Warning: Don't Download Software From SourceForge If You Can Help It

本帖最後由 toylet 於 2015-6-9 03:08 編輯

"SourceForge are (sic) abusing the trust that we and our users had put into their service in the past," according to the GIMP project. Since 2013, SourceForge has been bundling junkware along with their installers — sometimes without a developer's permission.

Don't download software from SourceForge if you can help it. Many open-source projects now host their installers elsewhere, and the versions on SourceForge may include junkware. If you absolutely have to download something from SourceForge, be extra careful.

Yes, SourceForge Is One of the Bad Download Websites

When we wrote about what happens when you install the top ten apps from CNET Downloads, about half of the... [Read Article]

SourceForge built up a lot of goodwill in the past, being a centralized place for downloading open-source software and hosting software repositories. Over the years, more projects have moved to other repository-hosting services like GitHub.

In 2012, Dice Holdings purchased SourceForge (and Slashdot) from Geeknet. In 2013, SourceForge enabled a feature named "DevShare." DevShare is an opt-in feature developers can enable for their own projects. If a developer enables this feature, you’ll download their software from SourceForge to find that it's been wrapped in SourceForge's own installer, which pushes intrusive junkware onto your system. SourceForge and developers make money by foisting this software on you, just as practically every other download site and freeware distributor does on Windows.

DevShare does require a project owner "opt in" to enable this feature on their project, although they're now hosting a variety of projects bundled with junkware against the wishes of their developers.

Some projects have chosen to jump onboard the DevShare train on their own, and that's their own choice. FIleZilla was an early participant, and FileZilla's developer responded to concerns:
  1. "This is intentional. The installer does not install any spyware and clearly offers you a choice whether to install the offered software."
Chrome blocked us from downloading FileZilla from SourceForge's website, warning that it "may harm your browsing experience."

SourceForge and GIMP

GIMP is a popular open-source image editor — it's basically the open-source community's answer to Photoshop. In 2013, GIMP's developers pulled the GIMP Windows downloads from SourceForge. SourceForge was full of misleading advertisements masquerading as "Download" buttons — something that's a problem all over the web. SourceForge then rolled out its own Windows installer filled with junkware, and that was the straw that broke the camel's back. In response, the GIMP project abandoned SourceForge and began hosting their downloads elsewhere.

In 2015, SourceForge pushed back. Considering the old GIMP account on SourceForge "abandoned," they took control over it, locking out the original maintainer. They then put GIMP downloads back up on SourceForge, wrapped in SourceForge's own junkware-filled installer. If you're downloading GIMP from SourceForge, you're getting a version filled with junkware, one that GIMP's developers don't want you to use. SourceForge says they're providing a valuable service to people looking to download open-source software, but GIMP's developers strongly disagree.

Update: After a lot of negative press, SourceForge has changed their stance. "At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer," SourceForge wrote in a statement. Given their past actions and the "at this time" wording in their statement, we'd recommend you steer clear of SourceForge anyway. They no longer deserve the trust of the open-source community.

It's Not Just the GIMP

Other developers didn't actually choose to enable DevShare. GIMP is currently listed as "brought to you by: sf-editor1″ on SourceForge. Click through to sf-editor1's list of projects and you'll see quite a few projects hosted by SourceForge itself, from Audacity and OpenOffice to Firefox.

Click through to a project's official website and you'll find actual download links. For example, Audacity's homepage redirects you to FOSSHUB to download Audacity, not SourceForge. But searching for "Audacity" on Google still brings up the SourceForge page as the top result.

Although SourceForge may no longer be bundling these applications with junkware for the moment, the SourceForge website is still full of misleading advertisements that point you to installers full of junkware.

Avoid SourceForge Downloads

Avoid using SourceForge to download software. Even if it comes up first in a Google search, skip SourceForge and head to the software project's official download page. Follow the links to download the program from somewhere else — there's a good chance the project has moved away from SourceForge and offers clean download links elsewhere.

Or, better yet, skip all the usual downloading and install the most useful applications using Ninite. Ninite is the only safe centralized Windows freeware download site we've found.

If you do have to download from SourceForge, be careful to avoid the downloads that include the SourceForge installer. Go out of your way to grab the direct downloads instead.

And, by the way, SourceForge is now bundling junkware with their Mac downloads too — just like Download.com and other websites. Even Mac users aren't safe, although we haven't seen DevShare extended to Linux PCs just yet. Everyone should avoid SourceForge downloads, whether you're running Windows or not.

Full article: http://www.howtogeek.com/218764/ ... if-you-can-help-it/


Yes, Every Freeware Download Site is Serving Crapware (Here's the Proof)
http://www.howtogeek.com/207692/ ... re-heres-the-proof/



我之前都中過 filezilla


我都係第一次認同你嘅share。試過中過一次伏搞到我要洗機之後都唔會再係嗰度dl ...
天宮葉月 發表於 9/6/2015 07:48

小人只是傳帖, 不是搏認同 poi!
見之前大家裝好多 freeware 都有廣告, 突見到這報導好似有關!




一向對sourceforge印象唔錯,好過CNET好多(雖然CNET都有得揀唔要自家installer),不過以後會留意多D。 ...
leave 發表於 2015-6-9 08:48 PM



TH30 發表於 2015-6-9 21:40

有D軟件可以揀Direct Download Link,不過好似只佔少數


有D軟件可以揀Direct Download Link,不過好似只佔少數
leave 發表於 2015-6-9 10:31 PM



我之前都中過 filezilla
TH30 發表於 2015-6-9 08:23



同意, 發現左之后一直都沒有再下載