Slashdot Mirror
SourceForge Terms of Service Change, Users Unhappy
An email fluttering around a few mailing lists has been submitted in
various forms here today. It's about changes to the SourceForge
terms of service. Some relevant links unclude the
old terms,
new terms,
old privacy statement,
new privacy statement
and
contact for "questions or concerns"
(Patrick McGovern, Site Director). Obviously since SF is owned by the
same parent company as Slashdot, I'm biased and corrupt and you should
ignore my opinions on the subject, but while
I don't particularly like this any more then anyone else, I also
don't think it's the huge deal that others are making of it. Especially
considering projects aren't paying for the free service. You get
what you pay for after all.
I have attached a summary to this article of the changes that are
being called into question if you don't want to do a mental diff
on the links above.
This list was submitted by a few different users and was apparently originally posted to several mailing lists, although I don't know who actually originally wrote it. I just quote it here for reference.
- They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
- They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
- They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
- They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
- The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
If they disclaim the privacy policy, why do they bother having one at all?
You are all fartheads.
"Other Notification: In order to implement or enforce the Terms of SourceForge.net, SourceForge.net may use personal information to contact users on an individual basis."
What this basically means is that they reserve the right to call you on the phone at 3 AM and breathe heavily.
Sounds like they're trying to streamline the administration of the service so as to make it more attractive to a buyer... Wonder if they have any particular company in mind?
Somebody should come up with a system that allows you to host your opensource projects on your own server.
Like a combination of CVS/PHP with a saucy bug-reporting and discussion thingie..
I'm sure one already exists.
Dave
So they changed their terms of service saying they can change their terms of service in the future (whooopie), and that they can delete user's accounts without needing cause.
I think this is perfectly reasonable; they're running the show, and a lot of the time in communities, there are members you need to deal with. I think the changes listed are more of an administrative streamlining than a major conspiracy.
Now, if they start abusing things, folks will be all over them, and they'll be sorry they did. So that ain't gonna happen.
Not a big deal.
-me
Love many, trust a few, do harm to none.
snip
NO GUARANTEES
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
/snip
Anyone who's using Sourceforge to host their project, as I am, should be realistic about what they're getting and for how long they'll get it.
First of all, I love sourceforge. It gives me all of the things I want right out of the box and for free. User forums, bug tracking, SSH CVS, and so on.
However, it is free and I think we all know has a pretty slim chance of making money. With that in mind, no matter what their polcies state there seems to be a pretty good chance of them just exploding one fine morning and taking a whole bunch of source down with them. Make backups, I should too.
Other than that, we can be a demanding lot so try to go easy on these guys, let's give them a chance to survive.
I host a project at sourceforge, and I've been more than happy with the service I've gotten. I have CVS space, ftp space, mailing lists, discussion boards, and web space. And as far as I can tell, they have nothing from me except for some slightly useful information from my profile.
Big whoop.
There is nothing they can take from me. I have the source code. I update my local cvs daily. The project webpage is garbage, and half of the discussions about development are in email. The greatest benefit is that the package I run has been difficult to find, and now it has a 'permanent' home.
I'd have more problems with, oh, say, Comcast changing the TOS. Or M$. Or AOL. When those guys change things, I always get the "I changed the bargain, just pray I don't alter it any further" impression. With sourceforge, I AM A LEECH. I live at the whim of my host.
If they piss me off, it's off to the FSF hosted site. No problem.
Hey, I don't like the VA Systems->Linux->Software scam. I'm part of the gang whinging about the 'post'. And I often question the integrity of folks. But sourceforge.net never promised anything, and they haven't disappointed me yet.
Nothing to see. Move along.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
of getting Sourceforge to kill off old, inactive projects? Seriously, the tree needs a little trimming. One has to wade through so many unmaintained alpha releases when trying to find a specific thing that it's easier to do a search on Google these days.
SF is a great resource and all, but there needs to be some way to filter out the abandoned stuff.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
They suck you in with a good promise, and then WHAM, they change the source on you.
You should have seen this coming.
You get what you pay for after all.
An ironic quote coming from someone who supports FREE software.
Fuckers. I'm gonna write to write them a nasty email about that.
Matthew G P Coe
http://mgpcoe.blogspot.com/
But i still feel cheated, because i want more.
After being registered for over two years, about a week ago I started my first project there. And a couple days later they change their policies so they can kick me off, keep all the stuff I put up there, contact me whenever they want and sell my personal information. Coincidence? :-)
Do you keep anything private at SourceForge. No. Do you keep all project info on their servers or are they just a mirror to others. Yes (to the latter.) Would it kill you to reenter your name and wait for a mail? No. Sure, having your account deleted is annoying, but then again; what is time? Free as SourceForge.
Look a monkey!
Yeah, baby!
It's a bit questionable if you need a CVS somewhere else, a mailing list archive somewhere else, a patch archive somewhere else, project homepage somewhere else.. whether it's any use to have them a SourceForge at all.. too bad since it really is a great tool, even if sometimes really laggy.
This sure ain't good news for maintainers of small projects.. especially of projects of questionable usefulness..
Software should be free as in speech, but if we also get some free beer, all the better.
I'd pay up to $24 per year for this service. I host my projects on sourceforge and think it's easily worth $2 per month.
For what it's worth, I make no money on any of these projects ... I would just look at it like I look at paying for DSL or web hosting or anything else.
1. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
To say that the clause at the end claims the privacy policy is "not true" is pretty simplistic. It attempts to avoid iablility for circumstances beyond their control, which is a far cry from disclaiming the entire thing.
In other words if armed men break into our facilities and steal our database and sell it to spammers, or our daatabase administrator gets a brain tumor and tries to "MAKE MONEY FAST!", we think we shouldn't be sued.
NO GUARANTEES
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
Since I don't think we're dealing with an vast evil corporate conspiracy here, I don't think the proper reading of this is "these statements are not true."
Basically they're protecting themselves against crackers. If someone steals the password list, they aren't responsible. I don't think that this means they're going lax on security or forgetting about privacy, it just means that shit happens, and they don't want to be sued.
As to the rest of the changes: this is their perrogative. They don't have to warn you about service changes. And if that fact alone bothers you, you can take your (non-paying) business elsewhere. It's how they use this priviledge that matters, and I don't think that they are going to radically alter their service in an attempt to scam users.
In Capitalist America, bank robs you!
Wow, I so didn't realize that you get what you pay for. In that case, I think I'll get rid of all my linux machines and commission a port of windows xp to the mainframe and 3270 terminals I'll have to buy - that'd cost plenty, so it must be great stuff.
this is a horrrible thing. except for the fact that i'm disgusted, i see the need for a new service. anyone willing to step up to the plate?
Why even have a privacy policy?
Oh, I know, So people will see link and say
"Well I am glad they have a privacy policy, I will not even bother reading it. It is all standard boiler plate anyway... It is a good thing my rights are being protected."
One thing I do commend them for.... They are honest.
I see no problem with protecting the software that VA software owns...............:) its just not knwon by the project managers that VA has their intellectual property
How about they sell for a low cost archives of current CVS on cdrom/dvd... ? would help generate a bit of revenue and keep the source alive for another day if they implode ' one fine morning' ( or are shut down for 'our protection against terrorism' by a government )
---- Booth was a patriot ----
Note that this follows a previous removal of the tools needed to copy an entire project from SourceForge and move it elsewhere. It's not impossible to do that, but it takes more work now.
So, if your project is important, get it off SourceForge now, before it's too late.
You get what you pay for after all.
... and I can relate, as I have some libertarian leanings myself), then I suggest you consider, with an open mind, the implications of applying one set of assumptions (scarcity and greed driving a free, self-organizing market) vs. the actual conditions (a fundamental lack of scarcity in the electronic world) which may well make those assumptions invalid in the context in which you are trying to apply them.
... we are dealing with an area that interfaces the (cyber)world of virtually unlimited abundance (virtually zero-cost copying) and the physical world of scarcity. It is along this interface that the most interesting problems and opportunities are going to arise (and the area the copyright cartels would be concentrating on if they had any intelligence, rather than trying to use authoritarian laws to impose their business model on a world which lacks the scarcity they require).
Amazing. Now I understand why the slashdot editors really appear to not "get" a lot of fundamental things, like the ongoing, direct harm the Copyright Cartels (Hollywood and the music industry in particular) are doing to free software.
"You get what you pay for," is demonstrably a myth. (c.f. GNU/Linux, FreeBSD, non-paid sex, love be it familial or romantic, and as a counter example underscoring the very same point, Windows vis-a-vis quality, used cars, enron stock, and so on ad nauseum.). Air is the most valuable substance to any living, breathing human. Don't believe me? Try going ten minutes without it. Yet it costs nothing.
With free software you don't "get what you pay for," you get what many thousands have contributed to a public commons to give themselves and you, with a resulting value far greater than any single enterprise could possibly offer. These contributions are often completely unrelated to any economic value as defined in the traditional market sense, and are only very indirectly related to any sort of free market or monetary value at all.
If you don't understand this (because of your libertarian bent of capitalism ueber alles, perhaps
In this particular case the area is more gray
I should point out that the Free Software Foundation's GNU project offers a similar service to sourceforge called Savannah, which I highly recommend. Will the laws of supply and demand as created out of scarcity apply, or are there enough willing donars, and enough inexpensive (or free) resources available that the laws of plenty will apply? In this gray area the answer is probably both yes, and no, depending on local circumstances and conditions.
In any event, the notion that "you get what you pay for" has been disproven numerous times in the physical world of scarcity-driven capitalism (ask any number of people who have purchased property or used automobiles, only to have their worth drop to zero, or climb insanely, in no relation to "what they paid for"), and in the abundant sphere of free software is demonstrably inapplicable in nearly every case.
The Future of Human Evolution: Autonomy
1. They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
It is a free service... if they want to change something should they be shackled by having to email all the users to change anything?
2. They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
They avoid leagle entanglement for said free service... People abuse free systems, they need to be delt with quickly and effectivly.
3. They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
The users should have local backups... this is more then resonable.
4. They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
Hmmm, some web notice would be nice... but again it is a free service...
5. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
Well, if you bother to read (and comprehend) the policy you should know what you are in for, again it is a free service...
Have you read Hotmail Terms of Use?
You know they have your best interest at heart.
~Sean
True dat.
I don't particularly like this any more then anyone else, but I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all.
Ain't it always the case? You start making lots of money and the Republicans start making sense.
The fact is that the TOS is just a reflection of what kinds of decisions the management is going to be making anyhow. So this TOS is just a foreshadowing of what they plan to do in the future. Bad or good, they plan to work much more efficiently...
I use Linux, I love Linux, but let's face it: these guys have been way too cool till now and they _must_ make money.
Not become filthy rich nor put the competition out of market, but they got bills to pay, damn!
This is no different than any hotel or storehouse.
I hope they get by with ads or some kind of sponsorship, club fees or the like... and mainly because for some projects and some poor coders free is all they can afford.
But I can't demand things to be free. Sourceforge has been GREAT till now and I thank them very much.
Linux seems unstoppable; I hope these guys find a way to surf on this wave.
"You get what you pay for after all."
Hmm, I'm going to say that about Linux now.
Let's see how that get's moderated.
OF COURSE THESE CHANGES ARE BAD! Read between the fucking lines. If Microsoft did the same thing with Hotmail, you guys would be all over them.
Look at the privacy statement. No guarantees? What does that mean?
They can cancel your account for no reason? What about open source projects that they don't like for whatever reason? They don't even have to return anything back to you.
This is a disgusting change. Sure it's free, and there's nothing you can do about it, but don't all of a sudden turn your back on common sense.
If all this should have a reason, we would be the last to know.
Looks like a bunch of CYA stuff.
e.g. The term "reasonable effort" is open to a million interpretations. Anything you do would likely disapoint somebody. Promise nothing and you always exceed what was promised.
Use the service to its best advantage, don't rely on SourceForge (or anything else) 100%, and if it doesn't work for you move on. After all, it IS free.
"Glory is fleeting, but obscurity is forever." --Napoleon Bonaparte
These new changes are the last straw, and now after thinking it over for a long time I'm finally going to have my SourceForge account cancelled, but the new terms aren't the real problem. The real reason I'm having my account cancelled is that SourceForge's TOS requires that I "indemnify" them for any trouble they get into as a result of my actions on their system.
In other words, if I do something that upsets a corporation with a legal department, and SourceForge gets sued, I have to pay their lawyer's bills.
Because of that clause, I can't do anything that is legally sensitive; and because free software is by definition revolutionary, I can't do anything real or important on SourceForge at all. I respect and admire the Freenet people, who are going ahead and hosting with SourceForge anyway, but I have no wish to emulate that display of courage. I don't blame SourceForge for having the indemnity clause in their TOS, but it means that their service isn't much use to me. The risks are just too great.
Incidentally, y'all have missed the most important new terms in today's revised TOS - the new DMCA compliance terms. Those, too, are perfectly understandable, and I can't blame SourceForge for having them. As a business operating in the U.S.A., SourceForge is legally obligated to have DMCA compliance procedures. But if I had any illusions left that SourceForge was part of the revolution, those illusions are gone now. SourceForge is now just another profit-making business, and I don't need, or have any particular reason to want, to do business with them. I'll be hosting my free software on amateur servers outside the U.S.A. (I'm outside the U.S.A. myself) where I can be assured of its continued freedom.
Lets see...I don't pay for Slashdot. OK now I know what you mean.
CmdrTaco wrote:
but I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all.
What the heck kind of attitude is this for the founder of a pro-Open, pro-Linux website, CmdrTaco?! I took a quick diff of the terms of use changes, and you're right, it's not a big deal. But reinforcing the myth of "you get what you pay for" doesn't help traditionally minded people embrace new paradigms such as Open and Free. Tsk tsk.
While I don't really think sourceforge will be going down soon, savanna is a good alternative. It is based on sourceforge source code, (it was GPL after all), and should have most facilities sourceforge users are used to. It is also garantueed to stay Free.
A reason to celebrate in Holland MI this morning as Rob Malda, aka CmdrTaco, has pulled through his brutal sodomization and actually seems to feel better.
"I feel better now" says Malda who attributes his survival to having a rare rectal disorder that allows him to dilate his anus up to 8" wide. "I am a very lucky man," Taco said. He then requested ice cream and a salt water enema.
Nobody has to use them for their project. There are other services like Yahoo Groups which work fine, for small projects at least.
It would seem these types of "ad sponsered" services can only work if they perform "editorial" functions. Otherwise the "dark side" can just flood them with garbage, overloading them with junk and causing them to shutdown in frustration. That's basically another form of DOS attack, it's more subtle though and even sounds like a "free speech issue". Look at the problems of "junk speech" showing up on slashdot to get the idea. It's obviously done to degrade the service and cause harm... In such cases I think a vigorous response is required.
...
Anyhow let them have the tools to do the job. Personally I think they ought to offer the service for a small fee, something like a web hosting service but tune'd for the software distributor. I already keep a seperate web space and could just as easily host at sourceforge. They should also have shopping cart service for shareware and for developers that do both freeware and commercial software. Finally a small fee based update subscription service would be great for people who don't have the time to track all the different projects. Something that auto-pulls stuff to your system but lets you control install/backup
Slashdot, I'm biased and corrupt and you should ignore my opinions on the subject, but while I don't particularly like this any more then anyone else, but I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all.
CmdrTaco massacres the English language like Sourceforge massacres the Open Source movement.
A user can change the focus, methods, or anything else about their projects...
So why can't SF?
thirsty*i^2
"Ya I finished that last week, it just doesn't work"
After visitng linuxworld and drilling their sales reps we came to the conclusion that Sourceforge can't compete with free alternatives. (by 'we' I mean the software Co. I'm working for)
Bugzilla/bonsai/tinderbox provides a more complete solution. We were even able to modify the trio to deal with java, our many different build scripts (make is rather lacking for java), and our test automation.
What we found was that Sourceforge provided discussion groups which we got using exchange or INND, bug tracking which wasn't nearly as feature rich as bugzilla, and cvs integration which bonsai provided just as well. It was still lacking the automated builds, and by the time they got back to us after linuxworld we had allready deployed the bugzilla solution (partly thanks to some nice debian packages put together by Remi Perrot).
One large drawback is that bonsai relies on glimpse as its fulltext indexer. Glimpse used to be free but since then has gone commercial. We were, however, able to find some old glimpse source (which may have been GPL or artistic license - perhaps we should redistribute the old code as GNUlimpse).
We have made our own tweaks to bugzilla/tinderbox/bonsai and contributed a few of them back to the mozilla developers (in the future probably all will be recycled into the public implementation).
If it is, I'd like to say it was a neat place for awhile. thanks to Taco et tal, perhaps we'll see you again on the 'net in some other shape/form.
Cancelling all promises for any expectation provacy to account holders seems like rolling up ones pantlegs before a shit storm.
I can see that somebody might get their account deleted without any notification and lose all of the work they've been doing. If I have to make an effort to keep copies of everything somewhere else in case something happens, why exactly am I hosting my work there in the first place? Seems like an e-mail and a couple weeks notice would be nice.
This sig has been temporarily disconnected or is no longer in service
Yes, it's CmdrTaco's site, but it looks bad when a VA employee uses his position to put his opinion that a controversy involving his employer is a non-story in the article rather than in a comment.
It would be better form to use a just-the-facts approach in the story itself and then post opinions as comments like every other user. Another possibility would be to have a separate "Editorials" section for staff members to give their opinions, and to have a separate news item and editorial in cases like this.
"You get what you pay for after all", what a laugh coming from a open source advocate. BillG must love it when comments like this get pointed out to him.
This is true, and it's also the #1 reason why open source is having such a hard time gaining acceptance in many businesses.
These changes are really pretty minor, especially considering what a great service it is. They have the hardest maintenance problem of any open source project: users. Imagine what it's like providing service and support to a bunch of egotistical nerds, for free, and doing a great job of it.
Free software developers have a much easier time. They mostly live in their code, and interact with whiny users only occasionally. I've never bought a free software cd, and have made only small monetary contributions to free software organizations, but I'd gladly pay sourceforge for the service they're providing.
I dug around the account maintenance page, but didn't see any way to delete my account.
4.They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
Out of the 5 changes, this is the only one that I don't like. I'd like to harbor the illusion that I have some control over my personal information. So if there is a change to the privacy policy, I would like some notification.
Brought to you by Team SPAM! where we believe: "Information in the noise!"
I've been hedging my bets for a while on Sourceforge. I have a fairly popular project (over 1 million downloads) hosted there. This week I've averaged something like 5000 downloads/day at 10+MB each (which is why I have it on SF rather than on a server I pay for). I've been questioning how long this can last. There's no way SF can get enough revenue from my project to cover that kind of bandwidth usage. So, I wrote a simple PHP-based distributed mirror system (100% Buzzword Compliant(TM)) that lets people handle very small portions of the download traffic with daily bandwidth limits. I'm hoping to start shifting some of the burden off SF so that it isn't a single point of failure in distribution. Eventually the gravy train of massive free bandwidth is going to end.
The Glass is Too Big: My Take on Things
That's a good point Matt.
Is there an alternative service to Sourceforge (free or otherwise) that does the same thing? Anyone know where people would go if SF goes tits up?
I also wonder how much they make from their shrink-wrapped product? Anyone know of organizations that are buying this?
E.
BTW. Matt: Streamsicle looks cool, are you aware that the web-installer craps out on Mandrake 8.1? I guess you get what you pay for.
They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
Does this give sourceforge "ownershp" of all information? Does it preclude legal remedies to get the data back?
All other items I'm OK with but this one can have far reaching effects.
Well, the same morons are now whining about these very modest (IMO) change in SF's terms of service, and I'm just loving it. All you complainers: Hey, it's a free service! If you don't like the T&C changes then go start your own web site that does what SF does for the community, at the same price, but in a way you think is "better." Any takers? No, I didn't think so.
"You get what you pay for after all" -- CmdrTaco.
Indeed. Just like free software. I trust the irony is not lost.
I mean, basically they say "we'll do what we want without you knowing unless you read all of our TOS on an hourly basis". I'd say this makes the whole service - free or not - totally worthless. They could take your work and sell it under their own copyright.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
How about this? Replace PROJECT with your project name:
(change into a suitable directory to put your CVS tarball in)
(change to where you want your working directory)
I think the GNU project is running something called Savannah which is basically sourceforge's engine running on their server. Yep: http://savannah.gnu.org/ Disclaimer: I really know nothing about the service save that it exists, RTFFinePrint. For all I know, there is an "All Your src Are Belong To Us" clause in the user agreement.
News for Geeks in Austin, TX
I saw this ad while reading this story.
/. and SF changes their TOS in the same day.....coincidence?
Hmm, first M$ ad on
Dun dun dunnnnnN!
what's it cost to get a big-ass mainframe to host it all? a quarter mill? that's chump-change. and a ds3 is only $18750 a month, hell, i'll order up two or three. and then i'll give it all away for free because, uh, i dunno. but that would show those bastards at sourceforge.
Probably would have to be dvd or multiple CDs. I don't have any real figures but I imagine there is way more than 650ish megabytes of src on sourceforge. Since they have that Foundry system, maybe you could order on a per-Foundry basis (e.g. get all the stuff in the Perl Foundry or something).
Anyone have comments about the maturity of Savannah? I know of several projects that have moved from SF to Savannah recently and wondered how comparable the two services are.
From the Hostmail Terms of Use:
By way of example, and not as a limitation, you agree that when using a Communication Service, you will not:
Funny. I thought that point was their business model and represented their 'heaviest users' base! (Of course, if you dont like it, you can email their abuse department at angelgirl435_abuse@hotmail.com
"Old man yells at systemd"
You get what you pay for after all.
Did CmdrTaco, one of the helmsmen of the most popular Free/OS news sites in existence just mimic what Microsoft PR/FUD machine has been saying since Linux showed up on its threat radar?
Why isn't everyone kicking CmdrTaco's ASS?
m00.
you're a commercial company, but you've shown your dedication to open source. Please start hosting something like SourceForge so we can stop having to trust SourceForge. You seem safer.
Dear IBM,
you are new to open source, but you've produced a lot of great technology over the years, lost out to Microsoft for a dose of humility, and shown recent commitment you open source. You own Lotus Notes, and you host that free really cool patent database. Howsabout you start hosting something like Slashdot? it's a discussion forum just like Notes. Oh, and host something like SourceForge too while you're at it.
No, guys, not to drive these other guys out of business, but because competition makes everybody perform better, just like in the Olympics. It's so much easier to trust competitors than monopolists.
News for Geeks in Austin, TX
My biggest concern with SF is, it puts a lot of eggs into one, possibly fragile, basket. I'd recommend having a backup solution available and being ready to move quickly if it becomes neccesary.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Yes, the users should have local backups. But of what?
Another poster commented that this wasn't a big deal because "I update my local CVS checkout daily." So what? You have the latest current version, okay, true, that's good. But without the CVS repository itself, you've lost all the history (diffs over time, commit log entries, etc).
For the projects I care about, I use rsync and get a local copy of the CVS repository itself; that way I have it all. (It's also handy to be able to check out a copy from that repository; CVS ops go really quickly. *grin*)
I'd like SF.net to make a "reasonable effort" to mail me the CVS repo. Other than that I don't particularly care.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
If anyone is made uncomfortable with these terms and would like free webspace, CVS, FTP, etc. for their open source/free software project, just drop me an email. Always happy to help out.
The bit about changing the TOS without notice in the future will allow them to someday say "All projects hosted on the service are now OUR PROPERTY".
SourceForge will eventually either need to charge money or will be spun off as a (soon to be bankrupt) spinoff business, leaving VA Software with just the various web sites. The web sites are probably (barely) profitable with the cost-cutting that has been done on them over the past year or so. SourceForge is not profitable, and never can be.
I currently have four projects hosted at SourceForge. I download the CVS web-ball every night in my crontab, and am investigating alternatives. At the moment it appears that any alternative will require developers to fork up money to help pay for the bandwidth. SourceForge itself has too many big (bandwidth) projects to make money even then, because if they charged what the bandwidth costs, most of those projects would end up hosted elsewhere shortly with companies who can hide the bandwidth costs in their accounting noise.
Does this mean that I wish SourceForge ill? Of course not. I just don't see how it can ever be profitable, and thus while I'll use it while it lasts, I'm not banking on it.
Send mail here if you want to reach me.
I thinking keeping old projects around is a good idea, if the projects have actually done something. Too many times I've looked into a project only to find that absolutely nothing has happened other than the project's name being approved and added to SF. Even the homepage hadn't been touched.
Those projects are the ones that need to be removed. An empty project does nothing but take up space.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Let's look at this a little more objectively. Hosting kernel.org costs about $80,000 a year (Larry McVoy posted this number to lkml about a month ago) at the least. It's an ftp site. That's bandwidth, not any warm bodies doing admin, not any fancy database stuff, nothing fancy just an ftp server and a minimal web site. Sourceforge has to cost 20 times more, probably more, to run. I have no idea what the numbers are but it has a staff and a huge amount of resources to manage and keep running. Personally, I'd assume that it's in the neighborhood of $5million+ a year, that's just my half-assed guess though. That's some substantial output for most companies, at IBM you can't spend that kind of money without producing something, people notice chunks that big. At most places, that kind of funding simply isn't available for something like that. At some point the free ride has to end, or something has to come out of it, or something has to change. Even a company like MS would see $5mill on the books in red ink and not black and there would have to be some reason to justify it and goodwill towards the community might not be enough.
Then with subjects like these, things rise up. Well they should trim dead stuff out of the tree, trimming the "dead" stuff is silly becuase it might be useful to people, that's the whole premise, if it's in use anywhere then it's not really dead. It might be dead to you and me, but that guy who is using it might want it. They should do x, y, or z to better support projects like q. They could do this or that. I think the most alarming propect is that there will be code in SF and it could be lost because of a policy change. I can get over most things, the changes to the mailing lists, and various other things they've done, it's free and you get what you pay for but a big part of the justification has been to promote interaction with developers to give VA a community they have close ties with and to promote open source software development. The idea of losing code is appauling, SF no longer serves a big part of its purpose at that point. That's what brings credibility in to question, what are they doing to prevent that from happening? Can I buy a set of DVDs that have SF backed-up on to them? Or is this it, the policy change is that there won't be any warning of future policy changes and those might cost you your code. I understand that they might have to sell stuff, or charge for services or do lot's of different things. I also understand that services like SF are prime for pirates and porn hustlers and others to use to propagate data and they need to protect themselves. It's time to look to tigris, Savannah, and Berlio more seriously.
I wonder if there is something we could add to licenses that would prevent a place like SF from shutting down and taking your code with them.
We do want to keep the archives around so that people can find released works, even if it is severely dated.
That said, we've also taken steps so that when you use the "search" mechanism, the stuff that floats to the top is the most active.
We haven't completely solved this problem yet, but we're working on it.
-JM
SF.net Foundry Manager
Hyperic Community Manager
What we need most of all is an open-source spelling and grammer checker.
I think centralized open source projects in working developer format, especially concentrating them all in one organization, is a bad idea.
1) Break ins.
2) Sourceforge is bought by Microsoft.
3) Disruption to work to SO MANY projects at once, due to break ins.
The disruption and dependance of the Open Source way on one organization is probably a bad idea. Not that SourceForge is the one stop and only place on the net, but it has a large enough number of projects to be of concern.
I don't know why or what sourceforge is that is is such a big deal to have projects here. Big fat Pipe perhaps?
There are plenty of tools for individual projects and group projects that work just fine and are free for everyone too use.
There are too many gotcha's that could impact too many projects if someone got in and decided to spend the next 5-10 months secretly writing small back doors into fairly large projects, that just perhaps not many would notice.
Makes my skin crawl just thinking about it.
I think source forge should probably be a "BinaryForge" with MD5 and CRC signatures with perhaps the ability to sign out certs for binarys that are extremely critical.
Perhaps a mechanism to post builds from CVS systems authors maintain themselves to sourceforge of binaries would be OK.
At least that would maintain the ease of use of getting all your goodies from one location.
But in general I don't think it is a good idea to have so many open source source code trees in one place on the net.
-hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
In trying to explain open source software to friends and family, I often run into the "you get what you pay for" line. My standard answer now goes something like this...
Open source contrasts heavily with proprietary software, where it is in fact true that you get what you pay for.
With open source software, more often than not, you get an awful lot more than you paid for. If by some fluke you actually do get what you paid for, you really have no grounds for complaint......
- mark
..if it's from a commercial company.
Like sex, it is free too.
I'm sorry, but I can't resist:
> It would be a PR coo
Coo! Coo!
Coo!
"...while I don't particularly like this any more then anyone else, I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all."
Ah, okay... thanks for clearing up your stance on the matter, Commander Taco. So as you see it, as long as your getting something for free, it's okay to sell out and become a marketing whore?
There is nothing wrong with this, if that's what you really want to do. However, I suspect that (like myself), most free software developers are not into the whole "you get what you pay for" mindset.
Use the means at hand to accomplish your goals... and if your goals including sacrificing ethics (again, a very relative point of view) then go for it. Odds are you may still be providing something good back to the community.
But... for people like me... we'd rather pay for good service rather than rely on the sales of our collected personal information to provide questionable space.
FWIW, my opinions are mine alone... and are probably biased in some strange ways... considering I work for VA Software too.
Regards,
Twilight1
and free stuff = shit.
Has CmdrTaco lost his mind? He uses a free OS yet he says "you get what you pay for". Go figure. Of course he'll say anything to defend VA
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
Maybe it is a way for SF to hide things like, mess-ups!
Naaaaa! Don't think so, but who knows!
You get what you pay for after all.
That isn't the Free Software Foundation philosophy?
I use Savannah and it is a very slick service, well documented (as is Sourceforge), it's also nice to be able to cut time by been able to automatically apply to be a GNU project. The licensing issues are well dealt with (anything as long as its FSF approved) and any questions that I have posted have been answered in hours.
With regards of compatibility there is an offer (when you sign up) to use your existing CVS's data on their systems. The only caveat was that they are far stricter with licensing. So if you use the Sourceforge CVS it should be easy (providing the licence is OK) to transfer to Savannah.
You also geta homepage at: http://www.freesoftware.fsf.org/yourprojectname
Which is adminned via RSYNC or CVS over SSH.
So almost identical to Sourceforge.
It doesn't seem to be as fast as Sourceforge, but this is opionion and I have no metric to support this.
e4 e5
AFAIK, there are no tools to pull the contents of the bug lists, patch lists, etc off the site. There probably never were.
So, here's what we need:
1. Tool to "web-scrape" the contents of the bug-list for a project.
2. Tool to "web-scrape" the contents of the patch-list for a project.
3. Tool to "web-scrape" the mailing list archive and member list for a project.
4. Tool to put together a mirrored CVS repo (a la CVSup, but it just needs to work in one shot).
5. Any other similar tools to above needed to reconstitute project state on a different host.
Putting an XML-RPC interface on these would allow them the most general use.
We've always needed them. This announcement doesn't really change anything, but it should bring the point home that we who admin projects are responsible for our own disaster recovery, just in case Lars Ulrich decides he owns that sample mp3 of your cat hacking up a hairball because it sounds just like Metallica.
And finally, just a common sense clarification, in case some people don't get it: don't put crypto on SF, because it'll probably get DMCA'd.
I'll start the project on sourceforge.net (of course). Volunteers welcome.
Sourceforge was run off of their own servers, using their bandwidth .
all provided for free to the community
They are providing all this for free, so where again does anyone have a right to complain?
just my 2 cents
Yes, publically defending changes made by your owner, especially considering how those changes would likely be savaged if done by an opponent, raises deep issues of conflict of interest which deserve better than such an offhand dismissal.
After all, how different is "You get what you pay for after all", from "If you don't like our click-wrap license, don't use the software"?
Sig: What Happened To The Censorware Project (censorware.org)
And here I thought that free software had forever put to rest that nasty rumour that you get what you pay for. Windows is nice and expensive, if you feel like paying for it, but I'll stick with good old free Linux, even though your statement implies lower quality.
Cheers.
This article simply isn't complete without the standard "VA = Satan himself and I told you so first" comment from Bowie J. Poag.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
With Free software, the company/people expend the effort/money for the software up-front. There is no ongoing fees/money that needs to be paid, if they decide to abandon it. If it's good someone else will mirror it and/or continue development on it. But the company providing the free software has NO ongoing fees to pay.
Would you complain to the local city for charging for water? When you can go to a local stream/pond/lake can get the water for free. So your argument is basicly: Even though they pipe it into your house, filter it, etc. , water should be free, why it even falls from the sky, how can anyone charge for something that falls from the sky.
SourceForge is still providing this service for Free, just changing the terms, if you don't like it pay for some servers and setup your own Free Source Repository with better terms and conditions.
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
"Obviously since SF is owned by the same parent company as Slashdot, I'm biased and corrupt and you should ignore my opinions on the subject"
At last, CmdrTaco finally admits he has a problem!
But at least he's given us good advice on how to deal with it.
Why bother.
I'd love to see something like this developed - redundancy == Good.
Yeah, I'm that guy.
This DOES mean that I'm reluctant to use SourceForge's forum and bug tracking and etc. software, since those cannot be easily backed up. Luckily I don't currently work on any multi-programmer project where bug tracking is necessary (and as for their forums, I prefer mailing lists and don't enable the forums on any of my projects).
As for VA, I've had my reservations about them ever since interviewing there in 1999 and finding that all the top VP's were former Apple and Sun people installed by the VC's and that the people who'd built the business were relegated to low-level sysadmin and wrench monkey jobs. Their business model also sucked, they needed to be the Dell of the Linux business and were instead trying to be the Compaq of the Linux business. VP's who didn't understand the Linux business, disgruntled employees, bad business model, to say I lacked enthusiasm is an understatement. I hate to say "I told you so", but I suspect that if I pulled out the EMAIL's that I shared with VA VP's back then, they would be eerily prescient.
-E
Send mail here if you want to reach me.
Rather than sitting around muttering "Yup, it's doomed. Protect yourself and hold on tight", maybe some suggestions could help.
Reading these, I see a few options that might help SF get $ beyond what they'll get selling intranet variants of SF:
Break SF down into categories, sell the source tree archived onto DVD's. This could be either of two flavors (whole cvs tree or just quarterly buildsets).
Get a subscription model going that mimicks MSDN or any other vendor's update services. The downside is cost-effectiveness (maybe this idea sucks because DVD production costs outweigh my willingness to pay). The upside is that some of us would buy relevant categories. A few (paranoid or wealthy) ones might buy the whole damn tree. By setting it up on a subscription mode, I get to have that full archive a few keystrokes away without download lag or anything. I can diff and grep and the world gets lots of permanent archives in case SF does crater.
Go from free to a price scheme that is wicked cheap. Two directions that come to mind: A project costs $200 per year or something else so cheap people don't hesitate to consider it a fair deal. Everyone else that has trouble understanding the economics of bandwidth can take their CVS tree elsewhere until they figure it out.
Or, create tiered pricing. Things that eat bandwidth or space and aren't effective, get a price tag. So the CVS tree stays intact, but $200 a year buys you the whole package above. And $100 gets you a tree, some pages and links, and no discussions. Or whatever. (yeah, I realize that the CVS *is* a significant cost, but overloading price onto extras is how the world sometimes works. There's no way one extra button on a DVD player takes it from $150 to $300)
Frankly, we lived without sourceforge before (it was called the internet... look it up), I've never liked how specialized discussion websites don't get archived (a la usenet), and we'll get by without it... but there are too many times I would miss SF. Hugely. I don't host a project, but I use them a lot. So I'd buy a DVD subscription to help. Folks that have set up their own servers know how nice it is... so they're likely to keep the 'use it while it's there' attitude if the price point is nice and low.
So, there's my two suggestions for world peace and the survival of something I like in a world of corporate cynicism. Both have zippo done to figure out cost-effectiveness. They may stink when given real numbers and expectations. But there's got to be some sort of economic bone we can toss SF...
What else could we or SF be be doing?
--If you're not part of the solution, you're part of the precipitate.
Maybe their lawyers got smarter or more paranoid? I had to write a terms of service and privacy policy for a site...and it had all the "nice" stuff in it that the former SF one had. The lawyer said it was junk and it'll never save our collective behinds.
This lawyer also pointed out that you don't HAVE to stick to the policy....by that, I mean SF admins can be nice about it and give you your project stuff if you get booted. They can still do everything in the old one...they just now have the option to be mean to mean people.
Sourceforge is a service. You're confusing the free as in beer versus free as in speech issue. You may wish to read the Free Software Definition.
It's the same general deal you get anywhere these days:
You can't get us for nuttin..
We don't know nuttin, and if we did, we wouldn't admit it anyway..
If you got it, it's ours, an' we're gonna take it no matter what you do..
Here's a real punchline from the Privacy Statement:
uh.. then who is in a position to guarantee what Sourceforge itself has just attested to?
No-body!
End of discussion!
And have a nice day!
t_t_b
I'm on PJ's "enemies" list! Are you?
It's common to change the terms of service after they've initially been implemented.
Common reasons are: people abusing the current terms of service, Over-load of information that does not contribute to the quality of the site (such as the "first post" twits on Slashdot... I'm sure there are similar abusers of the SourceForge service.)Or the original terms of service opens them up to liability or other unpleasant legal circumstances. Basically, it could be compared to "The punishing of all" that often occurs in elementary school where 3 or 4 kids mishbehave and everyone is forced to skip recess. It's easier for the moderators to do this and cover their bases than it is to attempt to weed out the troublemakers under the old policies.
Yes, there are chances that the new terms of service will harm those who are innocent of any "evildoing"(sorry, couldn't resist the quote.), but for the most part those that are harmed will be those who contribute nothing to the service. Hey- maybe it's a good thing and will weed out the useless or "garbage" content.
What I *am* against in their new terms of service is that they're not required to give notice of changes if they're not major changes. I dislike "contracts" with ambiguous language. What constitutes a change that is large enough to notify people?
-Sara
If you don't like the service, DON'T USE IT!
Dumbasses.
Glückwünsche, haben Sie Slashdot ermordet, indem Sie zum korporativen Druck beugten und Subskriptionen einlei
Sourceforge has been a strong supporter of OSS for some time and I believe I understand the issues with leaving a project without any activity alive forever.
My concern is the potential loss of projects that could occur if under the terms SF sells or dissolves. Without a reasonable recourse (even if SF has the best of intentions today), we would have people keeping copies of entire projects waiting for the current or future SF organization to decide to kill off project XX. Then how would the rest of us find it later? (SFapster?)
While it is certainly their right, as they own the machines, part of their popularity has been the ability for projects to get slow starts, have long development cycles, and even close but still have the code around in the event it is ever needed.
Perhaps it has been unrealistic to expect any company to absorb the cost of potentially the largest change management system on the planet for free. However, the also fostered that idea.
While people will argue it is not a big deal, it will be when they need to exercise the right to kill projects and do so without notification.
Perhaps a alternate solution would be a source forge front page notification of "projects about to be killed unless we hear someone is willing to own it." At least there is a possibility someone would see it before the "messenger of death" strikes.
Just look at the numbers from the PC Division. Up until last year they lost lots of money from that division.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
hang up on them!
The obvious choice of a buyer would be MicroSoft.
I realize I'm picking on you for no good reason, but why did you capitalize the "S" in "Microsoft"? I've seen others do this, and my curiosity has finally gotten the better of me.
Are you sure you really want to say that, being a free software advocate?
Well, my offer is still open from the last sourceforge rounds.
If you want hosting, no ads, no hidden requirements, no surprises, let me know. The SOSDG is run by individuals, not by any company.
The Summit Open Source Development Group
Brielle
Why not? It work for gnutella to replace napster...
If you don't like the new sourceforge.net agreement, you can use always savannah.gnu.org instead. Or you can run your own sourceforge type site by entering apt-get install sourceforge on just about any Debian GNU/Linux machine.
*sigh* The poster was making faulty assumptions from bad logic and misinformation for a reason.
YHBT. YHL. HAND.
Can't be. Slashdot is the most unbiased
forum in the whole internet. It gives equal
time to the Superior BSD Unix as well as the
myriad inferior incompatible *linux distributions
with all their kernel vm and fs instability
and scalability problems.
That's my version of the old saying, and I think it is not only more correct, but contains within it the same wisdom that the original did.
:)
It's not just free software that can be worth more than you paid for it. Sometimes generic brands can be as good or better than more expensive name brands. It happens all the time.
But at the same time, in a lot of cases, the better thing -is- the more expensive one. So the old statement isn't -totally- false, just often enough so that it needs to be changed.
so help me change culture by spreading the new saying.
The enemies of Democracy are
IBM makes sense as a buyer. They can demonstrate the power of their mainframes and at the same time all the current and future software on sourceforge will be tested on IBM mainframe platform leading to a higher compatibility and easier acceptance of Linux for mainframe.
I have just registered the "sfbackup" project at sourceforge.net, to be licensed under the BSD license. I should know if they accepted it within 72 hours, according to their SOP.
VA crackheads are sons of the devil. Evil incarnate, spreading vile lust and sloth upon the huddled masses of pristine carrot patches and turnip patches and acres of flowering kale. Rise up -- oh yeah, oh yeah, o yeah.
This sig intentionally Left Bank.
hahahahahahaha
Only one problem with your scenario. You seem to assume that advertising doesn't matter. It very much does. As television adds become more and more ignored by viewers, advertisers will once again begin to look at the web. Especially considering all the market research benefits it can offer.
Profitable online advertising will come, the only question will be who's left standing to profit from it. (SourceForge and VA may just hold out that long)
2) Sourceforge is bought by Microsoft.
/. post formula--1 part anti-MS, 1 part general conspiracy, season to taste.
Cooooome on. What possible damage could Microsoft do to SourceForge, other than shutting it down? Or maybe 2) was just part of the typical
News at 11: Microsoft buys SourceForge, ends Open Source forever.
Sound ridiculous? Of course. I certainly agree with the other aspects of your argument--a single point of failure is never a good idea--it just struck me how ridiculous 2) was.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
As far as I know, any privacy policy changes MUST be told to the users. At least its that way in Michigan. Isint that a law which was passed within the last 4 years?
They're choosing to take advantage of the "safe harbor" provision for ISPs (DMCA section 512, not the anticircumvention rules). 512(c) immunizes ISPs from liability for postings of their users, provide they follow "notice and takedown" procedures including the listing of a designated agent.
Even if they list an agent, service providers still have the option of refusing to remove material if they get a notice of claimed copyright infringement, and of taking their chances in court. The subscriber receiving a claim of infringement can also file a counter-notification asserting that the material is legally posted.
-- Openlaw: Fighting for fair use and the public domain
I'm sure I'm going to get modded down for criticizing Slashdot, but to hell with my karma....
Most Slashdot users don't post their exact email addresses on the pages. They put NOSPAM or REMOVETHIS in the middle of the address. It's a very intelligent thing to do - spammers have robots that harvest email addresses from web pages.
So what do we do when we get angry with someone? We post a hyperlink their email address on the front page. No NOSPAM. No link to a page CONTAINING the email address. The email address right where it can first be Slashdotted, and then harvested by spammers.
What a disgrace.
Custer's Revenge: The greatest video
OTOH, I don't think anyone really expected Sourceforge to stand up to the RIAA should they attempt to bully them into shutting-off web access to a project like Freenet anyway (although looking at page views, Freenet is three-times more popular than SF's next most viewed project).
This is a wake-up call though, I will definitely start thinking about alternatives now should I ever wake up to discover that SF has shut down Freenet's account under threat from the RIAA.
Hey, I don't like the VA Systems->Linux->Software scam.
They never were called "VA Systems."
I still have VA Research in my bookmarks. I get all nostalgic and weepy when I click on it. Oh how things have changed.
The important question is what happens if they go out of business, since this is something which will probably be happening in the near future.
But remember that a lot of the stuff on SF is GPL'd (or BSD'd or PAL'd, or whatever). If SF did such a thing (which would be very stupid IMO), it would be Slashdotted faster than you could say 'Gnu' (resulting in, oh, about $2000 more bandwidth traffic for them..) Then SF could be setting themselves up for an enormous class-action lawsuit. Which might actually not be a bad thing, in a very macabre sort of way, it would be something that would start to get legal precedets of open-source stuff laid down.
How about forming an umbrealla organization that could provide legal representation and protection, that would collect dues from FSF, /., SF (maybe), the LiViD project, and anyone else who could get sued under DMCA, etc. Not that I would be the one to organize such a think, or even think it is particularly a good idea. Just a though.
I think the main weakness of SourceForge is that it is hosted by a single entity. The tremendously valuable information hosted by freshmeat is a similar example. It does the FS/OS community no good to have the various project sources cached all over the place if we have no way to access information about the projects, including where they are, what they do, and so forth.
.lsm (linux software map) files. This could be submitted to multiple places on the web. Freshmeat might parse it into their database, while metalab might just through it in the .osm directory. But at least there would be a way to track things down. Google would help a lot.
How can we surmount this problem? Maybe by making a set of standards (beyond the informal ones that exist now) for how to document what your software is and where to get it. This could be a variation on the old
I am concerned that a lot of good code and good projects are left to die while other people re-invent that particular wheel. Since FS/OS is based on volunteer work, we can't really afford to throw it away or waste it. I hope other people who also have ideas about this will reply to this, and perhaps we can get together a mailing list or something to brainstorm about possible solutions to this problem.
The privacy clause is just a result of Oracle's stupid "uncrackable" promise, and the realisation that online companies can't possibly make such guarantees. They're saying they'll try their hardest to avoid disclosure of private info, but because it's online, there's always a chance it'll get abused. Not that big a deal IMO - if you post private info over the 'net you deserve what you get anyway.
I always say you shouldn't send anything over the 'net unencrypted that you wouldn't put on a postcard, and nothing encrypted that you wouldn't put in a standard letter. No matter what promises the intended recipient makes. Period.
Why is there only one Monopolies commission?
The project registration was rejected in less than half an hour. I've sent them a difficult support question in response.
:)
If they admit it was rejected because it enabled people to leave sourceforge, then they look bad.
If they deny it, they look bad, too.
Maybe the PR quandary will prompt them to approve it.
They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
This is the part that disgusts me about "Terms of Use". Basically, they could say anything they want, and you would be bound by it, before you can even read it!
So Tuesday, they can say they don't own the copyright in your programs, but Wednesday they can, and NOBODY WOULD KNOW until AFTER the terms went into effect.
Yes, they have the right to put pretty much anything in their terms, BUT they should have to make a reasonable effort to inform their users of any new terms.
Free markets work best when information is available about your choices. Saying "if you don't like it, go elsewhere" is silly if you don't know what it is exactly you just agreed to.
There should be a consumer protection law that says, you have 30 days before new terms go into effect, no matter what. Then you would know, just have your attorney or your web-page watcher script check the terms every 30 days. But now, they can change them twice a day, or just for 5 minutes every night, or whatever, and nobody knows.
Of course every company is completely honest and above-board and would never change their terms like that, would they??
Still, with this change there's nothing to stop them from trying. Having to give 2 weeks notice would have...
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
I am Andrew Main (Zefram) <zefram@fysh.org>. I'm a developer of the Z shell (zsh), which is currently hosted at Sourceforge. I received the email notification of Sourceforge's TOS change this morning (2002-02-13). I wrote the list of changes after comparing the old and new versions. Because I found the changes concerning, I posted the list to the zsh developers' mailing list (at 17:00 UTC). That message concluded with a paragraph asking "Do we want to keep zsh hosted at SourceForge?".
I also submitted the list as a Slashdot story (at about 17:15 UTC); some of the text of my submission (in addition to the list) has made it through to the posted version of the story.
I didn't personally post my message anywhere else. I find it interesting that my message spread to "several mailing lists" in the 94 minutes before the Slashdot story appeared. Bad news travels fast.
I'll explain why I found these changes so objectionable in a separate comment. This one is strictly for the historical record.
Let's see, Microsoft spends $1,000,000,000 to promote XP through print, TV, Radio, purchase of journalists, politicians and stenographers and billboards. This brings abslolutlly nothing in return but some marginal good will that they nullify with poor programs and scandal. Their sales are kept through extortion and other monopoly tricks. Yet people consider it a viable business.
You would conclude that Red Hat, IBM and Source Forge taken as a unit are not a viable business? Source Forge returns good will and programs for free use to both Red Hat and IBM. Without that kind of PR, what does Open Source have? The scale of losses you quote, if accurate are nothing to a company with revenues in the billions. Those paltry millions, spent on ordinary adverts, could hardly push a brand of soap.
The only think that can kill source forge is a betrayal of free software or some other greedy grab move. It's bad enough that they would switch to comercial databases and made the site an advertisment for software they would sell rather than a demonstration of free software they would service and issue with equipment. Anything to lessen Source Forge good will or software contribution would hurt them more than any direct costs.
Friends don't help friends install M$ junk.
Yuo do realize that "vast evil" corporations don't spring fully formed into the world. They started out as (sometimes several) much smaller pink fluffy bunny companies with customer interests at heart and with good intentions to all. Then as the pink fluffy bunny gets bigger and more powerful it notices that if yuo take away things from people a small slice at a time, they either don't notice or the those who do are shouted down by those who think that it's not that big a change. "Basically they're protecting themselves ...".
Before long somebody notices that the pink fluffy bunny company is now a vast evil corporation but by this time it's customers could star in a bondage pr0n film and it's too late to do anything.
They change things like this for a reason. There is no reason what so ever to change the Ts&Cs to say "we don't have to notify yuo of changes to this document". Once a company does that they have something to hide. In light of the other changes Source Forge is up to something that they don't want people to notice.
Always remember. They screw yuo a slice at a time and they are patient.
And in tomorrows fable we will talk about how the evil stepmother fooled her stupid husband into selling his wonderful daughter into slavery because statistics show that 57% of people in slavery are happier than they were before.
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
The change that I find most objectionable is the one I listed first: being able to change the terms without notice. It seems difficult for Sourceforge to actually legally enforce their terms - it's difficult to show that there's a contract between Sourceforge and the users, since they're providing a service for free. However, using a service that claims terms that one finds unacceptable is just asking for trouble. If they change the terms to say that they own your firstborn, it'll be difficult for them to actually enforce that, but you might have to go to court to argue it.
When I first registered on Sourceforge, I examined the T&Cs with some care. The provision for notice on changing the terms was to me absolutely essential, and I wouldn't have accepted the terms without it. Notice on changes is a necessary safety provision: it's not possible to limit what they might try to change the terms to, but a notice provision gives the guarantee that one will at least be able to get out before the new terms are applied, if they are unacceptable. In this case, the removal of the notice provision is unacceptable to me, so it's time to get out - fortunately we have notice, this time.
On the removal of the obligation to make the contents of deleted accounts available to their owners: this removes a lot of Sourceforge's utility as a hosting site, because it means they can entirely deny access to the data being hosted, with no notice. Even if one backs everything up, one still loses the most recent changes. One can't rely on a hosting site that might destroy data, just as one wouldn't use a disk that periodically mangled a track.
Some people gave reasons why Sourceforge might not be able to give people the contents of their deleted accounts (e.g., legal problems). This is true, but not the reason for this change. The old terms already had an escape clause for that kind of thing. The only effect of this change is that Sourceforge can now destroy data without justification.
Deleting accounts without reason: similarly, they always had wide discretion in deleting an account for any justifiable reason. The change is that now "our e$teemed leader doesn't like you" is considered sufficient justification.
The change to notice for changes to the privacy policy is quite curious. They retain the term that guarantees notice - unlike the change to the TOS' notice clause - but it's restricted to "substantive" changes. This isn't a problem if implemented as stated, but there is a problem in interpretation. It gives them room to weasel in changes without notice, under the guise of "editorial corrections". Frankly I don't see any advantage in them being able to make even genuinely insubstantive changes without notice - the notice in question is just a matter of emailing their users, we're not talking about airmail postage.
And the disclaimer. After reading through a lengthy and mostly-identical privacy policy, it was quite a shock to find a new paragraph that undoes everything that goes before. The new paragraph says, in part, "SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.". "warranties or representations", of course, describes the privacy policy. What are we left with? A null privacy policy - 10kB of text that in the end says "this page doesn't mean anything at all, and nor does anything else we might have accidentally said".
Again, people have pointed out that there are circumstances, such as legal action, where they can't follow the privacy policy they'd like to. But again, the old version already had escape clauses for that. The change in the new version is that they can now violate your privacy for reasons like "MS offered us money".
With each of these changes, there's room for them to argue why there are occasions where such a term is necessary, and how they would obviously only use their new powers in good ways. But if they really intended that, they could write the legalese to say so. The only conceivable reason for these changes is that they intend to use them for nefarious purposes.
Finally, there's one other aspect of this that's got me concerned, and no one has mentioned it so far. The email message in which Sourceforge is informing everyone of the new terms actually purports to describe the changes:
There is a similar statement regarding the privacy policy. I find it very worrying that there is no mention at all of such things as the changes to the notice provisions. I find it very worrying that it says "the most critical components of our previous Privacy Statement remain in effect" when the new version actually removes the effect of every component. Some might even call it a lie.I leave it to you to make up your own mind on that point.
No need to create a tool. It's already available on SF.NET and you can use it at any time.
Information can be found here:
http://www.sf.net/export
Pat-
It doesn't have to be a church, or even something administered by one. Here in the town I'm in we have a free legal clinic, a homelesss shelter and a children's hospital all run as charities (not to mention the Boys & Girls Club). There are plenty of ways folks so inclined can support their local communities without spending money on religiously-tied organizations.
Personally, I maintain servers for the city school district, and for a while offered weekly after-school programming lessons to junior high kids so inclined (you'd be suprised how quickly they can pick up the syntax and mechanics of a language like Python -- though proper algorithmic thinking was still beyond most of them). I'm not sure that either you or I has the right to say that someone else "should" donate to a charity -- but if someone wants to do their community some good, there are certainly plenty of ways to do it.
Assuming the registration was properly described, we will certainly approve it.
You should note however, there already is a way to export your content from SF.NET.
www.sourceforge.net/export
Pat-
So let's see, there's a big panic on Slashdot about SourceForge not making a whole lot of money and changing their user policy. So everyone goes and downloads a ton of stuff from them so it won't get lost in the 'inevitable' rumored shutdown that we all *KNOW* is going to happen now. ('we heard it on Slashdot, it MUST be true!')
And, gee, let me guess what happens next: SourceForge shuts down next month because their bandwidth costs soared astronomically for SOME unexpected reason. Golly. Who would have figured?
Alari
I use Windows... like a two dollar wh.. why don't I just go ahead and not finish that sentence.
(some exceptions apply)
C'mon, it's not uncommon nowadays to see things that should be considered a blatant lie but aren't because of the fine print.
It's like advertising the price of an individual item which you can only get by buying the bundle.
yeap.
CmdrTaco (posting A/C to protect Karma)
First demonstrably true statement I've seen in this story (other than ``FSF hosts Savannah''). Last time Hotmail changed its terms of service, SlashDot was indeed up in arms, not to mention legs, tentacles and antennae.
Got time? Spend some of it coding or testing
as much of a nutcase as he is, he was right about va trying to eventually steal ownership of the projects on SF....scarry!
You get what you pay for so if it's free you get to take it up the ass. You know I notice that that doesn't apply to just about anything else. Hell how many stories on /. are people complaining about free stuff?
They baited many os projects and are now switching terms and setting the stage to really pull the rug out at their convenience.
I now think entities (companies, organizations, et al.) should also post a minimum time-limit to an "offer" - whether dollars exchanged or not.
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
freepository has/is:
Free
Supported
Secure remote command line access
On-the-fly tarball downloads (with & w/o ,v)
Long history (since '99) - it'll be here down the road
Let me know what you think. If it sucks, say so. If it rocks, say so.
jbminn
What about Freenet (or similar P2P system) AS a replacement for Sourceforge. P2P distribution can keep projects alive and literally distributes the cost of bandwidth!
Maybe if everyone coughs up 1 to 5 gig of space for project hosting.
Hmm, no I'm not sure how that would work with CVS... Maybe that arch (or was it larch) project? That had something for distributed trees.
Well?
Okay, it's a free service and you get what you pay for, yadda yadda ad disclaimerum.
But what I fail to comprehend is -- how on earth do these new terms create any reduction in the cost of running Sourceforge?
~REZ~ #43301. Who'd fake being me anyway?
I recieved the e-mail anouncing the change in TOS/PP and having read this post I sent an e-mail to Mr. McGovern asking what was going on. He was gracious enough to sen me this reply.
;-)
JFMILLER
From Pat McGovern:
There does appear to be a conspiracy theory brewing on the web about why we
updated our TOS. I've been amused and a tad frightened by it.
The terms of service change/ privacy change was simply an ongoing maintenance of
the documents on our site. Nothing more. Nothing less. You'll likely see
similar updates on other OSDN sites in the coming months. We seem to be the
first...which perhaps is why we are seeing raised eyebrows.
We've updated these documents in the past, and we will likely do it again. We
seem to do it every 12 to 18 months. I hope it's not sooner, because I'm
tired of seeing my name on the front page of Slashdot.
Is SF.NEt going away? Gosh, I'm not planning on it.. We are adding features,
building a new User interface, deploying new systems and adding more download
servers. The whole team is in overdrive to make the site even better then it
currently is. SF.NET is core to VA's business model. The site isn't going
anywhere.
I hope this info helps.
Pat-
Strive to make your client happy, not necessarly give them what they ask for
In medieval times, hanging was a fairly swift method of getting what you wanted. Everyone from members of royalty and clergy, all the way down to prominent land owners and lords..they all engadged in offing their competitors in order to retain power and prominence within their communities. An accusation would be made, the unwitting victim would be captured, given a speedy trial, and swung from the gallows often in less time than it took for the victim to know that he was being railroaded.
In modern times, the members of royalty and clergy are now the CEOs and board members of corporations. Lords and landowners have become management, and perform the same role as their medieval counterparts -- maintenace of the kingdom and its assets. The game and its players have remained the same--Its only the strategy that has changed.
In a nutshell, VA has a problem. That problem, wether you like it or not, is you. You as a developer on SourceForge stand in VA's way of becoming profitable. You stand in the way of VA asserting ownership over your work, to repackage it and sell it. They cant sublicense it, since the nature of the GPL doesn't allow it. However, nothing prevents them from co-opting your work, as they have done to many people in the past, and leave you holding the bag.
The way in which VA needs to eliminate you is fundementally the same as how noblemen eliminated pesky serfs and minor land owners. They both found a way to put their enemy's head in a neuce, tighten it up, and knock the floor out from underneath their feet. Slowly but surely, VA is tightening the neuce around the neck of SourceForge's developers, so as to allow them to assert ownership and control over your work. Its a slow process that involves tweaking the terms and conditions of the usage agreement over time, allowing them to dictate what happens to the data you've "donated" to SourceForge. You can be assured that in another month or two, VA will make yet another revision to the usage agreement in a way that benefits them, at your expense. Its a well known tactic in the business world..write up the contract in such a way that you can go back and modify it without having to notify the other party--By the time they realize they're hanging by the neck in the town square, its already too late.
Soon you're going to see VA claim to "manage" less-active projects under the auspices of "community involvement"...You'll hear some bullshit about "We support the Linux community, and we want to see good projects go to waste..So, we've identified a hundred projects that have been languishing on SourceForge for some time, and we will be breathing new life into them!"
So, if your tie begins to feel like a rope around your neck, stop and have a look at the situation. VA is not an altruistic company--The whole Linux scene is filled with stories of how VA and its employees systematically screwed hundreds of us. Their primary objective is not to make you happy. Its to make money, even if it's at your expense. Look into moving your project off SourceForge. If you're a project manager, issue a statement disallowing VA from ever asserting control over your project, in any form. If need be, switch your code's license from GPL to something hijack-proof. Look into Savannah, or iBiblio. Anything else is tantamount to neglect of your own project, as you're laying out the welcome mat for VA to come along and kick the floor out from beneath you.
If they think they can take the unpurified ore of your code, smelt the gold out and sell the ingots, you can bet they will. They're certainly not the first, and they certainly won't be the last company on Earth to do so. They did it to me, they did it to my friends, and they'll do it to you if you aren't careful. I made the mistake, like many of you, in believing that "VA would never do anything like that to us.." Ask yourself this: Isn't that what they WANT me to believe?
History is filled with martyrs that hung for their beliefs..But in the end, its them who lost the battle, while the fat got fatter off the work of the people.
Cheers,
PS..VA is Satan himself and I told you so first.
Bowie J. Poag
Perhaps this is because I'm from Europe, but I really do not understand what's the problem with porn?
Noone of us live under taliban rule to risk execution by serving some porn.
Real life is overrated.
The sourceforge software and all is used on a public funded server plattform in germany called www.berlios.de, havent been able to compare the terms and conditions, though.
Maybe you should check out Asynchrony, they host Open Source Projects for free.
I dont know how good/bad their policies are though.
Cheers.
My other sig is Funny.
LINUS TURDBALLS
Speaking of which, am I the only one who first thinks of turd reports when seeing the VA-logo?
Hi,
It seems to me that some companies didn't really make sure their business model was valid before they started borrowing money. I'd say that it is probably more difficult at the moment to make money in an OSS business than a closed source business.
This isn't the only example of a supposedly OSS company realising it could make more money, or realising if it didn't change it'd be losing money. Look at the example of OSICodes -- they sold many copies of their software, then changed their license conditions at an updated version.
Full details of that story here.
When will this madness and unfair business practice end?
X.
Well... it may be right. But... what about the other way around?
:))
:'( (BTW: before flaming me about being a fucking comunist and so... (which, in fact, I'm not)... thing about what's the best "implementation" of capitalism. What's the company who has succeded more, who has integrated better the capitalism ideas and has resulted in his director beeing the richest man in the worl. This company is a perfect example of this american-loved system)
THEY are getting much more than what they've paid for, having into acount that part of his busines consists in selling what we give them for free.
It'd be a "fair payment" for the services offered to us... in case they could maintain compatible with GPL, wich is something they've not done for quite a while, now.
Well... I'm glad they refused my project some time ago.
It seems everything good has to die in hands of capitalism.
Actually, isn't this what Compaq is doing with their Test Drive Program? http://www.testdrive.compaq.com/os/ It's not quite a Compile Farm, but...
An interesting idea. I would say, though, that the reason those projects are not already "eating their own dogfood" is that they don't support the semantics necessary for collaborative development. I'll use Freenet as an example because it was already mentioned in this subthread. As I see it, there are a few major obstacles to using Freenet itself for this:
This is, again, not to pick on Freenet specifically. Some or all of the above concerns would also arise with every other "P2P" or filesharing network you could name. Great ideas, in many cases, but at this point in time not really suitable as a basis for a source-code repository.
Slashdot - News for Herds. Stuff that Splatters.
Agreed that they can't remove the GPL from the existing version, but as copyright holder they could release it (or an improved version) under a commercial licence, either doing the work themselves or selling the product to someone else who didn't want to develop it under the GPL.
I hereby inform you that I have NOT been required to provide any decryption keys.
"The goal of CoopX is to define a standard format based on XML to exchange information on projects hosted by facilities such as SourceForge, Serveur Libre, tuxfamily or Savannah. With this format a project maintainer could migrate his project from one hosting platform to the other or mirror it."
--Neal
Go IETF!
I have noticed after creating a couple of test hotmail accounts that spam started almost immediately, yet none of it was from the sort of "mainsleaze" spammers that you would expect to team up with hotmail/microsoft.
There seems to be a trend of spammers using third-world ISPs to throw huge email bombs at large services like Hotmail, AOL, etc. using every possible e-mail address.