Stories
Slash Boxes
Comments

SoylentNews is people

SourceForge Using Mirrored Projects and Including Adware

posted by janrinok on Thursday May 28 2015, @03:12PM   Printer-friendly
from the this-is-not-the-host-you-are-looking-for... dept.

ghost suggests a story that starts with a notice on plus.google.com:

Google, or someone using their hosting service, noted that SourceForge had established a mirror to the official GIMP-for-Windows site and were now offering downloads which contained adware:

It appears that +SourceForge took over the control of the 'GIMP for Windows' account and is now distributing an ads-enabled installer of GIMP. They also locked out original owner of the account, Jernej Simončič, who has been building the Windows versions of GIMP for our project for years.

So far they haven't replied to provide explanations. Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page.

SourceForge's mirrored sites facility is described thus:

The Open Source Mirror Directory is an extension to our existing software directory, where we'll be mirroring projects that are not hosted on SourceForge, and SourceForge projects that have been abandoned.

The problem, though, is that GIMP-for-Windows is not an abandoned project, but moved from SourceForge to Google because the writers "had concerns about the presence of misleading third-party ads on SourceForge".

SourceForge has responded, acknowledging that Gimp-Win had abandoned SourceForge due to misleading ads and claim "They were not alone in those concerns — we were also concerned — leading us to establish a program to enable users and developers to help us remove misleading and confusing ads." They also admit "Mirrored projects are sometimes used to deliver easy-to-decline third-party offers..." which suggests that they have merely changed the way that they deliver their ads - but not necessarily the ad's content. So, some might say, they've rectified the situation by providing both misleading ads and misleading hosting.

SourceForge also say "Since our change to mirror GIMP-Win, we have received no requests by the original author to resume use of this project. We welcome further discussion about how SourceForge can best serve the GIMP-Win author." Perhaps letting the writer choose where he hosts his project would be a good place to start.

Sourceforge hijacks GIMP For Windows project, adds malware to downloads

David Gerard adds the following information:

SourceForge (SF) has taken over control of the GIMP for Windows SF project and is now distributing an adware/malwared installer for GIMP. They also locked out the maintainer, Jernej Simončiči. Sourceforge claims it was "abandoned" and they're providing a service by "mirroring" the original, though it's unclear how much value malware adds for the end user, rather than for SF. (This comes two years after SF claiming its malware was just "misunderstood".)

Since being busted, SF is now serving an .exe that matches that at the official download site.

Other projects recently hijacked by SF include many Apache projects (Allura, Derby, Directory Studio, the Apache HTTP server, Hadoop, OpenOffice, Solr, and Subversion); Mozilla Firefox, Thunderbird, and FireFTP; Evolution and Open-Xchange; Drupal and WordPress; Eclipse, Aptana, Komodo, MonoDevelop, and NetBeans; VLC, Audacious, Banshee.fm, Helix, and Tomahawk media players; and many others.

[Editor's Comment: First Submission and 2nd Submission. Submissions significantly edited before publication]

 
This discussion has been archived. No new comments can be posted.
SourceForge Using Mirrored Projects and Including Adware | Log In/Create an Account | Top | 80 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday May 29 2015, @09:18AM

    by Anonymous Coward on Friday May 29 2015, @09:18AM (#189578)

    I hope whoever moderated that post as spam gets his moderation rights revoked (unless it was by error, and the moderator informed you about the error). Whatever you may think of that post, there's one thing it definitely isn't, and that is spam.

    And while I'm not a fan of the suggestion that all moderator names should be published, I think it should be public who moderates a post as spam. A spam moderation is not an ordinary moderation. It should not be treated as one.

    Maybe the cost of spam moderation should be increased to match the severity of the moderation; say you need three mod points to mod someone spam. There's fortunately very little spam on this site, and moderation points are given daily, so I don't think the extra cost would have a negative impact on moderation of actual spam; moreover, if spam should ever get a major problem, such a change could easily reverted.

    To avoid spam moderation by mistake, a spam moderation request probably should also come with a confirmation question, for example:

    Your moderations include a moderation as spam for the comment [link to corresponding comment, with comment title in the link text]. Please be aware that an unjustified moderation as spam may cause you to lose your moderation rights. Are you sure you want to moderate this comment as spam? [Yes] [No]