Press "Enter" to skip to content

SourceForge Not Making A Graceful Exit

If SourceForge were a person and I were the New York Times, I’d make certain I had an obituary on file right about now. It’s obvious that the once essential code repository for open source projects is terminally ill, although it’s just as obvious that Dice Holdings, which took over ownership of the site nearly three years ago, has no plans of letting SourceForge go gently into the good night, so we’ll probably see more kicking and noise-making until the lights are inevitably extinguished.

SourceForge logoNewer converts to open source probably don’t know much about the site, but it wasn’t long ago when Linux users were very aware of SourceForge and how to use the service, at least well enough to download software — perhaps more aware than they wanted to be. It was the go-to site when looking for a program not available in a particular distro’s repository. Not anymore. Not for a while. These days, the more important projects have either migrated to GitHub or are hosting their own.

Not that SourceForge was ever a great open source player, despite being the first to offer a central location for FOSS developers to manage their projects’ code, and offering this service at no charge.

The site was founded in 1999 by VA Linux Systems (now Geeknet). Not long after that, the company took control of, which gave it some very popular media sites, including Slashdot, Freshmeat, NewsForge, and ThinkGeek. The deal also put even more online software development resources under its control.

In the early days, SourceForge ran on free software, with the source code being available to the public. That changed after November, 2001, with the last release of the SourceForge code under a free license. After that, the site was powered by SourceForge Enterprise Edition under a proprietary license, although there are forks of the original open source code still under active development. In June, 2012, about three months before selling the service, Geeknet released SourceForge’s underlying software, now called Allura, under the permissive Apache license.

Iowa based Dice Holdings took control of the service in September, 2012, and under their leadership all heck has broken loose.

Those of us who weren’t paying too much attention to the comings and goings around the site, first became aware that all wasn’t honey and roses in the SourceForge realm in late 2013, when the crown jewel of FOSS photo manipulation programs, GIMP, announced they were quitting SourceForge, citing two issues. First, GIMP’s developers were concerned about deceptive “Download Here” ads appearing on their SourceForge page, ads that were evidently supplied by Google’s Adsense service. The second issue was a bit more worrisome and concerned third party software offers being bundled with FOSS downloads in SourceForge’s Windows’ installer.

According to SourceForge, the software offers were a way for open source projects to raise funds, and that including the offers in a project’s download was “opt in,” meaning that project administrators were free to use or reject the monetization tool. The company quickly jumped into damage control, and by February, 2014, had writers such as Simon Phipps at InfoWorld singing the site’s praises:

“Obviously I’m delighted SourceForge has been listening, both to me and, more important, to its community members. Devising monetization approaches for open source software downloads is a tough problem, and SourceForge seems to be learning as it goes and in the process setting a standard for others to beat.”

That turned out to be only a calm before another storm. By last Tuesday (June 2), Phipps had changed his tune, in an article titled SourceForge Commits Reputational Suicide:

“The venerable project hosting service SourceForge may have finally crossed the line into irrelevance following an abuse of trust related to the GIMP project.”

Indeed, from a PR standpoint the last few weeks haven’t been good for SourceForge. The latest round of controversy started when the site decreed GIMP’s Windows’ download page “abandoned” and began mirroring the official download site, but inserting software offers within the downloads. GIMP, of course, hasn’t been too happy with that.

Then, on June 3, developer Gordon Lyon with Nmap, a security auditing tool, announced that the project had similar experience:

“The old Nmap project page is now blank. Meanwhile they have moved all the Nmap content to their new page which only they control. So far they seem to be providing just the official Nmap files (as long as you don’t click on the fake download buttons) and we haven’t caught them trojaning Nmap the way they did with GIMP. But we certainly don’t trust them one bit!”

About the same time, we heard from Ludovic Fauvet, founder and CTO of Videolabs SAS, developer of VLC media player which was once SourceForge’s most downloaded project. VLC quit using SourceForge at about the same time as GIMP, and are now evidently receiving the same treatment.

“Fast forward, end of May 2015 we heard about the Gimp binaries being bundled with the SourceForge installer and their admin access taken over by some sf-editor1. We were quite surprised to discover that the same happened to VLC, the project has been taken over without notice, removing all access to it but luckily the binaries weren’t touched. Maybe because we’re now signing all of them for the Windows platform. And we’re now trying to get our access restored to avoid any further damage.”

It’s time for developers and software users alike to abandon this platform. Softpedia reported yesterday that WINE is planning an exit. Other projects are sure to follow. If I were a developer, I’d be moving, if for no other reason than I’d be afraid I’d wake up one morning to find the site shuttered.

Editor’s note: Article updated on Sunday, June 14, 2015 at 10:05 P.M. to change reference to Apache license from “copyleft” to “permissive.”

We need you to help us make FOSS Force even better. Our IndieGoGo campaign ends on Monday, and we are far short of meeting our goal. If you enjoyed this article, please visit our IndieGoGo page and make a small contribution to our fundraising campaign. Every little bit helps.


  1. Michael McCallister Michael McCallister June 11, 2015

    Excellent review of this history. A lesson reinforced: A community must own its most important institutions.

    One question: Is DICE Holdings the same company as the DICE job site?

  2. Christine Hall Christine Hall Post author | June 11, 2015

    @Michael McCallister : Yup. is owned by Dice Holdings.

  3. Donald Campbell Donald Campbell June 12, 2015

    I first started shopping ThinkGeek because of SourceForge. I figured the outfit that provided such a wonderful clean source of open source software deserved my patronage.

    ‘Monetization tools’ are an anathema to the concept of open source. A fine example are ‘android apps’ with ‘in-line purchase’. Greed makes it impossible to actually find an app that provides what you need/want. ‘Free’ is not free, for certain definitions.

    I normally install any download first to a sandboxed virtual PC, but I also spend lots of time cleaning the ‘monetization trojans’ off the PCs of family and friends.

  4. Eddie. G Eddie. G June 12, 2015

    Wow. Just goes to show you that the community is the one running the show in the F.O.S.S. world and not any one particular entity.

  5. Uncle Ed Uncle Ed June 12, 2015

    I don’t know the motives of the people at SourceForge. I’d like to be charitable. I’ve wondered whether what is happening with them is less caused by malice and greed and more wanting to be a successful service as in the past but not thinking of how their efforts to pay the expenses would be perceived. They’ve been a big benefit to FOSS and I’ve used them a number of times myself. Having said that, I learned to select my “download” button carefully and to watch for yet another attempt by to install on my computer.

    I regret that some of the sites I’ve used regularly are antagonizing users and beginning to wear out their welcomes on our computers. Again, some of these may be simple lack of thought. Others may actually be a calculated guess of how big a stink a change is going to make and whether the increased income will make up for the number of users that are lost. I’d almost bet the PayPal TOS change such a calculation/guess. They might have thought it would just go through and we’d just take it, and didn’t anticipate at all that they’d make a splash in the Washington Post.

    I guess we’re living in interesting times.

  6. Stephen Green Stephen Green June 12, 2015

    I too am concerned about Sourceforge, it’s probably money.
    I’m a distro-hopper and I had come to rely on them for downloads. Lot’s of Linux projects came out of there. It’s
    too bad.

  7. Christine Hall Christine Hall Post author | June 14, 2015

    @Mike You’re 100% correct – somehow that slipped by me. Corrected and thanks for catching it.

  8. Joseph Mitzen Joseph Mitzen June 15, 2015

    Sourceforge aren’t doing anything wrong. They’re mirroring popular software that users may continue to look for on SourceForge (since they downloaded it from there previously). It’s completely permissible within open source licenses to bundle an extra opt-in software for revenue generation. This is no different than sites charging you $5 to send you a disk of otherwise free Linux. SourceForge needs to keep the lights on. The community is making another tempest in a teapot, just as it has been doing all too often lately with things like systemD.

  9. Mike Mike June 15, 2015


    > “Sourceforge aren’t doing anything wrong. They’re mirroring popular software”

    No they’re not. Mirroring means serving up the same binaries. They are surreptitiously adding extra crap that the authors of the software have publicly stated they don’t want added. They’ve hijacked control of those projects and refuse to give them back or allow them to be deleted.

    Sure, open source licenses might allow you to do stupid crap if you really want to, but that doesn’t mean everyone has to accept your stupid crap without complaint. Sourceforge is getting what they deserve for their betrayal of trust.

    Maybe it’s time for a new license that calls this kind of assinine behavior out.

  10. Momsa Momsa June 16, 2015

    The developer of Notepad++, Don Ho, announced that his project hosted on Sourceforge will be abandoned, and the source code will be hosted instead on Github. (Notepad++’s official downloads are self-hosted anyway.)

    … While sf-editor-1 takes over the control of the Firefox project hosted at Sourceforge.

  11. The Mystic The Mystic June 16, 2015

    Good thing I get my binaries directly from the authors’ websites whenever possible, and only use SourceForge and the like only if necessary. It takes a little longer to find and download, sure, but those extra few minutes are worth it so nothing piggybacks with the binary, or (a worse offense in my book) get forced to download a stub instead of the actual binary (I *HATE* downloading downloaders).

    I don’t mind that I have to uncheck installation of third-party software, though I admit it’s annoying; however, I *do* mind that sometimes they make it look like you can’t uncheck installation of unwanted crap. Then again, if I did want the extra software they’re pushing, I’d have downloaded it in the first place.

  12. Mike Mike June 16, 2015

    > “get forced to download a stub instead of the actual binary (I *HATE* downloading downloaders)”

    I’d rather build from source than do that. These days that’s pretty much what I do anyway.

    If someone can’t make their software available through standard means, then no thanks, I’ll pass. These days that means http, ftp, git, or torrent. Preferably most of the above.

  13. Benx Benx June 18, 2015

    Someone please set up another site like SourceForge. I’ve used it for many years for a reliable source of software. I’ve been able to ignore the fake Download buttons – but adding adware to the ware is NOT okay.

Comments are closed.

Breaking News: