How did the old-fashioned site of open source software "SourceForge" fade away?

ByHugh Gallagher

As a development and download site for open source software, a well-established "SourceForge"Is falling into the situation where software developers can throw a three-and-a-half. It is like this when you summarize "How long did the established website fade?"

Black "mirror": SourceForge has now taken over Nmap audit tool project [Updated] | Ars Technica
http://arstechnica.com/information-technology/2015/06/black-mirror-sourceforge-has-now-siezed-nmap-audit-tool-project/

SourceForge grabs GIMP for Windows' account, wraps installer in bundle-pushing adware [Updated] | Ars Technica
http://arstechnica.com/information-technology/2015/05/sourceforge-grabs-gimp-for-windows-account-wraps-installer-in-bundle-pushing-adware/

Avast blog »Malformed FileZilla FTP client with login stealer
https://blog.avast.com/2014/01/27/malformed-filezilla-ftp-client-with-login-stealer/

What happened to Sourceforge? Etix's weblog
https://blog.l0cal.com/2015/06/02/what-happened-to-sourceforge/

SourceForge is a free software · open source software (FLOSSIt is a well-established hosting service provider that provides a place to publish software to developers of the site, which has millions of users worldwide.

◆ FileZilla malware outbreak
The incident that triggered questioning of SourceForge's service is FTP client software "FileZillaIt was a malware riot of. FileZilla was known as FTP client software capable of high speed file transfer, but in January 2014Security company Avast reports "Malware loaded version has been uploaded and released". Since the source code of FileZilla which is an open source program has been released, the fake program whose source code was rewritten by a malicious thing was made public and the damage was expanded.

Initially, in order not to download fake FileZilla, "developerOfficial siteAlthough I was instructed to download from SourceForge, "SourceForge's FileZilla page says" The worst with malware "☆ One rating has been reached, and FileZilla with malware on SourceForge is open to the public Was revealed.


◆ GIMP withdrawal incident
And in May 2015, image editing software "GIMP for Windows"The third party software such as Norton and MyPC Backup was bundled without permission, and the case where the author of GIMP protested occurred.


Probably, the GIMP distributed by SourceForge was changed from "GIMP project" to "sf-editior 1" by the project manager, and SourceForge was acquiring the administrator authority itself. As a result of the GIMP project protesting on the official website, SourceForge announced that it will cancel the unauthorized bundle of software and return administrator authority.

According to SourceForge, since the software page of GIMP for Windows has not been updated for 18 months, it judged as "neglected", it is not official but "mirror (mirror"As a result of handling it as advertising software was bundled. However, we insist that the GIMP project has continued maintenance, and we object to SourceForge's explanation.

With the case of GIMP as an aircraft, SourceForge is handled as a mirror in the case of a program which has not been updated, and advertising software may be bundled distributed in some casesFormally announcedAnd asked for the understanding of developers and software users. Among them, the mirrorized program also declared to change the status so that you can see that the project is managed by SourceForge.

◆ Nmap riot
In June 2015, the same situation as GIMP is the security scanner software "NmapEven it happens. Developer of Nmap, a developer known as "Fyodor" on the forum, said Gordon Lyon,Ars ThecnicaE-mailed to him that "Nmap's administrator's privilege was deprived by SourceForge". According to Mr. Lyon, the content of the old page of Nmap is ported to the new page managed exclusively by the editor of SourceForge, and the old page was in a blank state. Mr. Lyon said that he can no longer trust SourceForge.


◆ Trouble with VLC
SourceForge, which was found to be having trouble with popular software developers such as GIMP and Nmap, is one of the most popular video players in SourceForgeVLC media playerIt was also clarified on the blog of Mr. Ludovic Farbett, a VLC developer. Mr. Farbet has alleged to SourceForge not to display the fake advertisement download link which is displayed fraudulently on the download page of VLC provided by SourceForge.


SourceForge's VLC download page said there were seven "Download" buttons, Mr. Farbet said.

Although protesting fraudulent advertisements are deleted once, they are said to resurrect immediately if they noticed, and it seems that the situation did not improve easily. Still if you continue protests, Mr. Farbett reveals that SourceForge has asked for a suggestion "Do you want to distribute earnings? It was triggered by users receiving VLC using many fraudulent download site links, triggered and launched a new server that distributes VLCs around April 2013 and raised it from SourceForge It was.

At that time, losing the VLC which was the most popular software downloaded at SourceForge seems to have been pretty bad for SourceForge, and soon SourceForge employees suggest "more favorable revenue sharing" and return to SourceForge Although he urged the VLC team, he said he refused. Strangely, at the same time as refusing the offer to the server that was providing VLCDDOS attackMr. Farbett said that he had received the.

GIMP ripple triggered Mr. Farbet to examine SourceForge's VLC project, it was the same as GIMP's case without the contact without any permission, no longer have access authority as an administrator He said that he was. But fortunately it seems that binary data was not touched, probably because he is digitally signing all binaries for Windows, Mr. Farbett guesses.

SourceForge's Future
Currently, open source software developers focus on "SourceForge, goodbye SourceForge" has been deployed campaign SourceForge.

Goodbye, Sourceforge!
https://helb.github.io/goodbye-sourceforge/


As Mr. Farbett of VLC says, "It is sad to see the behavior ignoring the rights and achievements of the open source community by companies that did a great job 10 years ago" is a straightforward software developer I think it is an opinion. It seems to be said that dark clouds are standing in the future of SourceForge which lacks respect for software developers.

In addition, "SourceForge.jp" which operated the download site of open source software in Japan,"The divergence between OSDN's management policy that" closely to the community that loves technology with a focus on all open source and IT "and the direction of business direction between Dice Holdings Inc. (which manages SourceForge)Because of that reason, I abandoned the SourceForge brand, and from 11th May 2015 "OSDN.jp"We restart the service as.