

a lot of the visitors are just lambda users that will get scammed by their new trick.
What is a lambda user?

Lambda users on Sourceforge

Posted Jun 1, 2015 3:40 UTC (Mon) by apoelstra (subscriber, #75205) [Link]

What is a lambda user?
I'm not the guy who wrote it, but I read "lambda" with the connotation of a lambda function (meaning anonymous closure): a lambda user is a nameless user who only uses the site once.

Lambda users on Sourceforge

Posted Jun 1, 2015 9:57 UTC (Mon) by edomaur (subscriber, #14520) [Link]

it means "any anonymous user with a random basic knowledge of the tool"

Lambda users on Sourceforge

Posted Jun 5, 2015 21:47 UTC (Fri) by jch (guest, #51929) [Link]

I think it's a Gallicism. In French, "individu lambda" means "average individual", in the sense of "layman". It is attested since at least the 1950s, and became widely used in the 1980s. The origin is unknown, and while it most probably comes from mathematical usage, I doubt it originated in the lambda-calculus.

SourceForge replacing GIMP Windows downloads

Posted May 28, 2015 17:02 UTC (Thu) by rriggs (subscriber, #11598) [Link]

As I have said many times before, SourceForge is where open source projects go to die. DevShare, and now this sf-editor1 stunt, is just more evidence to support that point of view. They are now trying to monetize the rotting corpses of those dead and dying projects.

SourceForge replacing GIMP Windows downloads

Posted May 28, 2015 17:47 UTC (Thu) by rgmoore (✭ supporter ✭, #75) [Link]

I think you're wrong about SourceForge being the place projects go to die. It's a place that successful projects are leaving because it no longer offers anything of real value. That leaves projects too moribund to flee and the signs that successful projects once called it home. It's the latter that SourceForge is trying to monetize right now, not the former. Nobody is going to download the dead projects, but they might be fooled into downloading one of the living ones that's moved on to better places than SourceForge.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 6:55 UTC (Fri) by pabs (subscriber, #43278) [Link]

Is there anywhere that offers the same set of services as SF?

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 12:53 UTC (Fri) by ewan (subscriber, #5533) [Link]

CNET's download.com?

SourceForge replacing GIMP Windows downloads

Posted Jun 4, 2015 6:08 UTC (Thu) by pabs (subscriber, #43278) [Link]

Not even remotely the same set of services.

SourceForge replacing GIMP Windows downloads

Posted Jun 4, 2015 9:44 UTC (Thu) by ksandstr (subscriber, #60862) [Link]

They do have the same value-add.

(this was also the joke.)

SourceForge replacing GIMP Windows downloads

Posted May 28, 2015 18:30 UTC (Thu) by flussence (subscriber, #85566) [Link]

Hold up. SourceForge staff are distributing *Firefox* downloads with malware inserted, and presumably with all the trademarks unsanitized? Oh wow, that one is going to be fun to watch.

SourceForge replacing GIMP Windows downloads

Posted May 28, 2015 22:41 UTC (Thu) by roc (subscriber, #30627) [Link]

I don't know whether distributing unmodified Firefox code with sideloaded crapware is actually an enforceable trademark violation, but I've notified our people in the hope that it is!

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 16:51 UTC (Fri) by josh (subscriber, #17465) [Link]

As far as I know, Mozilla has pursued such things in the past, successfully.

Single GitHub of failure?

Posted May 28, 2015 18:52 UTC (Thu) by Yenya (subscriber, #52846) [Link]

Some ten years ago I wondered whether it was wise to put most of the Open Source projects to a single hosting site - SourceForge. Then Git happened, allowing seamless hosting by any hosting service, which can serve a directory tree over HTTP. No need of a central hosting service. But to my great surprise, even with Git people started using yet another central hosting service, GitHub. It would be interesting to watch whether the history would repeat itself once more.

On a related note - recently I wanted to contribute to some Open Source project, and asked the maintainer whether he would be willing to accept patches. His reply was "sure, send me a GitHub pull request".

Single GitHub of failure?

Posted May 28, 2015 19:42 UTC (Thu) by tshow (subscriber, #6411) [Link]

In fairness, it's pretty easy to migrate off github if you need to; fundamentally the repo is all still in git, and the issue tracking and pull request handling is dismal enough that you won't miss it.

Single GitHub of failure?

Posted May 28, 2015 20:09 UTC (Thu) by Yenya (subscriber, #52846) [Link]

Yep. I hope the situation with GitHub is fundamentally different, even though the similar set of risks does exist.

Single GitHub of failure?

Posted May 28, 2015 21:14 UTC (Thu) by Jonimus (subscriber, #89694) [Link]

The other difference is GitHub's revenue model being paid services based rather than ad supported which means if they end up short on cash they are likely to focus on more legitimate sources of income rather than the crapware SF has gone with.

Single GitHub of failure?

Posted May 28, 2015 21:24 UTC (Thu) by boudewijn (subscriber, #14185) [Link]

That's how sourceforge started out, too -- trying to get paid for professional project hosting and custom installs of the sourceforge software for big companies.

Single GitHub of failure?

Posted May 29, 2015 8:33 UTC (Fri) by javispedro (subscriber, #83660) [Link]

Exactly. IMO the situation is not very different from what Sourceforge was 10 years ago.
Git is distributed, but almost no one from current Github users knows how to make it work without a central master. Similarly, cvs was easily mirrored.
Most of Github users use it for its project management features: bug tracking, pull requests, wikis, etc. Most active Sourceforge projects are stuck there because of mailing lists and/or issue trackers.

I basically see this as a forecast on how Github and most plenty of other currently successful "code hosting" services will look in 10 years.

Single GitHub of failure?

Posted May 29, 2015 9:01 UTC (Fri) by micka (subscriber, #38720) [Link]

There is a notable difference in my opinion, the ability to delete a project, which apparently sourceforge doesn't have easily.
Of course, you won't delete any of the forks, but neither could you delete any copy of a project on SF. But you don't have a previously authoritative location turning rogue while you don't look. That's what's currently hapening with SF.

Single GitHub of failure?

Posted May 29, 2015 9:16 UTC (Fri) by boudewijn (subscriber, #14185) [Link]

That might be a difference _now_, but there is no guarantee at all that business considerations won't move github to remove that ability in the future.

Single GitHub of failure?

Posted May 29, 2015 12:19 UTC (Fri) by jospoortvliet (subscriber, #33164) [Link]

On the other hand, github has a healthy, growing business built on offering useful features to a wide variety of companies. Perhaps SourceForge TRIED the same, but they failed.

Single GitHub of failure?

Posted May 29, 2015 13:34 UTC (Fri) by boudewijn (subscriber, #14185) [Link]

Well, Github isn't profitable either. And even if they were, will they be in five years? Or in ten? As I argued on my blog, I'm getting "why don't you move Krita development over to Github" questions several times a week, and the answer deep down is "I don't trust them with Krita." Maybe I'd trust them if I'd pay them for their services, but on the other hand... Nah, not even then.

Single GitHub of failure?

Posted Jun 1, 2015 13:34 UTC (Mon) by jschrod (subscriber, #1646) [Link]

> In fairness, it's pretty easy to migrate off github if you need to; fundamentally
> the repo is all still in git, and the issue tracking and pull request handling is
> dismal enough that you won't miss it.

Is migration really the issue at hand?
One can export all ones' stuff from SourceForge as well, including tickets etc. Migrating one's project away from there is reasonably easy -- deleting one's project is difficult.

IMO, the really problematic issue is that SourceForge hijacks projects just because the admin account was not active for some time. And that is a severe breach of trust.

Single GitHub of failure?

Posted Jun 4, 2015 3:55 UTC (Thu) by donbarry (guest, #10485) [Link]

At least you got that far. I had a patch to submit to a project which is hosted in GitHub: try as I might, I could not even find an email for the project author: not only patches, but *communications* could only go through GitHub. As I have resisted as a matter of principle to create an account on that site and promote a non-free tool, I was unable to submit the patch.

Single GitHub of failure?

Posted Jun 5, 2015 19:42 UTC (Fri) by cesarb (subscriber, #6266) [Link]

> try as I might, I could not even find an email for the project author

Try cloning the project and looking at the commits directly. The commit's "author" and "committer" fields should have the author's email.

There's a setting on GitHub to associate you email addresses with your github account, so commits made under that email address show a link to the user in the web interface, instead of the email address. But that also means that the email address is probably valid, since IIRC it requires email validation to add an email.

Single GitHub of failure?

Posted Jun 4, 2015 14:24 UTC (Thu) by pboddie (subscriber, #50784) [Link]

Good to see some (technical and strategic) criticism of GitHub at last, given that for a large group of vocal but forgetful or uninformed people it is supposedly the best thing ever. Should legal or technical issues make GitHub unavailable to any significant portion of its audience at some point, there will be lots of squealing as people struggle to upgrade from their "CVS++" usage patterns that their favourite tool was supposed to remedy. Maybe they'll even notice that certain other version control systems provide decent Web interfaces out of the box instead of needing a proprietary service to lend that particular selling point to their favourite tool.

As for SourceForge, given the investment in trying to renew the hosting platform, it is disappointing that some "suit" has presumably decided to have their own Lenovo moment at the expense of people working to undo the "project boneyard" reputation. For what it's worth, the Allura platform is actually an Apache project now, although one could also say some pretty uncharitable things about the lifecycle stage of some things that end up under the Apache umbrella. Then again, maybe it also provides relatively decent extras for people wanting Web-hosted Git repositories, and maybe people will have the motivation to investigate it for such purposes one day.

Single GitHub of failure?

Posted Jun 5, 2015 19:49 UTC (Fri) by cesarb (subscriber, #6266) [Link]

> Should legal or technical issues make GitHub unavailable to any significant portion of its audience at some point, there will be lots of squealing as people struggle to upgrade from their "CVS++" usage patterns that their favourite tool was supposed to remedy.

Already happened in China. They were forced to backpedal and unblock it again. Then they tried a DDoS, but that didn't stick either. Quoting from https://www.techdirt.com/articles/20150331/07002030498/ch...

"But the much more interesting part is why China is using a DDoS attack, rather than its standard approach of just blocking access in China, as it has historically done. The key is that, two years ago, China tried to block Github entirely... and Chinese programmers flipped out, pointing out that they couldn't do their jobs without Github. The Chinese censors were forced to back down, leading to a sort of loophole in the Great Firewall. That leads to the next question of why China doesn't just block access to the URLs of the two repositories it doesn't like? And the answer there: HTTPS. Because all Github traffic is encrypted via HTTPS, China can't just block access to those URLs, because it doesn't know specifically what's being accessed."

Single GitHub of failure?

Posted Jun 8, 2015 23:57 UTC (Mon) by flussence (subscriber, #85566) [Link]

> Maybe they'll even notice that certain other version control systems provide decent Web interfaces out of the box instead of needing a proprietary service to lend that particular selling point to their favourite tool.

I'm happy with self-hosting CGit - it doesn't look much more advanced than gitweb on the surface, but it seems to do everything GitHub can other than the integrated issue tracking. A few months ago it gained https push support, and the syntax highlighting (one major reason for wanting a pretty web UI, right?) uses Pygments by default, which is leagues ahead of GitHub's current efforts.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 0:48 UTC (Fri) by jhoblitt (subscriber, #77733) [Link]

So now developers need to do copyright, patent, and trademark lawyering. Thanks dice - I will keep this in mind next time I'm advertising a job.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 1:25 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

> So now developers need to do copyright, patent, and trademark lawyering.

nothing new in this.

Fixing it with the licence

Posted May 29, 2015 6:37 UTC (Fri) by epa (subscriber, #39769) [Link]

I wonder whether crapware-bundling could be forbidden in a future GPL version 4? At the moment it would seem to be allowed under 'mere aggregation'. It is a hard problem, since nobody wants to forbid downloads of Linux distributions that aggregate GPL'd programs with a handful of proprietary drivers or apps

Fixing it with the licence

Posted May 29, 2015 9:14 UTC (Fri) by tao (subscriber, #17563) [Link]

Nobody? You've obviously never heard the FSF complain about how horrible it is that Debian has a (non-default installed) non-free section...

Fixing it with the licence

Posted May 29, 2015 12:11 UTC (Fri) by Seegras (subscriber, #20463) [Link]

> You've obviously never heard the FSF complain about how horrible it is that
> Debian has a (non-default installed) non-free section...

Well _I_ have heard the Debian project complain that the GFDL purports non-free invariant sections. Now THAT is horrible ;)

Fixing it with the licence

Posted Jun 2, 2015 7:28 UTC (Tue) by tao (subscriber, #17563) [Link]

Horrible that the GFDL allows for non-free invariant sections? -- Yes, it is.
Horrible that Debian complains about it? -- No it isn't.

Debian is simply consistent; rather than cutting the FSF slack just because they are the FSF, we apply the same rules when deciding on whether or not GFDL:ed things are free enough to be in main.

Fixing it with the licence

Posted Jun 4, 2015 16:29 UTC (Thu) by anton (subscriber, #25547) [Link]

we apply the same rules when deciding on whether or not GFDL:ed things are free enough to be in main.
Yes, crippling software like Gforth by deleting its documentation (which does not have invariant sections); you no longer even include the documentation in non-free. Good work, Debian!

Fixing it with the licence

Posted Jun 5, 2015 13:03 UTC (Fri) by robbe (subscriber, #16131) [Link]

Hi Anton,

Debian has an issue with all non-modifiable parts of documentation. In GFDL-terminology this includes invariant sections but also mandatory front- and back-cover texts. Gforth sports the latter, if I'm not mistaken.

That it's not even put in non-free probably is more for the reason of no-one caring than active avoidance.

If you (as upstream) don't want your software to be distributed by Debian in such a "crippled" way, I guess you can ask them to drop it altogether.

Fixing it with the licence

Posted Jun 6, 2015 14:05 UTC (Sat) by anselm (subscriber, #2796) [Link]

Either that, or package it yourself and submit it for inclusion in non-free.

Fixing it with the licence

Posted May 29, 2015 15:31 UTC (Fri) by epa (subscriber, #39769) [Link]

RMS complains about it, but he has also explicitly stated that bundling together free and non-free programs on a single DVD is permitted by the GPL, and deliberately so. (Sorry I cannot find a citation but the issue came up in the very early days of Linux distributions.)

Fixing it with the licence

Posted May 29, 2015 15:22 UTC (Fri) by tzafrir (subscriber, #11501) [Link]

What about the likes of Firefox and Chrome, that bundle some non-free components in the installer?

Or an installer that doesn't have anything bundled, but downloads (potentially non-free) components from the Internet (such as the Cygwin installer, or the Ubuntu installer from Windows)?

Fixing it with the licence

Posted May 31, 2015 12:25 UTC (Sun) by KaiRo (subscriber, #1987) [Link]

Firefox does not bundle any non-free software in the installer (unless you count the MSVC runtime under Windows). It downloads a non-free DRM module only after installation, if DRM is not disabled in preferences.

Chrome does bundle non-free software including Flash, you're right in that regard.

Fixing it with the licence

Posted May 29, 2015 16:03 UTC (Fri) by augustz (subscriber, #37348) [Link]

I'm not sure that you can ever stop rebundeling, but I do wonder about trademarks.

Do the original authors and owners of non-GPL licensed trademarks have a right to control how those marks are used?

In particular, could they request that if you bundle their software with adware / spyware etc that you call it something else to avoid confusion in the marketplace.

The idea would be that if you can redistribute, but could compile away the trademarks to avoid confusion. Centos used to do that, they could have (if desired) bundled adware without as directly impact redhat's reputation. That seems to preserve a bit of freedom to use software without hijacking the reputations of the original authors.

Fixing it with the licence

Posted May 29, 2015 16:42 UTC (Fri) by raven667 (subscriber, #5198) [Link]

> Do the original authors and owners of non-GPL licensed trademarks have a right to control how those marks are used?

I don't think trademarks have anything to do with the GPL which is a copyright license, they are entirely another field where the GPL has no influence, and are necessarily much more restrictive to have their useful effect. Rebranding modified versions of software, or modified collections of software, is just not that big a deal.

Fixing it with the licence

Posted Jun 4, 2015 17:36 UTC (Thu) by Wol (guest, #4433) [Link]

Properly used, trademarks are "guarantees of authenticity". Replacing the installer with a side-loader is a pretty blatant trademark breach.

Cheers,
Wol

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 12:52 UTC (Fri) by zooko (guest, #2589) [Link]

I’ve migrated all of my codebases to github, removed all downloadables, and changed the names of all of my projects to “delete this project”: http://sourceforge.net/u/zooko/profile/

I’ve also asked the admins of Crypto++ and pyOpenSSL, for whom I am a contributor but not an admin, to do the same.

I also saw that http://sourceforge.net/projects/twisted/ did the same.

I encourage every member of the Free Software and Open Source communities to do likewise.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 15:29 UTC (Fri) by dsommers (subscriber, #55274) [Link]

Abandoning SF for doing these things I can agree to.

But I'm not convinced github is the best place to move to, except of the amount of users they have. I would rather like to move my stuff to hosting services which has a true FOSS attitude. I don't feel that github is truly a true FOSS player.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 15:34 UTC (Fri) by epa (subscriber, #39769) [Link]

I think the only way you can really trust a hosting service not to turn evil is to pay them a regular monthly fee. Then their evilness will be limited to raising the prices.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 20:43 UTC (Fri) by cry_regarder (subscriber, #50545) [Link]

I'm surprised that more projects don't use https://www.fedorahosted.org/web/

SourceForge replacing GIMP Windows downloads

Posted May 30, 2015 9:26 UTC (Sat) by zenaan (subscriber, #3778) [Link]

Probably a good option for Debian and Ubuntu projects - looks like full unfettered git storage, at least for libre licensed projects. Mint and especially Kubuntu might want to take a look.

SourceForge replacing GIMP Windows downloads

Posted Jun 1, 2015 16:21 UTC (Mon) by ballombe (subscriber, #9523) [Link]

Debian provides alioth.debian.org (a sourceforge clone) since 10 years now.

SourceForge replacing GIMP Windows downloads

Posted May 29, 2015 19:35 UTC (Fri) by error27 (subscriber, #8346) [Link]

This story hasn't hit Slashdot yet has it? They are both owned by Dice. How much editorial control does the parent have?

SourceForge replacing GIMP Windows downloads

Posted Jun 4, 2015 7:56 UTC (Thu) by landley (guest, #6789) [Link]

According to Rob Malda, co-founder of slashdot (who left years ago), they're actively suppressing this story:

https://twitter.com/cmdrtaco/status/605156837059633155

SourceForge replacing GIMP Windows downloads

Posted Jun 1, 2015 13:19 UTC (Mon) by robbe (subscriber, #16131) [Link]

The main use for sf.net I still see is hosting free-to-distribute binaries. github is not that happy to do it, and the other alternatives? Sourceforge has still some sinking to do to reach the level of most one-click-hosters.

Hunting around for Android firmware, I'm always very pleased when someone put them on Sourceforge.

SourceForge replacing GIMP Windows downloads

Posted Jun 1, 2015 14:10 UTC (Mon) by karkhaz (subscriber, #99844) [Link]

Git Large File Storage on GitHub---relevant?

SourceForge replacing GIMP Windows downloads

Posted Jun 2, 2015 12:08 UTC (Tue) by jtaylor (subscriber, #91739) [Link]

The free usage on github has a limit of 1GB space and 1GB monthly bandwidth, that is nothing. To be an alternative to sourceforge they would need to have about 500 times higher free limits. So for now the project I work on does have to stick to sourceforge for the hosting or search for some refenue source to pay for more trustworthy hosting.

But we do need to remind our users again to verify the binaries via the gpg signatures before usage.

SourceForge replacing GIMP Windows downloads

Posted Jun 4, 2015 7:53 UTC (Thu) by landley (guest, #6789) [Link]

My build system downloads e2fsprogs, genext2fs, and squashfs source tarballs from their official location... on sourceforge.

There are Linux projects that still use sourceforge as their release tarball distribution mechanism. Hands up everybody who still trusts this?

Rob

SourceForge replacing GIMP Windows downloads

Posted Jun 5, 2015 19:34 UTC (Fri) by cesarb (subscriber, #6266) [Link]

> My build system downloads e2fsprogs, genext2fs, and squashfs source tarballs from their official location... on sourceforge.

As long as the build system verifies the md5sum^Wsha1sum^Wsha256sum of the downloaded file, there's no problem. And if it *doesn't* verify the downloaded file, you already have bigger problems, since these downloads are almost always not protected by TLS *and* also redirected to a third-party mirror.

SourceForge replacing GIMP Windows downloads

Posted Jun 8, 2015 23:42 UTC (Mon) by flussence (subscriber, #85566) [Link]

Gentoo provides a signed list of {sha{256,512},whirlpool} hashes for those files, directly grabbed from the SF mirror, so that turns it into a question of whether I trust the distro maintainer to have done the required upstream signature checking.

(now that I mention it, I should be doing that for the things in my local overlay...)

SourceForge replacing GIMP Windows downloads

Posted Jun 9, 2015 22:19 UTC (Tue) by nix (subscriber, #2304) [Link]

You certainly don't need to trust the e2fsprogs one -- the canonical e2fsprogs repo is at git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git, and, obviously, you can trust that!

SourceForge replacing GIMP Windows downloads

Posted Jun 10, 2015 10:38 UTC (Wed) by cesarb (subscriber, #6266) [Link]

That can still be MITMed. I prefer https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git which is on the same server, but with an extra hurdle for any MITM attempt. With modern git clients, it's as fast as the git:// one.

SourceForge replacing GIMP Windows downloads

Posted Jun 18, 2015 22:36 UTC (Thu) by stock (guest, #5849) [Link]

Just installed gimp 2.8.14 (as compiled by Jernej Simončič)
downloaded from gimp.org on WinXP (inside VirtualBox) and
works ok. The only problem is maybe the download speed
for 80 Mb as the time for download was 4 minutes.
Here's the screenshot :
http://s2.postimg.org/uzov67vrt/gimp_2_8_14_winxp.png

SourceForge replacing GIMP Windows downloads

Posted Jun 18, 2015 23:43 UTC (Thu) by stock (guest, #5849) [Link]

strange how postimg.org cropped the entire screen screenshot.
here's the original created by gimp for windows :
http://crashrecovery.org/gimp-2.8.14-winxp.png


Copyright © 2015, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds