Slashdot Mirror
SourceForge Terms of Service Change, Users Unhappy
An email fluttering around a few mailing lists has been submitted in
various forms here today. It's about changes to the SourceForge
terms of service. Some relevant links unclude the
old terms,
new terms,
old privacy statement,
new privacy statement
and
contact for "questions or concerns"
(Patrick McGovern, Site Director). Obviously since SF is owned by the
same parent company as Slashdot, I'm biased and corrupt and you should
ignore my opinions on the subject, but while
I don't particularly like this any more then anyone else, I also
don't think it's the huge deal that others are making of it. Especially
considering projects aren't paying for the free service. You get
what you pay for after all.
I have attached a summary to this article of the changes that are
being called into question if you don't want to do a mental diff
on the links above.
This list was submitted by a few different users and was apparently originally posted to several mailing lists, although I don't know who actually originally wrote it. I just quote it here for reference.
- They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
- They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
- They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
- They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
- The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
If they disclaim the privacy policy, why do they bother having one at all?
You are all fartheads.
"Other Notification: In order to implement or enforce the Terms of SourceForge.net, SourceForge.net may use personal information to contact users on an individual basis."
What this basically means is that they reserve the right to call you on the phone at 3 AM and breathe heavily.
Sounds like they're trying to streamline the administration of the service so as to make it more attractive to a buyer... Wonder if they have any particular company in mind?
Somebody should come up with a system that allows you to host your opensource projects on your own server.
Like a combination of CVS/PHP with a saucy bug-reporting and discussion thingie..
I'm sure one already exists.
Dave
So they changed their terms of service saying they can change their terms of service in the future (whooopie), and that they can delete user's accounts without needing cause.
I think this is perfectly reasonable; they're running the show, and a lot of the time in communities, there are members you need to deal with. I think the changes listed are more of an administrative streamlining than a major conspiracy.
Now, if they start abusing things, folks will be all over them, and they'll be sorry they did. So that ain't gonna happen.
Not a big deal.
-me
Love many, trust a few, do harm to none.
snip
NO GUARANTEES
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
/snip
Anyone who's using Sourceforge to host their project, as I am, should be realistic about what they're getting and for how long they'll get it.
First of all, I love sourceforge. It gives me all of the things I want right out of the box and for free. User forums, bug tracking, SSH CVS, and so on.
However, it is free and I think we all know has a pretty slim chance of making money. With that in mind, no matter what their polcies state there seems to be a pretty good chance of them just exploding one fine morning and taking a whole bunch of source down with them. Make backups, I should too.
Other than that, we can be a demanding lot so try to go easy on these guys, let's give them a chance to survive.
I host a project at sourceforge, and I've been more than happy with the service I've gotten. I have CVS space, ftp space, mailing lists, discussion boards, and web space. And as far as I can tell, they have nothing from me except for some slightly useful information from my profile.
Big whoop.
There is nothing they can take from me. I have the source code. I update my local cvs daily. The project webpage is garbage, and half of the discussions about development are in email. The greatest benefit is that the package I run has been difficult to find, and now it has a 'permanent' home.
I'd have more problems with, oh, say, Comcast changing the TOS. Or M$. Or AOL. When those guys change things, I always get the "I changed the bargain, just pray I don't alter it any further" impression. With sourceforge, I AM A LEECH. I live at the whim of my host.
If they piss me off, it's off to the FSF hosted site. No problem.
Hey, I don't like the VA Systems->Linux->Software scam. I'm part of the gang whinging about the 'post'. And I often question the integrity of folks. But sourceforge.net never promised anything, and they haven't disappointed me yet.
Nothing to see. Move along.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
of getting Sourceforge to kill off old, inactive projects? Seriously, the tree needs a little trimming. One has to wade through so many unmaintained alpha releases when trying to find a specific thing that it's easier to do a search on Google these days.
SF is a great resource and all, but there needs to be some way to filter out the abandoned stuff.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
You get what you pay for after all.
An ironic quote coming from someone who supports FREE software.
After being registered for over two years, about a week ago I started my first project there. And a couple days later they change their policies so they can kick me off, keep all the stuff I put up there, contact me whenever they want and sell my personal information. Coincidence? :-)
It's a bit questionable if you need a CVS somewhere else, a mailing list archive somewhere else, a patch archive somewhere else, project homepage somewhere else.. whether it's any use to have them a SourceForge at all.. too bad since it really is a great tool, even if sometimes really laggy.
This sure ain't good news for maintainers of small projects.. especially of projects of questionable usefulness..
Software should be free as in speech, but if we also get some free beer, all the better.
1. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
To say that the clause at the end claims the privacy policy is "not true" is pretty simplistic. It attempts to avoid iablility for circumstances beyond their control, which is a far cry from disclaiming the entire thing.
In other words if armed men break into our facilities and steal our database and sell it to spammers, or our daatabase administrator gets a brain tumor and tries to "MAKE MONEY FAST!", we think we shouldn't be sued.
NO GUARANTEES
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
Since I don't think we're dealing with an vast evil corporate conspiracy here, I don't think the proper reading of this is "these statements are not true."
Basically they're protecting themselves against crackers. If someone steals the password list, they aren't responsible. I don't think that this means they're going lax on security or forgetting about privacy, it just means that shit happens, and they don't want to be sued.
As to the rest of the changes: this is their perrogative. They don't have to warn you about service changes. And if that fact alone bothers you, you can take your (non-paying) business elsewhere. It's how they use this priviledge that matters, and I don't think that they are going to radically alter their service in an attempt to scam users.
In Capitalist America, bank robs you!
You get what you pay for after all.
... and I can relate, as I have some libertarian leanings myself), then I suggest you consider, with an open mind, the implications of applying one set of assumptions (scarcity and greed driving a free, self-organizing market) vs. the actual conditions (a fundamental lack of scarcity in the electronic world) which may well make those assumptions invalid in the context in which you are trying to apply them.
... we are dealing with an area that interfaces the (cyber)world of virtually unlimited abundance (virtually zero-cost copying) and the physical world of scarcity. It is along this interface that the most interesting problems and opportunities are going to arise (and the area the copyright cartels would be concentrating on if they had any intelligence, rather than trying to use authoritarian laws to impose their business model on a world which lacks the scarcity they require).
Amazing. Now I understand why the slashdot editors really appear to not "get" a lot of fundamental things, like the ongoing, direct harm the Copyright Cartels (Hollywood and the music industry in particular) are doing to free software.
"You get what you pay for," is demonstrably a myth. (c.f. GNU/Linux, FreeBSD, non-paid sex, love be it familial or romantic, and as a counter example underscoring the very same point, Windows vis-a-vis quality, used cars, enron stock, and so on ad nauseum.). Air is the most valuable substance to any living, breathing human. Don't believe me? Try going ten minutes without it. Yet it costs nothing.
With free software you don't "get what you pay for," you get what many thousands have contributed to a public commons to give themselves and you, with a resulting value far greater than any single enterprise could possibly offer. These contributions are often completely unrelated to any economic value as defined in the traditional market sense, and are only very indirectly related to any sort of free market or monetary value at all.
If you don't understand this (because of your libertarian bent of capitalism ueber alles, perhaps
In this particular case the area is more gray
I should point out that the Free Software Foundation's GNU project offers a similar service to sourceforge called Savannah, which I highly recommend. Will the laws of supply and demand as created out of scarcity apply, or are there enough willing donars, and enough inexpensive (or free) resources available that the laws of plenty will apply? In this gray area the answer is probably both yes, and no, depending on local circumstances and conditions.
In any event, the notion that "you get what you pay for" has been disproven numerous times in the physical world of scarcity-driven capitalism (ask any number of people who have purchased property or used automobiles, only to have their worth drop to zero, or climb insanely, in no relation to "what they paid for"), and in the abundant sphere of free software is demonstrably inapplicable in nearly every case.
The Future of Human Evolution: Autonomy
1. They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
It is a free service... if they want to change something should they be shackled by having to email all the users to change anything?
2. They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
They avoid leagle entanglement for said free service... People abuse free systems, they need to be delt with quickly and effectivly.
3. They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
The users should have local backups... this is more then resonable.
4. They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
Hmmm, some web notice would be nice... but again it is a free service...
5. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
Well, if you bother to read (and comprehend) the policy you should know what you are in for, again it is a free service...
Have you read Hotmail Terms of Use?
You know they have your best interest at heart.
~Sean
I don't particularly like this any more then anyone else, but I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all.
Ain't it always the case? You start making lots of money and the Republicans start making sense.
"You get what you pay for after all."
Hmm, I'm going to say that about Linux now.
Let's see how that get's moderated.
If all this should have a reason, we would be the last to know.
Looks like a bunch of CYA stuff.
e.g. The term "reasonable effort" is open to a million interpretations. Anything you do would likely disapoint somebody. Promise nothing and you always exceed what was promised.
Use the service to its best advantage, don't rely on SourceForge (or anything else) 100%, and if it doesn't work for you move on. After all, it IS free.
"Glory is fleeting, but obscurity is forever." --Napoleon Bonaparte
These new changes are the last straw, and now after thinking it over for a long time I'm finally going to have my SourceForge account cancelled, but the new terms aren't the real problem. The real reason I'm having my account cancelled is that SourceForge's TOS requires that I "indemnify" them for any trouble they get into as a result of my actions on their system.
In other words, if I do something that upsets a corporation with a legal department, and SourceForge gets sued, I have to pay their lawyer's bills.
Because of that clause, I can't do anything that is legally sensitive; and because free software is by definition revolutionary, I can't do anything real or important on SourceForge at all. I respect and admire the Freenet people, who are going ahead and hosting with SourceForge anyway, but I have no wish to emulate that display of courage. I don't blame SourceForge for having the indemnity clause in their TOS, but it means that their service isn't much use to me. The risks are just too great.
Incidentally, y'all have missed the most important new terms in today's revised TOS - the new DMCA compliance terms. Those, too, are perfectly understandable, and I can't blame SourceForge for having them. As a business operating in the U.S.A., SourceForge is legally obligated to have DMCA compliance procedures. But if I had any illusions left that SourceForge was part of the revolution, those illusions are gone now. SourceForge is now just another profit-making business, and I don't need, or have any particular reason to want, to do business with them. I'll be hosting my free software on amateur servers outside the U.S.A. (I'm outside the U.S.A. myself) where I can be assured of its continued freedom.
CmdrTaco wrote:
but I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all.
What the heck kind of attitude is this for the founder of a pro-Open, pro-Linux website, CmdrTaco?! I took a quick diff of the terms of use changes, and you're right, it's not a big deal. But reinforcing the myth of "you get what you pay for" doesn't help traditionally minded people embrace new paradigms such as Open and Free. Tsk tsk.
While I don't really think sourceforge will be going down soon, savanna is a good alternative. It is based on sourceforge source code, (it was GPL after all), and should have most facilities sourceforge users are used to. It is also garantueed to stay Free.
It would seem these types of "ad sponsered" services can only work if they perform "editorial" functions. Otherwise the "dark side" can just flood them with garbage, overloading them with junk and causing them to shutdown in frustration. That's basically another form of DOS attack, it's more subtle though and even sounds like a "free speech issue". Look at the problems of "junk speech" showing up on slashdot to get the idea. It's obviously done to degrade the service and cause harm... In such cases I think a vigorous response is required.
...
Anyhow let them have the tools to do the job. Personally I think they ought to offer the service for a small fee, something like a web hosting service but tune'd for the software distributor. I already keep a seperate web space and could just as easily host at sourceforge. They should also have shopping cart service for shareware and for developers that do both freeware and commercial software. Finally a small fee based update subscription service would be great for people who don't have the time to track all the different projects. Something that auto-pulls stuff to your system but lets you control install/backup
After visitng linuxworld and drilling their sales reps we came to the conclusion that Sourceforge can't compete with free alternatives. (by 'we' I mean the software Co. I'm working for)
Bugzilla/bonsai/tinderbox provides a more complete solution. We were even able to modify the trio to deal with java, our many different build scripts (make is rather lacking for java), and our test automation.
What we found was that Sourceforge provided discussion groups which we got using exchange or INND, bug tracking which wasn't nearly as feature rich as bugzilla, and cvs integration which bonsai provided just as well. It was still lacking the automated builds, and by the time they got back to us after linuxworld we had allready deployed the bugzilla solution (partly thanks to some nice debian packages put together by Remi Perrot).
One large drawback is that bonsai relies on glimpse as its fulltext indexer. Glimpse used to be free but since then has gone commercial. We were, however, able to find some old glimpse source (which may have been GPL or artistic license - perhaps we should redistribute the old code as GNUlimpse).
We have made our own tweaks to bugzilla/tinderbox/bonsai and contributed a few of them back to the mozilla developers (in the future probably all will be recycled into the public implementation).
I can see that somebody might get their account deleted without any notification and lose all of the work they've been doing. If I have to make an effort to keep copies of everything somewhere else in case something happens, why exactly am I hosting my work there in the first place? Seems like an e-mail and a couple weeks notice would be nice.
This sig has been temporarily disconnected or is no longer in service
Yes, it's CmdrTaco's site, but it looks bad when a VA employee uses his position to put his opinion that a controversy involving his employer is a non-story in the article rather than in a comment.
It would be better form to use a just-the-facts approach in the story itself and then post opinions as comments like every other user. Another possibility would be to have a separate "Editorials" section for staff members to give their opinions, and to have a separate news item and editorial in cases like this.
"You get what you pay for after all", what a laugh coming from a open source advocate. BillG must love it when comments like this get pointed out to him.
I've been hedging my bets for a while on Sourceforge. I have a fairly popular project (over 1 million downloads) hosted there. This week I've averaged something like 5000 downloads/day at 10+MB each (which is why I have it on SF rather than on a server I pay for). I've been questioning how long this can last. There's no way SF can get enough revenue from my project to cover that kind of bandwidth usage. So, I wrote a simple PHP-based distributed mirror system (100% Buzzword Compliant(TM)) that lets people handle very small portions of the download traffic with daily bandwidth limits. I'm hoping to start shifting some of the burden off SF so that it isn't a single point of failure in distribution. Eventually the gravy train of massive free bandwidth is going to end.
The Glass is Too Big: My Take on Things
How about this? Replace PROJECT with your project name:
(change into a suitable directory to put your CVS tarball in)
(change to where you want your working directory)
I think the GNU project is running something called Savannah which is basically sourceforge's engine running on their server. Yep: http://savannah.gnu.org/ Disclaimer: I really know nothing about the service save that it exists, RTFFinePrint. For all I know, there is an "All Your src Are Belong To Us" clause in the user agreement.
News for Geeks in Austin, TX
Anyone have comments about the maturity of Savannah? I know of several projects that have moved from SF to Savannah recently and wondered how comparable the two services are.
From the Hostmail Terms of Use:
By way of example, and not as a limitation, you agree that when using a Communication Service, you will not:
Funny. I thought that point was their business model and represented their 'heaviest users' base! (Of course, if you dont like it, you can email their abuse department at angelgirl435_abuse@hotmail.com
"Old man yells at systemd"
You get what you pay for after all.
Did CmdrTaco, one of the helmsmen of the most popular Free/OS news sites in existence just mimic what Microsoft PR/FUD machine has been saying since Linux showed up on its threat radar?
Why isn't everyone kicking CmdrTaco's ASS?
m00.
you're a commercial company, but you've shown your dedication to open source. Please start hosting something like SourceForge so we can stop having to trust SourceForge. You seem safer.
Dear IBM,
you are new to open source, but you've produced a lot of great technology over the years, lost out to Microsoft for a dose of humility, and shown recent commitment you open source. You own Lotus Notes, and you host that free really cool patent database. Howsabout you start hosting something like Slashdot? it's a discussion forum just like Notes. Oh, and host something like SourceForge too while you're at it.
No, guys, not to drive these other guys out of business, but because competition makes everybody perform better, just like in the Olympics. It's so much easier to trust competitors than monopolists.
News for Geeks in Austin, TX
Yes, the users should have local backups. But of what?
Another poster commented that this wasn't a big deal because "I update my local CVS checkout daily." So what? You have the latest current version, okay, true, that's good. But without the CVS repository itself, you've lost all the history (diffs over time, commit log entries, etc).
For the projects I care about, I use rsync and get a local copy of the CVS repository itself; that way I have it all. (It's also handy to be able to check out a copy from that repository; CVS ops go really quickly. *grin*)
I'd like SF.net to make a "reasonable effort" to mail me the CVS repo. Other than that I don't particularly care.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
SourceForge will eventually either need to charge money or will be spun off as a (soon to be bankrupt) spinoff business, leaving VA Software with just the various web sites. The web sites are probably (barely) profitable with the cost-cutting that has been done on them over the past year or so. SourceForge is not profitable, and never can be.
I currently have four projects hosted at SourceForge. I download the CVS web-ball every night in my crontab, and am investigating alternatives. At the moment it appears that any alternative will require developers to fork up money to help pay for the bandwidth. SourceForge itself has too many big (bandwidth) projects to make money even then, because if they charged what the bandwidth costs, most of those projects would end up hosted elsewhere shortly with companies who can hide the bandwidth costs in their accounting noise.
Does this mean that I wish SourceForge ill? Of course not. I just don't see how it can ever be profitable, and thus while I'll use it while it lasts, I'm not banking on it.
Send mail here if you want to reach me.
I thinking keeping old projects around is a good idea, if the projects have actually done something. Too many times I've looked into a project only to find that absolutely nothing has happened other than the project's name being approved and added to SF. Even the homepage hadn't been touched.
Those projects are the ones that need to be removed. An empty project does nothing but take up space.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Let's look at this a little more objectively. Hosting kernel.org costs about $80,000 a year (Larry McVoy posted this number to lkml about a month ago) at the least. It's an ftp site. That's bandwidth, not any warm bodies doing admin, not any fancy database stuff, nothing fancy just an ftp server and a minimal web site. Sourceforge has to cost 20 times more, probably more, to run. I have no idea what the numbers are but it has a staff and a huge amount of resources to manage and keep running. Personally, I'd assume that it's in the neighborhood of $5million+ a year, that's just my half-assed guess though. That's some substantial output for most companies, at IBM you can't spend that kind of money without producing something, people notice chunks that big. At most places, that kind of funding simply isn't available for something like that. At some point the free ride has to end, or something has to come out of it, or something has to change. Even a company like MS would see $5mill on the books in red ink and not black and there would have to be some reason to justify it and goodwill towards the community might not be enough.
Then with subjects like these, things rise up. Well they should trim dead stuff out of the tree, trimming the "dead" stuff is silly becuase it might be useful to people, that's the whole premise, if it's in use anywhere then it's not really dead. It might be dead to you and me, but that guy who is using it might want it. They should do x, y, or z to better support projects like q. They could do this or that. I think the most alarming propect is that there will be code in SF and it could be lost because of a policy change. I can get over most things, the changes to the mailing lists, and various other things they've done, it's free and you get what you pay for but a big part of the justification has been to promote interaction with developers to give VA a community they have close ties with and to promote open source software development. The idea of losing code is appauling, SF no longer serves a big part of its purpose at that point. That's what brings credibility in to question, what are they doing to prevent that from happening? Can I buy a set of DVDs that have SF backed-up on to them? Or is this it, the policy change is that there won't be any warning of future policy changes and those might cost you your code. I understand that they might have to sell stuff, or charge for services or do lot's of different things. I also understand that services like SF are prime for pirates and porn hustlers and others to use to propagate data and they need to protect themselves. It's time to look to tigris, Savannah, and Berlio more seriously.
I wonder if there is something we could add to licenses that would prevent a place like SF from shutting down and taking your code with them.
I think centralized open source projects in working developer format, especially concentrating them all in one organization, is a bad idea.
1) Break ins.
2) Sourceforge is bought by Microsoft.
3) Disruption to work to SO MANY projects at once, due to break ins.
The disruption and dependance of the Open Source way on one organization is probably a bad idea. Not that SourceForge is the one stop and only place on the net, but it has a large enough number of projects to be of concern.
I don't know why or what sourceforge is that is is such a big deal to have projects here. Big fat Pipe perhaps?
There are plenty of tools for individual projects and group projects that work just fine and are free for everyone too use.
There are too many gotcha's that could impact too many projects if someone got in and decided to spend the next 5-10 months secretly writing small back doors into fairly large projects, that just perhaps not many would notice.
Makes my skin crawl just thinking about it.
I think source forge should probably be a "BinaryForge" with MD5 and CRC signatures with perhaps the ability to sign out certs for binarys that are extremely critical.
Perhaps a mechanism to post builds from CVS systems authors maintain themselves to sourceforge of binaries would be OK.
At least that would maintain the ease of use of getting all your goodies from one location.
But in general I don't think it is a good idea to have so many open source source code trees in one place on the net.
-hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
They could take your work and sell it under their own copyright.
Umm, no. You don't sign away your copyright when you host something on Sourceforge. In many cases you don't even have the authority to do so if you wanted to. Sourceforge has the right to do whatever they want with the copy of data on their server, they can delete it and they can delete your account, but they don't own the data you stored there.
But that's okay. "The sky is falling!" is catchier.
Has CmdrTaco lost his mind? He uses a free OS yet he says "you get what you pay for". Go figure. Of course he'll say anything to defend VA
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
No- they couldn't say this because all the projects on SF are covered by various open-source licences. E.g. my project on SF is covered by the apache licence. SF couldn't suddenly claim it as their property because the apache licence doesn't allow this.
graspee
I use Savannah and it is a very slick service, well documented (as is Sourceforge), it's also nice to be able to cut time by been able to automatically apply to be a GNU project. The licensing issues are well dealt with (anything as long as its FSF approved) and any questions that I have posted have been answered in hours.
With regards of compatibility there is an offer (when you sign up) to use your existing CVS's data on their systems. The only caveat was that they are far stricter with licensing. So if you use the Sourceforge CVS it should be easy (providing the licence is OK) to transfer to Savannah.
You also geta homepage at: http://www.freesoftware.fsf.org/yourprojectname
Which is adminned via RSYNC or CVS over SSH.
So almost identical to Sourceforge.
It doesn't seem to be as fast as Sourceforge, but this is opionion and I have no metric to support this.
e4 e5
AFAIK, there are no tools to pull the contents of the bug lists, patch lists, etc off the site. There probably never were.
So, here's what we need:
1. Tool to "web-scrape" the contents of the bug-list for a project.
2. Tool to "web-scrape" the contents of the patch-list for a project.
3. Tool to "web-scrape" the mailing list archive and member list for a project.
4. Tool to put together a mirrored CVS repo (a la CVSup, but it just needs to work in one shot).
5. Any other similar tools to above needed to reconstitute project state on a different host.
Putting an XML-RPC interface on these would allow them the most general use.
We've always needed them. This announcement doesn't really change anything, but it should bring the point home that we who admin projects are responsible for our own disaster recovery, just in case Lars Ulrich decides he owns that sample mp3 of your cat hacking up a hairball because it sounds just like Metallica.
And finally, just a common sense clarification, in case some people don't get it: don't put crypto on SF, because it'll probably get DMCA'd.
I'll start the project on sourceforge.net (of course). Volunteers welcome.
Yes, publically defending changes made by your owner, especially considering how those changes would likely be savaged if done by an opponent, raises deep issues of conflict of interest which deserve better than such an offhand dismissal.
After all, how different is "You get what you pay for after all", from "If you don't like our click-wrap license, don't use the software"?
Sig: What Happened To The Censorware Project (censorware.org)
This article simply isn't complete without the standard "VA = Satan himself and I told you so first" comment from Bowie J. Poag.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
This DOES mean that I'm reluctant to use SourceForge's forum and bug tracking and etc. software, since those cannot be easily backed up. Luckily I don't currently work on any multi-programmer project where bug tracking is necessary (and as for their forums, I prefer mailing lists and don't enable the forums on any of my projects).
As for VA, I've had my reservations about them ever since interviewing there in 1999 and finding that all the top VP's were former Apple and Sun people installed by the VC's and that the people who'd built the business were relegated to low-level sysadmin and wrench monkey jobs. Their business model also sucked, they needed to be the Dell of the Linux business and were instead trying to be the Compaq of the Linux business. VP's who didn't understand the Linux business, disgruntled employees, bad business model, to say I lacked enthusiasm is an understatement. I hate to say "I told you so", but I suspect that if I pulled out the EMAIL's that I shared with VA VP's back then, they would be eerily prescient.
-E
Send mail here if you want to reach me.
It's the same general deal you get anywhere these days:
You can't get us for nuttin..
We don't know nuttin, and if we did, we wouldn't admit it anyway..
If you got it, it's ours, an' we're gonna take it no matter what you do..
Here's a real punchline from the Privacy Statement:
uh.. then who is in a position to guarantee what Sourceforge itself has just attested to?
No-body!
End of discussion!
And have a nice day!
t_t_b
I'm on PJ's "enemies" list! Are you?
Sourceforge has been a strong supporter of OSS for some time and I believe I understand the issues with leaving a project without any activity alive forever.
My concern is the potential loss of projects that could occur if under the terms SF sells or dissolves. Without a reasonable recourse (even if SF has the best of intentions today), we would have people keeping copies of entire projects waiting for the current or future SF organization to decide to kill off project XX. Then how would the rest of us find it later? (SFapster?)
While it is certainly their right, as they own the machines, part of their popularity has been the ability for projects to get slow starts, have long development cycles, and even close but still have the code around in the event it is ever needed.
Perhaps it has been unrealistic to expect any company to absorb the cost of potentially the largest change management system on the planet for free. However, the also fostered that idea.
While people will argue it is not a big deal, it will be when they need to exercise the right to kill projects and do so without notification.
Perhaps a alternate solution would be a source forge front page notification of "projects about to be killed unless we hear someone is willing to own it." At least there is a possibility someone would see it before the "messenger of death" strikes.
Just look at the numbers from the PC Division. Up until last year they lost lots of money from that division.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
Are you sure you really want to say that, being a free software advocate?
Well, my offer is still open from the last sourceforge rounds.
If you want hosting, no ads, no hidden requirements, no surprises, let me know. The SOSDG is run by individuals, not by any company.
The Summit Open Source Development Group
Brielle
Now you're confusing things.
The slashdorks said "You get what you pay for". They did
not say "You get what you pay for vis a vis online services."
Therefore they did indeed imply the very statement that is
debunked in your comment's parent. So there is no confusion.
Except on the part of Mr. Taco.
-josh
If you don't like the new sourceforge.net agreement, you can use always savannah.gnu.org instead. Or you can run your own sourceforge type site by entering apt-get install sourceforge on just about any Debian GNU/Linux machine.
That's my version of the old saying, and I think it is not only more correct, but contains within it the same wisdom that the original did.
:)
It's not just free software that can be worth more than you paid for it. Sometimes generic brands can be as good or better than more expensive name brands. It happens all the time.
But at the same time, in a lot of cases, the better thing -is- the more expensive one. So the old statement isn't -totally- false, just often enough so that it needs to be changed.
so help me change culture by spreading the new saying.
The enemies of Democracy are
Claiming ownership is common practice with some of the more obnoxious sites. See, for example, AudioWeb's terms of service, which include "Content you post to AudioWeb becomes the sole property of AudioWeb."
If you have code on SourceForge, it would be a good idea to register copyright, so as to make an explicit claim of ownership prior to any further changes at SourceForge.
2) Sourceforge is bought by Microsoft.
/. post formula--1 part anti-MS, 1 part general conspiracy, season to taste.
Cooooome on. What possible damage could Microsoft do to SourceForge, other than shutting it down? Or maybe 2) was just part of the typical
News at 11: Microsoft buys SourceForge, ends Open Source forever.
Sound ridiculous? Of course. I certainly agree with the other aspects of your argument--a single point of failure is never a good idea--it just struck me how ridiculous 2) was.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
They're choosing to take advantage of the "safe harbor" provision for ISPs (DMCA section 512, not the anticircumvention rules). 512(c) immunizes ISPs from liability for postings of their users, provide they follow "notice and takedown" procedures including the listing of a designated agent.
Even if they list an agent, service providers still have the option of refusing to remove material if they get a notice of claimed copyright infringement, and of taking their chances in court. The subscriber receiving a claim of infringement can also file a counter-notification asserting that the material is legally posted.
-- Openlaw: Fighting for fair use and the public domain
OTOH, I don't think anyone really expected Sourceforge to stand up to the RIAA should they attempt to bully them into shutting-off web access to a project like Freenet anyway (although looking at page views, Freenet is three-times more popular than SF's next most viewed project).
This is a wake-up call though, I will definitely start thinking about alternatives now should I ever wake up to discover that SF has shut down Freenet's account under threat from the RIAA.
And NOT using WebWasher :)
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
I think the main weakness of SourceForge is that it is hosted by a single entity. The tremendously valuable information hosted by freshmeat is a similar example. It does the FS/OS community no good to have the various project sources cached all over the place if we have no way to access information about the projects, including where they are, what they do, and so forth.
.lsm (linux software map) files. This could be submitted to multiple places on the web. Freshmeat might parse it into their database, while metalab might just through it in the .osm directory. But at least there would be a way to track things down. Google would help a lot.
How can we surmount this problem? Maybe by making a set of standards (beyond the informal ones that exist now) for how to document what your software is and where to get it. This could be a variation on the old
I am concerned that a lot of good code and good projects are left to die while other people re-invent that particular wheel. Since FS/OS is based on volunteer work, we can't really afford to throw it away or waste it. I hope other people who also have ideas about this will reply to this, and perhaps we can get together a mailing list or something to brainstorm about possible solutions to this problem.
but they don't own the data you stored there.
Unless of course, they silently change their terms to read: "..by using the Service you agree that all code, data, programs, ideas, algorithms, images, sound files, and mailing lists become the property of SourceForgeCorp.".
The privacy clause is just a result of Oracle's stupid "uncrackable" promise, and the realisation that online companies can't possibly make such guarantees. They're saying they'll try their hardest to avoid disclosure of private info, but because it's online, there's always a chance it'll get abused. Not that big a deal IMO - if you post private info over the 'net you deserve what you get anyway.
I always say you shouldn't send anything over the 'net unencrypted that you wouldn't put on a postcard, and nothing encrypted that you wouldn't put in a standard letter. No matter what promises the intended recipient makes. Period.
Why is there only one Monopolies commission?
They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
This is the part that disgusts me about "Terms of Use". Basically, they could say anything they want, and you would be bound by it, before you can even read it!
So Tuesday, they can say they don't own the copyright in your programs, but Wednesday they can, and NOBODY WOULD KNOW until AFTER the terms went into effect.
Yes, they have the right to put pretty much anything in their terms, BUT they should have to make a reasonable effort to inform their users of any new terms.
Free markets work best when information is available about your choices. Saying "if you don't like it, go elsewhere" is silly if you don't know what it is exactly you just agreed to.
There should be a consumer protection law that says, you have 30 days before new terms go into effect, no matter what. Then you would know, just have your attorney or your web-page watcher script check the terms every 30 days. But now, they can change them twice a day, or just for 5 minutes every night, or whatever, and nobody knows.
Of course every company is completely honest and above-board and would never change their terms like that, would they??
I would also suggest a better way of selecting the status, language, etc filter of projects. Currently, if I'm browsing the tree, I have to find a stable project and select it's status as a filter.
Of course, I can select by status from the get-go, but then I see all stable projects and can't follow the tree. This would help when browsing around just to see what's out there, but that is the way I find things that I haven't seen before.
Another suggestion would be to allow selection based on a "given status or better" so one could find beta AND stable projects.
Just some ideas. Do with them what you will.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Still, with this change there's nothing to stop them from trying. Having to give 2 weeks notice would have...
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
Let's see, Microsoft spends $1,000,000,000 to promote XP through print, TV, Radio, purchase of journalists, politicians and stenographers and billboards. This brings abslolutlly nothing in return but some marginal good will that they nullify with poor programs and scandal. Their sales are kept through extortion and other monopoly tricks. Yet people consider it a viable business.
You would conclude that Red Hat, IBM and Source Forge taken as a unit are not a viable business? Source Forge returns good will and programs for free use to both Red Hat and IBM. Without that kind of PR, what does Open Source have? The scale of losses you quote, if accurate are nothing to a company with revenues in the billions. Those paltry millions, spent on ordinary adverts, could hardly push a brand of soap.
The only think that can kill source forge is a betrayal of free software or some other greedy grab move. It's bad enough that they would switch to comercial databases and made the site an advertisment for software they would sell rather than a demonstration of free software they would service and issue with equipment. Anything to lessen Source Forge good will or software contribution would hurt them more than any direct costs.
Friends don't help friends install M$ junk.
Yeah, I'm that guy.
First demonstrably true statement I've seen in this story (other than ``FSF hosts Savannah''). Last time Hotmail changed its terms of service, SlashDot was indeed up in arms, not to mention legs, tentacles and antennae.
Got time? Spend some of it coding or testing
They baited many os projects and are now switching terms and setting the stage to really pull the rug out at their convenience.
I now think entities (companies, organizations, et al.) should also post a minimum time-limit to an "offer" - whether dollars exchanged or not.
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
Okay, it's a free service and you get what you pay for, yadda yadda ad disclaimerum.
But what I fail to comprehend is -- how on earth do these new terms create any reduction in the cost of running Sourceforge?
~REZ~ #43301. Who'd fake being me anyway?
In medieval times, hanging was a fairly swift method of getting what you wanted. Everyone from members of royalty and clergy, all the way down to prominent land owners and lords..they all engadged in offing their competitors in order to retain power and prominence within their communities. An accusation would be made, the unwitting victim would be captured, given a speedy trial, and swung from the gallows often in less time than it took for the victim to know that he was being railroaded.
In modern times, the members of royalty and clergy are now the CEOs and board members of corporations. Lords and landowners have become management, and perform the same role as their medieval counterparts -- maintenace of the kingdom and its assets. The game and its players have remained the same--Its only the strategy that has changed.
In a nutshell, VA has a problem. That problem, wether you like it or not, is you. You as a developer on SourceForge stand in VA's way of becoming profitable. You stand in the way of VA asserting ownership over your work, to repackage it and sell it. They cant sublicense it, since the nature of the GPL doesn't allow it. However, nothing prevents them from co-opting your work, as they have done to many people in the past, and leave you holding the bag.
The way in which VA needs to eliminate you is fundementally the same as how noblemen eliminated pesky serfs and minor land owners. They both found a way to put their enemy's head in a neuce, tighten it up, and knock the floor out from underneath their feet. Slowly but surely, VA is tightening the neuce around the neck of SourceForge's developers, so as to allow them to assert ownership and control over your work. Its a slow process that involves tweaking the terms and conditions of the usage agreement over time, allowing them to dictate what happens to the data you've "donated" to SourceForge. You can be assured that in another month or two, VA will make yet another revision to the usage agreement in a way that benefits them, at your expense. Its a well known tactic in the business world..write up the contract in such a way that you can go back and modify it without having to notify the other party--By the time they realize they're hanging by the neck in the town square, its already too late.
Soon you're going to see VA claim to "manage" less-active projects under the auspices of "community involvement"...You'll hear some bullshit about "We support the Linux community, and we want to see good projects go to waste..So, we've identified a hundred projects that have been languishing on SourceForge for some time, and we will be breathing new life into them!"
So, if your tie begins to feel like a rope around your neck, stop and have a look at the situation. VA is not an altruistic company--The whole Linux scene is filled with stories of how VA and its employees systematically screwed hundreds of us. Their primary objective is not to make you happy. Its to make money, even if it's at your expense. Look into moving your project off SourceForge. If you're a project manager, issue a statement disallowing VA from ever asserting control over your project, in any form. If need be, switch your code's license from GPL to something hijack-proof. Look into Savannah, or iBiblio. Anything else is tantamount to neglect of your own project, as you're laying out the welcome mat for VA to come along and kick the floor out from beneath you.
If they think they can take the unpurified ore of your code, smelt the gold out and sell the ingots, you can bet they will. They're certainly not the first, and they certainly won't be the last company on Earth to do so. They did it to me, they did it to my friends, and they'll do it to you if you aren't careful. I made the mistake, like many of you, in believing that "VA would never do anything like that to us.." Ask yourself this: Isn't that what they WANT me to believe?
History is filled with martyrs that hung for their beliefs..But in the end, its them who lost the battle, while the fat got fatter off the work of the people.
Cheers,
PS..VA is Satan himself and I told you so first.
Bowie J. Poag
I have no problem with porn. In fact, I state that clearly on the host's front page. But I get my bandwidth from other providers, buying racks and rackspace at whatever the most valuable deal is. And many of my providers (well, most of them) say out and out "no porn." The providers that do allow porn, because they're so few in number, can charge an arm and a leg so they're not really worth pursuing.
Plus porn -- even shitty porn -- is a huge bandwidth draw. We don't have unlimited bandwidth but we don't charge for overbandwidth unless our providers start bitching. Confused? Basically it means we charge users what we get charged, and we only get charged if we push a certain lebel of bandwidth. Porn is very very popular shit, and good porn has very large file sizes. And since users aren't likely to save it to their hard drive, it gets downloaded again and again and again. Even a small porn site pushes more bandwidth than our larger 10k hit sites.
So, more bandwidth usage, more expensive bandwidth and the possibility of getting disconnected from our provider? I don't think so. In this case, it's feasibility, not morality, that forces censorship upon us.
Hey freaks: now you're ju
An interesting idea. I would say, though, that the reason those projects are not already "eating their own dogfood" is that they don't support the semantics necessary for collaborative development. I'll use Freenet as an example because it was already mentioned in this subthread. As I see it, there are a few major obstacles to using Freenet itself for this:
This is, again, not to pick on Freenet specifically. Some or all of the above concerns would also arise with every other "P2P" or filesharing network you could name. Great ideas, in many cases, but at this point in time not really suitable as a basis for a source-code repository.
Slashdot - News for Herds. Stuff that Splatters.