Slashdot Mirror
SourceForge and GIMP [Updated]
New submitter tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP," Sourceforge had this response: "In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.
Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.
In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent. Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)
Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."
Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.
In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent. Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)
Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."
I remember seeing a submission on this early last week.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
*** BUY ACME SPEARMINT ***
Interfere with slashdot posts?
*** BUY ACME SPEARMINT ***
Issuing an opinion on something the umbrella corporation did that you may have no control over would be a solid follow up.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
This behavior should get SourceForge blacklisted as both cyber-squatters and adware, possibly malware vendor.
Aren't we all smart enough to turn off the adware during install? I even know some old people who turn off "add-ons" that they don't need.
Well, given that adware 'offers' still get injected into installers, I'm going to use my incredible mental thinking skills to hypothesize "no, we aren't".
Aside from that, even if you don't get hit by the adware, having to defang an installer just to use a program leaves the indistinguishable taste of pure sleaze in your mouth for the rest of the process(looking at you, Oracle and the Ask.com toolbar...)
Sourceforge is dragging the GIMP project's name through the mud by bundling this shit, even if they don't hit anyone. That alone is more than enough to be displeased by.
I don't buy the /. editors' explanation.
This story has been repeatedly submitted since at least late Wednesday and has been voted to red multiple times in the firehose.
Meanwhile, most other red stories have already appeared on the front page, so clearly some editors were still around...
Anyone buying the "busy weekend" excuse? Can't say I am, since the story broke near the middle of last week, and we've seen /. willfully ignore the community so many times. Look at the amount of pushback it took to defeat Beta and Bennet Hasselton.
Wonder if they'll ever drop the anti-Gamergate narrative too (probably not, since they have most of the tech media circling wagons with them on the pro-corruption side)?
This is news because Sourceforge used to be trustworthy.
It used to be a respected site where open-source developers could host their binaries without fear of someone tampering with it.
When we select submissions, voting is the strongest factor, but it's not the only factor — timeliness, factual accuracy, the degree to which it's on topic, and several other characteristics all factor in. For example, we're not going to run a 5-year-old story no matter how many people vote it up, nor a story about the sun being made of freshly chopped artichoke hearts.
If they are modifying the binary, would that not make it a derivative work? And so by the license, would that not make it a violation to call it "Gimp?" I know that would be the case on my FOSS project.
Hard to believe that Sourceforge was once a fairly reputable place to download software from. Seems like a millions years ago now.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
And they won't run a story critical of Dice until they persuade the corporate overlords that it's too late to stop it.
Any at all for being so closely affiliated with a company distributing adware and using deceptive practices riding on the backs of open source?
Not only do they bundle it with adware, but they've apparently sabotaged GIMP too - for example, they apparently changed the save dialog so that you can only save XCF files and have to click through a "you have unsaved changes" warning when you export to a different format. They added an very difficult to precisely adjust sliders to things like brush size. They took out 16 bit color support. Basically, sourceforge has really totalled GIMP. ;)
"Who the **** put an emergency exit in the interrogation room?!" -- Police chief, "Jesus Christ Supercop"
Do you even have an experience with such malware ridden installers?
The creators abuse every possible linguistic trick on the book to confuse the user about what s/he had selected and what is going to be installed. Sometimes even blatantly lying and claiming that something will not work properly if you choose not to install the optional "performance enhancer".
I had to deal once with such installer for a freebie game, which was bundled with 5(?) pieces of malware. Luckily for me it was an InstallShield which was showing a summary screen of what is going to be installed before doing anything. I had to go through the install wizard three times before the summary screen was showing that only the game itself would be installed. The last one was the trickiest: in description they used effectively triple negative and user had to actually check the box to not to install the malware.
All hope abandon ye who enter here.
For those who still use Windows and want GIMP (and a LOT of other opensource and freeware Windows programs) you can't beat Ninite.. https://ninite.com/ Ninite does all of the work to make sure you only get the desired opensource program and NONE of the crapware/malware garbage that so many installers are adding on today.. (Yes, I'm looking at YOU, Oracle... You and your fuckin' Ask toolbar on Java installs)... Thankfully I've switched completely to Linux and don't have to worry about that crap...
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
First, thanks for coming on the thread to answer questions.
Out of interest, what is the criteria for the editorial staff putting together a post. Most of the front page stories are more or less exactly as the submitter submitted them. Under what circumstances do you generally exercise this kind of editorial control?
SJW n. One who posts facts.
GPL covers the rights to use and distribute code. I was not aware that it also included the right to use of trademarks. (Assuming GIMP was even properly trademarked.) See also "Iceweasel".
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
2) I call bullshit on SourceForge's assertion that their adware only comes with projects that aren't actively maintained. There have been a lot of complaints about FileZilla downloads (see, for example, https://forum.filezilla-projec...), and it is definitely a very active project.
OzPeter,
Soulskill has apologized. Repeatedly, and professionally. Accept it and move on.
The original announcement for when Sourceforge added the "feature" of injecting malware into installers said that the money earned would be shared with the developers. So I have to wonder: did they send the GIMP a check? Have the GIMP developers demanded that Sourceforge do so?
On the assumption that Sourceforge did not, it seems like they've just burned a bridge that they shouldn't have. They killed any trust that users would have had for SF projects a long time ago, but developers who were willing to sell out have stuck around. But now that developers know that SF is willing to just assume control of a project (and the associated profits), why would any developer continue to use SF.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
I blanked my Mac a few weeks ago and when I started reinstalling software I got some survey crap popping up on my screen asking for my details. Turns out it was the SourceForge installer for FileZilla that had sneaked it through. Googling it threw up enough horror stories to make me just blank the Mac again and start over. I'll never download anything from SourceForge again. A decade of trust destroyed in one stupid move.
It never posted to the front page, but several people made postings about this to the Firehose and when it was seemingly ignored for several days after many up-votes, /. users started hijacking threads (in many cases thwarting the "first post" trolls) as their method of recourse to bring attention to the general user-base that there was an FOSS story of relative importance that was not being put on the front page. This didn't look too good on the eds since it was a negative piece about SourceForge which led to the hijackers making claims of conspiracy and censorship on the part of /. and Dice. I have to admit, Soulskill may have been on vacation, but someone was running the wheels of /. since Wednesday and making a popular post in the Firehose disappear...multiple times.
http://danluu.com/slashdot-sou...
SF claims the project was abandoned in 2013.
To quote another user from Ars:
"the files page has the folder GIMP + GTK+ (stable release) with a last modified time of 2014-11-18. In that, GIMP 2.8.14 is the latest with the 2014-11-18 modification date. The previous file, GIMP 2.8.10 has a modification date of 2014-05-29. (This is just shy of 6 months.) The one before that, GIMP 2.8.8 is also last modified 2014-05-29, and the one before that is GIMP 2.8.6 last modified on 2013-06-24. (This one is just shy of 11 months back.)
So the project was abandoned, but a year later, it's still updating files. And it had three releases in the year after it was supposedly abandoned. The last release was just a few days over 6 months ago, and the project has a history of up to 11 months between releases. How does that qualify as "abandoned"?
No, this is a bullshit excuse Sourceforge was hoping no one would delve into the details to call their bullshit on. There is no other way to put it than they flat-out lied about the abandonment."
Oh, and to boot - According to the gimp-win developer, they locked him out of his account.
That's right, SourceForge STOLE THE ACCOUNT using an account called SF-editor1 in order to wrap one of the most popular FOSS projects with a malware installer.
So here's what we do, guys. I've got a really good attorney. Same one that helped me kick EA's ass back in the Spore lawsuit days.
We band together, we find every person that has had this malware pushed on them, and we sue the ever-living shit out of SourceForge in a class-action suit where accepting a settlement is NOT AN OPTION. Knowingly distributing malware, using misleading language to get the malware to install, and the damage the malware does to the user's computer are all entirely actionable in court and we need to band together to put a legal end to this crap once and for all. We now have the evidence in the testimony of the former account holder, we have copies of the malware, we have copies of the installer, we have screencapped evidence of the lies SourceForge has posted. SourceForge is DEAD IN COURT.
Look up Mark Punzalan Law. Let him know Alex from the Spore/EA case sent you.
If you want, I can come forth as class representative again. I will be more than happy to be the headman ripping these people apart in court.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Saying you had a "very busy weekend", to my eyes, feels just like a euphemism for "management argued a lot before this got posted, and when it did get posted, the expression modified binary had to replace bundled with malware".
Personal Note: "bundled with malware" is what every other place I read the article used to define it.
Personal Note 2: If I happened to stumble on some facts, I want to stress I understand them completely as I also happen to have a very policy-centered full time job. I'm just letting my thoughts fly in a comment, because, well, comment section is still community moderated in full that I know, thus still being free (in the extreme, FSF-like sense of the word "free").