NewsBot Posted September 15, 2013 Posted September 15, 2013 When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy. (baring unintentional bugs) They do not expect the software to be a source of “drive by installer†style malware, spyware, adware, or any other unrelated/unintended software. SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust. With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them. View the full article Quote
Administrator Tarun Posted September 17, 2013 Administrator Posted September 17, 2013 This really is a scumbag move and it's a shame to see FileZilla is taking part in it. Quote
greenknight Posted September 17, 2013 Posted September 17, 2013 The article makes it sound like all downloads from SourceForge try to install foistware, but that's not the case - many projects are not doing this. One is too many though. It's disgusting; SourceForge use to have higher standards. Any developers who go along with this should be ashamed. Quote
Administrator Tarun Posted September 18, 2013 Administrator Posted September 18, 2013 I agree. It really is a shame that FileZilla is doing this. Maybe they'll switch to Git. Quote
James_A Posted September 21, 2013 Posted September 21, 2013 Well that's worthy of a Don't know who "Dice" are, but this behaviour is going to make them well known for all the wrong reasons. Not so much famous as infamous. Having declined the "offer" of the crapware, what do you get? do you eventually get the true installer at all? It's notable what appears on the filezilla-project* website itself, on the download page: This installer may include bundled offers. Check below for more options If you then open up the "show all" option on the download page, the above warning disappears. If you hover over the download link, with your mouse, you then find out why there is no more warning -- the download of the installer is no longer from SourceForge, but from http://download.filezilla-project.org/ itself! *NB: The website URL for FileZilla is https://filezilla-project.org/ NOT, repeat NOT filezilla DOT org . Quote
greenknight Posted September 21, 2013 Posted September 21, 2013 The way these things generally work, you never do get a true installer - you download the stub installer, it downloads the program to a temp file - along with other junk if you're not careful - and runs the install. Then it's gone, you've got nothing except the stub installer. If you should need to re-install, or you have multiple computers you want to install on, you have to go through the whole process again each time. Quote
Administrator Tarun Posted September 22, 2013 Administrator Posted September 22, 2013 I'm wondering what other Sourceforge apps have done this. Quote
greenknight Posted September 23, 2013 Posted September 23, 2013 The only way to tell is to try the download links and see. I use Free Download Manager, which displays the size and URL of the download before you approve it, makes it easy to check. I tried several before I hit one that was a stub installer, PDF Creator. I actually downloaded it, just to be sure - it was a different installer than FileZilla is using, but it also tries to trick you into installing extra software. It would take forever to check them all, so I didn't go any further. The others I tried, that didn't use the stub installers, were Apache OpenOffice, Simplicity Linux, and FreeCol. I salute them. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.