OFFICIAL SECURITY BLOG
November 8, 2013 | BY Jean Taggart
Are we are starting to see the beginning of an exodus away from SourceForge as a hosting solution for software projects?
Sourceforge is “a web-based source code repository. It acts as a centralized location for software developers to control and manage free and open source software development.” as per their wiki.
It has been a staple of many computer users for a number of years now.
Need to download Filezilla, one of the best FTP clients? It’s hosted on Sourceforge. VLC, one of the most capable video players? Also hosted on there. Apache Open Office, a free alternative to the Microsoft products? You guessed it. It’s on Sourceforge.
At the same time we are seeing some disturbing events taking place. Some projects are leaving Sourceforge, citing changes in their behavior in regards to advertising methods as their reason.
There is a blurb on the business model section of their wiki that I find quite revealing:
“More recently additional revenue generation schemes, such as bundleware models, have been trialled, with the goal of further improving sourceforge’s revenue.”
Sourceforge has recently changed ownership, and it is becoming apparent the new caretakers are trying new things.
A big player to jump ship is “GIMP”. A free and open source graphic editor, similar to Photoshop. Here is an excerpt from their blog:“In the past few months, we have received some complaints about the site where the GIMP installers for the Microsoft Windows platforms are hosted. SourceForge, once a useful and trustworthy place to develop and host FLOSS applications, has faced a problem with the ads they allow on their sites – the green “Download here” buttons that appear on many, many adds leading to all kinds of unwanted utilities have been spotted there as well. The tipping point was the introduction of their own SourceForge Installer software, which bundles third-party offers with Free Software packages. We do not want to support this kind of behavior, and have thus decided to abandon SourceForge.”
The most often mentioned software that is exhibiting this behavior is Filezilla, but only the windows installer. I had to verify this, to confirm these claims.
We have recently revisited our stance on PUP’s and as far as adware laden installers go, I’ve seen worse. Filezilla has mentioned that they opted out of the Ask.com toolbar, showing that they have some control over the offers that are bundled with their product.
I am not against all advertising based sponsors. However, when you navigate dark patterns, such as the emphasised green ‘Accept’ buttons to benefit the partner offer, you potentially paint a poor image of what has otherwise been known as a reputable site.