Sourceforge is essentially a gigantic set of Google doorway pages which MITM downloads initiated by unsuspecting (largely non-technical) Internet users of popular free-as-in-beer projects. They're open about doing this. <a href="https://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-just-abandoned/" rel="nofollow">https://sourceforge.net/blog/gimp-win-project-wasnt-hijacked...</a><p>These "mirror" (MITM) pages outrank the authoritative sites for many projects because Sourceforge has been around for 10+ years and has superior trust/backlink profiles compared to the newer author-blessed sites which presently host the software. Gimp is actually fortunate in this regard -- gimp.org is stickied to the top spot when searching [gimp] and Sourceforge floats around #8 or so.<p>Sourceforge should get hit with Google's standard penalty, which is "we smite your rankings with the hammer of an avenging god." <i>Minimally</i>, Google should at least tighten up their enforcement of AdWords policies. Their "installers" are per-se violations of the Unwanted Software Policy (<a href="http://www.google.com/about/company/unwanted-software-policy.html?hl=en" rel="nofollow">http://www.google.com/about/company/unwanted-software-policy...</a>).<p>How about it, resident Googlers?
To be honest I can't say I have any good memory of Sourceforge. It used to a heavy website with a confusing UI, and never really got better over the years. When Google Code started, I was glad I could move to it, and then GitHub.
If you're downloading open source software on Windows, friendly reminder to get it via Chocolatey rather than ever clicking on a download button. Chocolatey has reviewed, silent, direct, crapware free downloads of just about anything you'd want.<p><a href="https://chocolatey.org/packages" rel="nofollow">https://chocolatey.org/packages</a>
For a second there, I thought this was an official GitHub page and thought "Wow, those GitHub guys really have balls to attack SF that directly". But then I realized it is "helb" and not "help" in the URL.
I was shocked the other day when I went to grab FileZilla from SF, and my virus scanner tagged it for malware. I hadn't realized it had fallen so far as to bundle crapware. SF used to be my goto site for looking for weird open source stuff. Now I guess I will have to finally take SF off my list goto sites.<p>You either die a hero or live long enough to become the villain.
I've found that Sourceforge is still the only place you can get a lot of good-but-unmaintained software. I was there just the other week for the Saxon project[1], and it was painful to see how low SF have sunk.<p>I wonder if it would be possible (and legal) for somebody who isn't the project owner to copy some of these unmaintained projects into another system?<p>[1] <a href="http://sourceforge.net/projects/saxon/" rel="nofollow">http://sourceforge.net/projects/saxon/</a>
If I were a project manager who run a sourceforge account the last thing I would do now is abandon it.<p>Why? Because SF have proven if I were to do so they'd take my work under my name and bundle their crap into it. The only way to stop that is to keep it active.<p>That feeling of being trapped into a terrible system because it'll screw over people even worse if you leave.
Perhaps it is worth asking the mirror services to put some pressure on as well as the content creators?<p>These are two popular mirrors in the UK & Ireland (both academic institutions):<p><a href="http://www.mirrorservice.org/" rel="nofollow">http://www.mirrorservice.org/</a> (University of Kent)<p><a href="http://ftp.heanet.ie/" rel="nofollow">http://ftp.heanet.ie/</a> (Ireland’s National Education and Research Network)
Can Archive.org/etc backup all the open source projects from Sourceforge.org and Google Code? It would be a big loss if the unmaintained but often still very useful source code get lost forever.
Well, to be honest, this is exactly where Sourceforge has been headed for years and years. You could look at its behavior years ago and say "Yeah, follow this out on a line" and see this exact situation in the crystal ball. Sourceforge has been scummy (and getting scummier) for years and years.
Author here. Thanks for your pull requests, I added some of the suggested services. Maybe some comparison table (like the one at Wikipedia) would be better than a simple list.<p>About that help/helb confusion mentioned here – sorry about that, it's not intentional, it's just my nickname since 2nd grade or so.
I like how you don't have an option to shut down your project to help clear those links from Google. Either you keep it up to date or SF will "step in" and do it for you.
May be worth noting that GitHub supports SVN as well (<a href="https://help.github.com/articles/support-for-subversion-clients/" rel="nofollow">https://help.github.com/articles/support-for-subversion-clie...</a>), I believe some of the others do as well IIRC.<p>May be important to some legacy projects trying to get off of SF.
I still have a project hosted on Sourceforge (<a href="http://sourceforge.net/projects/pinyinput/" rel="nofollow">http://sourceforge.net/projects/pinyinput/</a>).<p>They haven't injected their own installer on downloads so for the time being I leave it there because I'm too lazy to move it off.<p>A while back I did move the main project page to its own domain, so I'm only really using Sourceforge for downloads and source control (although the project is stable and hasn't had commits for a long time so not even that really).
Ah the old days when Sourceforge and Freshmeat were some of the go to places for OSS when I was learning Linux in the 90s. Occasionally I'll end up back at SF somehow and man how terrible it has become. Makes you really appreciate places like Github now a days.
Whenever I've had to go to a sourceforge page to download software I always think, ugh I have to deal with this crap again? (UI, annoying redirects, can't find correct versions, etc) I honestly never understood why developers used the website for distributing binaries, I understand code hosting, but not the distribution (this was before they hijacked stuff).<p>Hopefully, this will hit a chord with enough projects that they will altogether stop using sourceforge.
Guilt by association? Perhaps SF is not the true source of badness/malware but instead they tend to host the projects most likely to include such malware.
I like that they open-sourced their engine. <a href="https://allura.apache.org/" rel="nofollow">https://allura.apache.org/</a>
I still land on SF now and then, to download sources that are hosted there. But that only happens because another site's “Download” button sent me there. In the beginning I was very impressed with SF. But as others have said, the UI is rather confusing and those ads they've been showing would devalue any site they run on to “lower-tier crap you need rubber gloves for”. A sad development.
Someone posted it to Reddit, discussion here: <a href="http://www.reddit.com/r/programming/comments/37pz5x/" rel="nofollow">http://www.reddit.com/r/programming/comments/37pz5x/</a>
I'm really surprised at how many people in this thread are Windows users frankly. I just presumed that most YC commenters were OS X/Linux people with a few FreeBSD, etc.. OSes floating around.