Slashdot Mirror
SourceForge and GIMP [Updated]
New submitter tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP," Sourceforge had this response: "In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.
Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.
In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent. Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)
Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."
Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.
In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent. Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)
Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."
I am also pleased that they've finally posted it, but still seriously miffed that it took this long.
This behavior should get SourceForge blacklisted as both cyber-squatters and adware, possibly malware vendor.
Aren't we all smart enough to turn off the adware during install? I even know some old people who turn off "add-ons" that they don't need.
Well, given that adware 'offers' still get injected into installers, I'm going to use my incredible mental thinking skills to hypothesize "no, we aren't".
Aside from that, even if you don't get hit by the adware, having to defang an installer just to use a program leaves the indistinguishable taste of pure sleaze in your mouth for the rest of the process(looking at you, Oracle and the Ask.com toolbar...)
Sourceforge is dragging the GIMP project's name through the mud by bundling this shit, even if they don't hit anyone. That alone is more than enough to be displeased by.
I don't buy the /. editors' explanation.
This story has been repeatedly submitted since at least late Wednesday and has been voted to red multiple times in the firehose.
Meanwhile, most other red stories have already appeared on the front page, so clearly some editors were still around...
Then why the hell did you blame a busy weekend to start? Smells like BS to me.
Hard to believe that Sourceforge was once a fairly reputable place to download software from. Seems like a millions years ago now.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
And they won't run a story critical of Dice until they persuade the corporate overlords that it's too late to stop it.
It's just the Nth 'eternal September'.
It's also happening to Little Registry Cleaner. If you don't read every dialog box very, very carefully you end up with crapware (look at the reviews).
The tail end of GenX/Initial GenYs that originally ran Slashdot have moved on with their lives. They sold out (no problem with that, I would have too). Dice put a bunch of kids that grew up on Reddit in charge so you see Slashdot trying to mirror Reddit's content, 'messege', tone & look and it's showing to old hat /.ers.
If anyone is bored and looking for a place to lure my 30s year old self. Redo slashdot, allow markdown, bbedit, html, LaTeX.. editing. Keep the -2 to +5 moderation system because it limits band-wagoning and group think. Now that everyone can have an opinion it shows. I used to revel in the days that little 19 year old me was bestowed with 5 points to vote with (and tried to ration them accordingly).
Design a proper responsive layout (It was not Beta) and keep it about tech
I'm looking for a good place to discuss stuff that is relevant to me like Slashdot used to be. Reddit is good for certain things. Long drawn out posts with actual information isn't one of them. Everyone wants a tl;dr:.
[And this message took longer to type than one in Markdown because HTML is pretty slow now that I use markdown for everything, blog and all. Not that I don't know but ** is easier, ~~~~, ]
Any at all for being so closely affiliated with a company distributing adware and using deceptive practices riding on the backs of open source?
The adware bundling is also happening with Filezilla now too. I recently downloaded the FTP program to my computer at work and it set off a bunch of virus alerts with our system engineers. It was very embarrassing, but the engineers said they fell for it too.
The worst part is that there is no opt-out option in the installation process. By downloading the version of the package with the adware, you are agreeing to install the viruses. I eventually found a clean install of Filezilla on Sourceforge, but it's not obvious.
Google needs to flag Sourceforge as a malware site for these shenanigans.
i ~ Celebrating Science, Cyberspace, Speculation
Thanks for posting it, @Soulskill. Better late than never. I'll support you a bit in saying that the readers are focusing on the wrong point. It is the FOSS malware bundling which is the real issue here. The misrepresentation of a product against the author's/community's will is THE issue. Stop trolling the journalist, he's not the one installing malware on your computer, SF is.
Offering a great product for free should be good enough to drive the traffic and ad revenue that SF needs. Taking a sh** on these great projects does nothing but alienate SF from the very community that helped it gain notoriety in the first place. Sure this is old news, but 1,000 malware installations a day aren't old news. 1,000 malware installations a day should be criminal.
Coincidentally -- the day after posting this article -- a colleague of mine made a similar mistake of installing OpenOffice from a high-ranking search result and is now dealing with the consequences. Long term, I'm not sure how we fix these bait-and-switch problems, but @Soulskill getting the word out is a good start.
On a personal note... I manage the downloads for a QT-based project known as LMMS and we too feared the day that our installers would be compromized. In anticipation of this, LMMS has moved everything off of SF hosting. This took almost a year as it included forums, downloads, bug tracker, et al. We we very fortunate to get corporate sponsoring, but not all projects have success in this regard.
On a personal-side-note, I'd like to add that I've been happy enough with the services over at GitHub that I've chosen them for some of non-free projects (private, paid repositories). Is this not how revenue **should** be generated? Should the exchange of good, honest services for cash not be the norm? Should preying on the innocent and invading privacy, installing viruses for those that would least suspect it NOT be ostracized? SF has become a predator against the unsuspecting.
OzPeter,
Soulskill has apologized. Repeatedly, and professionally. Accept it and move on.
I blanked my Mac a few weeks ago and when I started reinstalling software I got some survey crap popping up on my screen asking for my details. Turns out it was the SourceForge installer for FileZilla that had sneaked it through. Googling it threw up enough horror stories to make me just blank the Mac again and start over. I'll never download anything from SourceForge again. A decade of trust destroyed in one stupid move.
Saying you had a "very busy weekend", to my eyes, feels just like a euphemism for "management argued a lot before this got posted, and when it did get posted, the expression modified binary had to replace bundled with malware".
Personal Note: "bundled with malware" is what every other place I read the article used to define it.
Personal Note 2: If I happened to stumble on some facts, I want to stress I understand them completely as I also happen to have a very policy-centered full time job. I'm just letting my thoughts fly in a comment, because, well, comment section is still community moderated in full that I know, thus still being free (in the extreme, FSF-like sense of the word "free").