“It appears that SourceForge took control of the 'GIMP for Windows' account”

166 点作者 patdavid将近 10 年前

18 条评论

scrollaway将近 10 年前

Reposting what I wrote on the Reddit thread:I'm one of the lead devs of LXQt and an LXDE sysadmin. We use Sourceforge for our mailing lists and some LXDE legacy stuff.I'm absolutely sick of them. It's not the first time this has happened. I've been pushing for us to move off SF for a while and this is a good occasion to push for it harder.I've sent an email [1] detailing plans to move. I am urging everyone who still has projects on Sourceforge to do the same.If you have similar migration problems to solve as the ones I've highlighted in the email, please contact me directly and we can share the workload. My email is available on my Github profile [2].[1] <a href="http://sourceforge.net/p/lxde/mailman/message/34148903/" rel="nofollow">http://sourceforge.net/p/lxde/mailman/message/34148903/</a> [2] <a href="https://github.com/jleclanche" rel="nofollow">https://github.com/jleclanche</a>

etix将近 10 年前

This is precisely for these reasons we stopped distributing VLC via SF.net in 2013. I even wrote about it: <a href="https://blog.l0cal.com/2013/05/02/rethinking-vlc-mirrors-infrastructure/" rel="nofollow">https://blog.l0cal.com/2013/05/02/rethinking-vlc-mirrors-inf...</a>

评论 #9612799 未加载

评论 #9613699 未加载

jbk将近 10 年前

Our VLC account has been taken too by sf-editor-1.Fortunately, we've moved to our mirror infrastructure since quite some time, and it's faster and way better.Btw, if any other open source project needs help to distribute their binaries (because of the size), please contact me.PS-EDIT: signing the installer was a good idea, I guess :)

评论 #9617158 未加载

geofft将近 10 年前

What are the reasons for people to use SourceForge today? Why hasn't everyone else (especially major projects like GIMP and Audacity) moved off?Here are some possibilities I can think of, but I'm curious if they're correct:- Mailing list hosting- Non-git repository hosting, for projects that prefer CVS or SVN- Shell account (though it doesn't seem very useful)- Features GitHub has but few others do (binary hosting, website hosting, etc.) and the project wants to avoid GitHubAre there others?

评论 #9612816 未加载

评论 #9613129 未加载

评论 #9613535 未加载

评论 #9617160 未加载

JohnTHaller将近 10 年前

SourceForge made a blog post about the GIMP project here: <a href="http://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-just-abandoned/" rel="nofollow">http://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-...</a>It appears they switched the GIMP project on SF back to directly downloading the standard GIMP installer, at least that's what I see right now in Firefox at 3:30pm NYC time.

评论 #9613858 未加载

评论 #9615779 未加载

daveloyall将近 10 年前

As noted in other comments, the GIMP installer on <a href="http://sourceforge.net/projects/gimp-win/files/" rel="nofollow">http://sourceforge.net/projects/gimp-win/files/</a> is now bit-for-bit identical to the one on <a href="http://download.gimp.org/pub/gimp/v2.8/windows/" rel="nofollow">http://download.gimp.org/pub/gimp/v2.8/windows/</a> (let's call this one official).Does anybody have a copy of the "value added" installer?How did it work? Was it a wrapper which contained a copy of the official installer? Did it have the same filename? Was there some identifier in the URL? A cookie?In other words, can we programmatically identify other hijacked projects?

评论 #9614420 未加载

评论 #9614320 未加载

Karunamon将近 10 年前

Wow. Is this legally actionable? Yeah yeah, their server and so forth, but pretending to be somebody is generally seen as a Bad Thing© by the courts.

评论 #9612777 未加载

cillian64将近 10 年前

Is there anything suggesting it's SourceForge itself doing this and not just (an improbably widespread, admittedly) set of account breaches? It makes sense -- acquire accounts, enable ads, profit.

评论 #9612601 未加载

kierank将近 10 年前

The number of people casually suggesting github for large binaries on HN is incredible and funny. They should try downloading something from github in Asia and they'll learn why local mirrors are useful.

ajohnclark将近 10 年前

I think this pretty much explains why this happened, a quote from their parent company here: "2005 - IN AUGUST, WE ARE ACQUIRED BY DICE HOLDINGS, INC., WHICH IS OWNED EQUALLY BY GENERAL ATLANTIC LLC AND QUADRANGLE LLC, PRIVATE EQUITY FIRMS IN NEW YORK CITY." via: <a href="http://www.dhigroupinc.com/our-company/default.aspx" rel="nofollow">http://www.dhigroupinc.com/our-company/default.aspx</a>

评论 #9619404 未加载

subudeepak将近 10 年前

Any other projects affected ? Would be nice to start a list of all affected projects. This could also be a case of targeted attack on the gimp account.

评论 #9612277 未加载

评论 #9612290 未加载

评论 #9612390 未加载

评论 #9612245 未加载

j_s将近 10 年前

Reviewing the meager amount of Twitter chatter it appears SourceForge had cemented its irrelevance before this craziness.

hobarrera将近 10 年前

In this age of GitHub being huge, and GitLab being the purely open-source choice, this can't really end well for SF.They really really need to up their game if they want to stay relevant. Most of the stuff I find pointing me to SF these days is usually abandoned (GIMP and Pidgin are probably notable exception).

SamWhited将近 10 年前

I'll still never understand why people don't move off of SourceForge; GitHub and Bitbucket (among others) are almost feature complete, and for the things that they're missing (mailing lists) there are plenty of free alternatives out there that are fairly easy to port.

unhammer将近 10 年前

More details: <a href="http://libregraphicsworld.org/blog/entry/anatomy-of-sourceforge-gimp-controversy" rel="nofollow">http://libregraphicsworld.org/blog/entry/anatomy-of-sourcefo...</a>

yuhong将近 10 年前

I wonder what would happen if Google or Yahoo! acquired them.

dm2将近 10 年前

Is that enough to qualify SourceForge as malicious and ask that it be removed from Google's search results?

naveen99将近 10 年前

Pywin32 also should find a new home or maybe a reimplementation in golang.