Jump to content

How far the once mighty SourceForge has fallen…


Recommended Posts

When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy.  (baring unintentional bugs)


They do not expect the software to be a source of “drive by installer†style malware, spyware, adware, or any other unrelated/unintended software.


SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust.


With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them.

View the full article

Link to comment
Share on other sites

The article makes it sound like all downloads from SourceForge try to install foistware, but that's not the case - many projects are not doing this. One is too many though. It's disgusting; SourceForge use to have higher standards. Any developers who go along with this should be ashamed.

Link to comment
Share on other sites

Well that's worthy of a :megarant:


Don't know who "Dice" are, but this behaviour is going to make them well known for all the wrong reasons. Not so much famous as infamous.




Having declined the "offer" of the crapware, what do you get? do you eventually get the true installer at all?


It's notable what appears on the filezilla-project* website itself, on the download page:



This installer may include bundled offers. Check below for more options


If you then open up the "show all" option on the download page, the above warning disappears.


If you hover over the download link, with your mouse, you then find out why there is no more warning  -- the download of the installer is no longer from SourceForge, but from http://download.filezilla-project.org/ itself!




*NB: The website URL for FileZilla is https://filezilla-project.org/ NOT, repeat NOT filezilla DOT org


Link to comment
Share on other sites

The way these things generally work, you never do get a true installer - you download the stub installer, it downloads the program to a temp file - along with other junk if you're not careful - and runs the install. Then it's gone, you've got nothing except the stub installer. If you should need to re-install, or you have multiple computers you want to install on, you have to go through the whole process again each time.

Link to comment
Share on other sites

The only way to tell is to try the download links and see. I use Free Download Manager, which displays the size and URL of the download before you approve it, makes it easy to check. I tried several before I hit one that was a stub installer, PDF Creator. I actually downloaded it, just to be sure - it was a different installer than FileZilla is using, but it also tries to trick you into installing extra software.


It would take forever to check them all, so I didn't go any further. The others I tried, that didn't use the stub installers, were Apache OpenOffice, Simplicity Linux, and FreeCol. I salute them.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...