Good News, Sourceforge stops bundling adware with installers
Sourceforge, once the go-to site for open source project management, has experienced a rough time in recent years thanks to the rise of competing services like GitHub, but also because of the DevShare program and placement of advertisement on the site.
Projects hosted on SourceForge could apply for the DevShare program to bundle adware with project installers for the Windows operating system.
The then parent company of SourceForge tried to expand the reach of the program back in 2015 by adding the modified installer to abandoned projects as well, but quickly stopped doing so after the site was hit by a storm of bad publicity over the change.
Sourceforge and Slashdot were sold to BIZX back in January 2016, and it was clear right from the start that things were going to change dramatically.
The company had plans to regain the trust of the open source community, and to become once-again the "most trusted destination for open source software discovery, development, collaboration and distribution on the web".
Logan Abbott, one of the owners of BIZX, told Foss Force that he disagreed with "some of the previous monetization strategies", and that his company had "immediate plans to discontinue programs inconsistent with [..] being a trusted and reliable source for the entire open source community".
Abbott confirmed this in a new blog post on the official SourceForge blog yesterday where he announced the termination of the DevShare program on the site.
Our first order of business was to terminate the “DevShare†program. As of last week, the DevShare program was completely eliminated. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software, and this was a clear first step towards that. We’re more interested in doing the right thing than making extra short-term profit.
A quick check revealed that the SourceForge installer is no longer used by projects like FileZilla that used it in the past. The programs are delivered without a wrapper that promotes the installation of third-party software on machines running Windows.
The move is just one of several that the new owners want to make to regain the trust of the community. While no specifics were revealed in the blog post, it appears that SourceForge could once again become a trusted destination for open source projects.
This won't happen overnight though and it is still too early to tell how the plans of the new owners will pan out.
Still, the termination of the DevShare program is a step in the right direction.
@wonton
Yeah,I found that too.
I’ve used a program for a long time that’s natively available only on SourceForge. I’ve been afraid to update it because of well documented concerns, but did so recently with no problems. It’s good to see even long term problems can sometimes be corrected.
WTF….
I had almost all subscriptions checked and uBlock Origins is blocking SourceForge…. hahaha…. :D
Hello,
Is SourceForge’s new owner named BIZX or BZIX? The article gives both spellings.
Regards,
Aryeh Goretsky
It is BIZX, sorry for the typo.
a user still need to be careful when installing a 3rd-party program:
* upload the downloaded exe to VT
* test on a vm
* scan via an av
* perform d custom install mode always.
Way too late, especially now when most projects moved to GitHub, FossHub and others. They had 5 years full of running ads everywhere, add 3 of devshare and the result is a mess for the new owner. I would add the third sale, which doesn’t provide confidence, looks like an unstable service. Not a long time ago, there was only one: SourceForge but their greed killed this website forever. Better start a new project and forget about it, this site is dead.
GitHub provides Git hosting only, and there are those who don’t want to use DVCS or git in particular and decided to use other VCSes for some reasons: http://stevebennett.me/2012/02/24/10-things-i-hate-about-git/ & http://svnvsgit.com/ & https://bitquabit.com/post/unorthodocs-abandon-your-dvcs-and-return-to-sanity/
At the same time, SourceForge supports svn and Hg, so it could (again) be the place to host OS projects using Hg or SVN instead of git.
They’ll all come to it, if not for ethical reasons at least for the sake of intelligence : there is no way out of authenticity, fairness, I’d dare say morality, when an attitude, a plan, a policy aims to have Time as a faithful partner. Some understand it immediately others come to it, unfortunately being obliged to virtue sort of devalues it. Tricks and dishonesty are never eternal. Like many I’m so fed up with unfair practices that the above credo helps me not to condemn hope. And don’t serve me the eternal “that’s business” : business and honesty can coexist and business honesty is even becoming a plus value. Be it said, you you and you : be fair, honest and don’t wait hell to start striving for the above.
Gosh, what a pain, you have to be careful everywhere nowadays, stressing, bad for my cholesterol.
If you click on the link provided by Martin to the blog announcement, you will see a number of very negative comments by users who had some bad experiences with SourceForge wrappers – as well as from at least one developer of a long-abandoned program which he cannot delete from the site.
This may be a good first step – but apparently SF has a lot of damage to clean away before they can regain the trust of the community.
heh, I put that bitch in my hosts and forgot about it. SF was an embarrassment. It would be great to have it back as it was, but the brand is worse than cnet’s. Definite “wait and see”.
I agree that they have to do more than just this first step, but one should give the new company time for that. They seem to be on the right track and that’s a good sign.
It’s too late, I’ve already covered this problem with AdBlock an other AntiAdware programs. There is no way back. :)))
I don’t think Sourceforge will ever recover. They’ve lost trust for so long, their name brand is now irrelevant and it feels like it’s permanently tied to crapware. Does anybody remember Download.com? Before Sourceforge they use to be a go-to site until they shot themselves with bundled 3rd party installers.
The policy change is the right thing to do but seems a little too late.
Yep. I expect same road to oblivion as the “tucows” shareware site after it was sold & became commerciallized.
eh, pass the popcorn…
zomg tucows, another blast from the past! I worked with them quite a bit for our releases.
I never had any adware “offers” in my installers from Sourceforge – maybe it’s because of using adblock/ublock and ghostery?
Oh, I use it as well and unintentionally installed something from sourceforge some time ago. Really ticked me off. Complained to a friend and found out I was totally out of the loop. Shame to see it go the same way as Cnet, download.com and others.
Most likely. I also recommend the excellent AntiAdware userscript: https://greasyfork.org/en/scripts/4294-antiadware
@Martin Brinkmann
in firefox use chrome user-agent on the adware installer downloads and you wont get offered the adware installer at all do they have a deal with google?
i found out with https://addons.mozilla.org/en-US/firefox/addon/directforge from cyberfox dev
Interesting, I did not know about this. I assume the add-on is no longer needed now though.
May be it’s related to this: «No More Deceptive Download Buttons» (Google online security blog)
Ref.: https://googleonlinesecurity.blogspot.com/2016/02/no-more-deceptive-download-buttons.html
But ihis move from Sourceforge is not enough to trust entirely this dowload web site as well as any other.
A check with Virus Total of the site and the file downloaded itself is still safer…
Ref.: https://www.virustotal.com/ (Now owned by Google by the way…)
Logan announced the plan to remove DevShare weeks ago when SF was acquired on a Slashdot thread(they also acquired Slashdot), nothing to do with Google.