topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 2:42 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: SourceForge takes over GIMP for Windows’ account to peddle adware  (Read 11330 times)

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
SourceForge, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community—locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements.

Update: In a blog post issued shortly after this story posted, an unidentified member of SourceForge's community team wrote that, in fact, "this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current." That runs counter to claims by members of the GIMP development community.

The GIMP project is not officially distributed through SourceForge—approved releases are only posted on the GIMP project's own Web page. But Jernej Simončič, the developer who has been responsible for building Windows versions of GIMP for some time, has maintained an account on SourceForge to act as a distribution mirror. That is, he had until today, when he discovered he was locked out of the Gimp-Win account, and the project's ownership "byline" had been changed to "sf-editor1"—a SourceForge staff account. Additionally, the site now provided Gimp in an executable installer that has in-installer advertising enabled. Ars tested the downloader and found that it offered during the installation to bundle Norton anti-virus and myPCBackup.com remote backup services with GIMP—before downloading the installer authored by Simončič (his name still appears on the installer's splash screen).


TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member

That's disturbing! Because it's "not about Gimp", it's about any account whatsoever being locked out in this manner. Last I knew, Sourceforge had a decent reputation, but this could really damage it if it proves not to be a 1-time thing!


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Sourceforge has been going downhill for a while now.  That's the reason that Gimp guy stopped using them for his primary downloads.  This is just the latest iteration in their silliness.  No one should view SF as a reputable free software site anymore.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member

That's a pity.

Meanwhile, in the middle of some other discussion thread, an Anonymous Coward over on Slashdot posted that these projects also got affected by similar things:

"Other projects recently hijacked by SF include many Apache projects (Allura, Derby, Directory Studio, the Apache HTTP server, Hadoop, OpenOffice, Solr, and Subversion); Mozilla Firefox, Thunderbird, and FireFTP; Evolution and Open-Xchange; Drupal and WordPress; Eclipse, Aptana, Komodo, MonoDevelop, and NetBeans; VLC, Audacious, Banshee.fm, Helix, and Tomahawk media players; and many others."

Dropped there as an Info-Blob - I'm not all that interested in a detailed rundown. Just if this is the thing they are doing, via your note, it's an FYI level item to me.


app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
"Other projects recently hijacked by SF include many Apache projects (Allura, Derby, Directory Studio, the Apache HTTP server, Hadoop, OpenOffice, Solr, and Subversion); Mozilla Firefox, Thunderbird, and FireFTP; Evolution and Open-Xchange; Drupal and WordPress; Eclipse, Aptana, Komodo, MonoDevelop, and NetBeans; VLC, Audacious, Banshee.fm, Helix, and Tomahawk media players; and many others."

Those are mentioned in the article, too, along with "and a host of games, utilities, and other applications."

No one should view SF as a reputable free software site anymore.

Well, I certainly won't.

When I said it was easy to make money giving away other people's free stuff, this wasn't quite what I had in mind, and violates one of the main rules for doing so: Don't do it in such a way that it pisses off the creators of the stuff you are giving away.

fenixproductions

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,186
    • View Profile
    • Donate to Member
My question is: what prevents us from other free cloud companies taking over "our"  stuff?

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Some download sites also have "editors" who create pages for software that look like the author put them there. I've had this happen with BrotherSoft for instance.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
My question is: what prevents us from other free cloud companies taking over "our"  stuff?
-fenixproductions (June 06, 2015, 02:21 AM)

Nothing.

Which is one of the reasons that I've been periodically screaming, ranting, and cursing for years about "the cloud" and "SaaS" and all that other crap.

Very often "free" should make you turn tail and RUN!
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
FWIW:

In an effort to address a number of concerns we have been hearing from
the media and community at large, we at SourceForge would like to note
that we have stopped presenting third party offers for unmaintained
SourceForge projects
.

While we had recently tested presenting easy-to-decline third party
offers with a very small number of unmaintained SourceForge projects,
we discontinued this practice promptly based on negative community
feedback.  At this time, we present third party offers only with a few
projects where it is explicitly approved by the project developer, or
if the project is already bundling third party offers.

via https://sourceforge....pt-in-projects-only/
« Last Edit: June 16, 2015, 06:42 PM by ewemoa »

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member

That's a bit of an odd wording. I'll try chopping it up a bit:

"
(While we had recently)

tested {{testing what?}} presenting

(easy-to-decline)

third party offers

(with a very small number of unmaintained SourceForge projects,)

we discontinued this practice promptly based on negative community
feedback.
"

Let's see:

- Surprisingly clear actual language, and not buried in mountains of biz speak
- Let's assume the last line is not a lie
- "third party offers" doesn't contain "over-sell words" like "valuable offers"

So then the main "missing animal behind the curtain" is what were they testing ... and what did they *predict* about the negative community feedback?

I'll leave it open ended for a bit there for y'all.




Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,746
    • View Profile
    • Read more about this member.
    • Donate to Member
or if the project is already bundling third party offers.

So they still bundle in their extra 3rd party offers without the maintainer's permission if the maintainer uses them as well? That still seems a bit sketchy to me.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
At this time, we present third party offers only with a few
projects where it is explicitly approved by the project developer, or
if the project is already bundling third party offers.

yo dawg bundled crapware.png

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
 ;D

softpedia is still good, the downloads I have tried any way

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
It's things like these that make me wish we had "expendable" people who could infiltrate as a low level staffer, sit in a couple of these meetings, then whistleblow the exact transcript portions of how these companies come to these decisions.

"Well, they are bundling 3rd party stuff, so Legal says that takes away their "defense of innocence" so we can too! The extra $4,233 of revenue will go into next month's quarterly report. The 40k of lost good will will then be written off at the best time Accounting says the net benefit to us is best, most likely Fiscal 01 next year for tax usage. ... Oops. Finance is reporting the lost goodwill at 227K, way higher than my brother's nephew's guess of 40. So okay, we stop the bundling... for now!"


app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
And now someone comes forward with this useful info site: http://helb.github.i...goodbye-sourceforge/

Which, among other things, includes this advice:

How can I help?

If you agree that SourceForge is in fact distributing malicious software under the guise of open source projects, report them to google. Ideally this will help remove them from search results, prevent others from suffering their malware and provide them with incentive to change their behavior.