If SourceForge were a person and I were the New York Times, I’d make certain I had an obituary on file right about now. It’s obvious that the once essential code repository for open source projects is terminally ill, although it’s just as obvious that Dice Holdings, which took over ownership of the site nearly three years ago, has no plans of letting SourceForge go gently into the good night, so we’ll probably see more kicking and noise-making until the lights are inevitably extinguished.
Newer converts to open source probably don’t know much about the site, but it wasn’t long ago when Linux users were very aware of SourceForge and how to use the service, at least well enough to download software — perhaps more aware than they wanted to be. It was the go-to site when looking for a program not available in a particular distro’s repository. Not anymore. Not for a while. These days, the more important projects have either migrated to GitHub or are hosting their own.
Not that SourceForge was ever a great open source player, despite being the first to offer a central location for FOSS developers to manage their projects’ code, and offering this service at no charge.
The site was founded in 1999 by VA Linux Systems (now Geeknet). Not long after that, the company took control of Andover.net, which gave it some very popular media sites, including Slashdot, Freshmeat, NewsForge, linux.com and ThinkGeek. The deal also put even more online software development resources under its control.
In the early days, SourceForge ran on free software, with the source code being available to the public. That changed after November, 2001, with the last release of the SourceForge code under a free license. After that, the site was powered by SourceForge Enterprise Edition under a proprietary license, although there are forks of the original open source code still under active development. In June, 2012, about three months before selling the service, Geeknet released SourceForge’s underlying software, now called Allura, under the permissive Apache license.
Iowa based Dice Holdings took control of the service in September, 2012, and under their leadership all heck has broken loose.
Those of us who weren’t paying too much attention to the comings and goings around the site, first became aware that all wasn’t honey and roses in the SourceForge realm in late 2013, when the crown jewel of FOSS photo manipulation programs, GIMP, announced they were quitting SourceForge, citing two issues. First, GIMP’s developers were concerned about deceptive “Download Here” ads appearing on their SourceForge page, ads that were evidently supplied by Google’s Adsense service. The second issue was a bit more worrisome and concerned third party software offers being bundled with FOSS downloads in SourceForge’s Windows’ installer.
According to SourceForge, the software offers were a way for open source projects to raise funds, and that including the offers in a project’s download was “opt in,” meaning that project administrators were free to use or reject the monetization tool. The company quickly jumped into damage control, and by February, 2014, had writers such as Simon Phipps at InfoWorld singing the site’s praises:
“Obviously I’m delighted SourceForge has been listening, both to me and, more important, to its community members. Devising monetization approaches for open source software downloads is a tough problem, and SourceForge seems to be learning as it goes and in the process setting a standard for others to beat.”
That turned out to be only a calm before another storm. By last Tuesday (June 2), Phipps had changed his tune, in an article titled SourceForge Commits Reputational Suicide:
“The venerable project hosting service SourceForge may have finally crossed the line into irrelevance following an abuse of trust related to the GIMP project.”
Indeed, from a PR standpoint the last few weeks haven’t been good for SourceForge. The latest round of controversy started when the site decreed GIMP’s Windows’ download page “abandoned” and began mirroring the official download site, but inserting software offers within the downloads. GIMP, of course, hasn’t been too happy with that.
Then, on June 3, developer Gordon Lyon with Nmap, a security auditing tool, announced that the project had similar experience:
“The old Nmap project page is now blank. Meanwhile they have moved all the Nmap content to their new page which only they control. So far they seem to be providing just the official Nmap files (as long as you don’t click on the fake download buttons) and we haven’t caught them trojaning Nmap the way they did with GIMP. But we certainly don’t trust them one bit!”
About the same time, we heard from Ludovic Fauvet, founder and CTO of Videolabs SAS, developer of VLC media player which was once SourceForge’s most downloaded project. VLC quit using SourceForge at about the same time as GIMP, and are now evidently receiving the same treatment.
“Fast forward, end of May 2015 we heard about the Gimp binaries being bundled with the SourceForge installer and their admin access taken over by some sf-editor1. We were quite surprised to discover that the same happened to VLC, the project has been taken over without notice, removing all access to it but luckily the binaries weren’t touched. Maybe because we’re now signing all of them for the Windows platform. And we’re now trying to get our access restored to avoid any further damage.”
It’s time for developers and software users alike to abandon this platform. Softpedia reported yesterday that WINE is planning an exit. Other projects are sure to follow. If I were a developer, I’d be moving, if for no other reason than I’d be afraid I’d wake up one morning to find the site shuttered.
Editor’s note: Article updated on Sunday, June 14, 2015 at 10:05 P.M. to change reference to Apache license from “copyleft” to “permissive.”
We need you to help us make FOSS Force even better. Our IndieGoGo campaign ends on Monday, and we are far short of meeting our goal. If you enjoyed this article, please visit our IndieGoGo page and make a small contribution to our fundraising campaign. Every little bit helps.
Latest posts by Christine Hall (see all)
- New IoT Botnet, Attackers Target Tor, and More… - December 3, 2016
- What Malware Is on Your Router? - November 30, 2016
- Mickey Mouse Open Source, Close Call at WordPress, and More… - November 25, 2016