Controversial Privacy/Cookie policy change from Github

The source

A comment.

1 Like

I can’t prove that’s it’s related, but I think is interesting enough to share…
On homepage of there’s some kind of note/advertise about a tool for sync projects from GitHub to SourceForge.
For anyone interested, there’s the link.
SourceForge Support / Documentation / GitHub Importer
I’m not suggesting or implying in any way that projects should be moved away from GitHub, but as my personal opinion, SourceForge is trying to gain more traction and success about this cookie situation to Github, and considered the thing interesting enough to spread the word.

Ack! Sourceforge has to be the worst such site out there. Design is stuck in the '90s, it’s impossible to download a whole repo in one go, and that’s even ignoring their history of bundling malware with downloads.

Interesting experience, thank you.
However: would you please elaborate a bit more this sentence

pretty please, with sugar on top?


Although this indicates it wasn’t “malware” as such, but “junkware.”

Thanks for recalling that.
I stumbled upon that issues several years ago, using Filezilla links. Which led me to a file that came with some unwanted luggage (aka the junkware). After a “wait, what???” moment, crapware and Filezilla went to the thrash, the “not installer software” disrupted and a true copy of Filezilla installer arrived on the computer.

The disturbing part to me goes with this.

GIMP is a popular open-source image editor — it’s basically the open-source community’s answer to Photoshop. In 2013, GIMP’s developers pulled the GIMP Windows downloads from SourceForge. SourceForge was full of misleading advertisements masquerading as “Download” buttons — something that’s a problem all over the web. SourceForge then rolled out its own Windows installer filled with junkware, and that was the straw that broke the camel’s back. In response, the GIMP project abandoned SourceForge and began hosting their downloads elsewhere.

In 2015, SourceForge pushed back. Considering the old GIMP account on SourceForge “abandoned,” they took control over it, locking out the original maintainer. They then put GIMP downloads back up on SourceForge, wrapped in SourceForge’s own junkware-filled installer. If you’re downloading GIMP from SourceForge, you’re getting a version filled with junkware, one that GIMP’s developers don’t want you to use. SourceForge said they were providing a valuable service to people looking to download open-source software, but GIMP’s developers strongly disagree.

Being polite, i found the takeover of the account and the re-upload of the Windows files for GIMP at 12/10 rate of “bad decision”, moreover due to the fact that the disclose of the act was not done “with SourceForce badge”, but with “GIMP Project badge”.
The distributor/host is not directly responsible of crap being made available through its services, but must comply to removal request if some crap goes up. Neverthless, assuming the “project identity” is nasty, to say the least. I mean: SourceForge (on its servers and in its spaces) could easily put a project on with own name saying “hey, we like to distribute this software because it’s great!”. If there’s no malice in that, why assume some other identity?

As state before, SF anyway is providing that. And thanks to @danb35 now we know something more about SF history.

1 Like

I’d think, if someone wanted to migrate from GitHub, GitLab would be the obvious place to go. You’re still using git, and they seem to be able to migrate projects quite nicely. You can self-host it too, if you like–or use Phabricator, or doubtless other projects. I know people are still using SourceForge, but I honestly don’t know why.

A firewall distro project is also hosted on SF. Maybe is too much hassle change the provider? IDK.