
A Brief History of SourceForge, and a Look Towards the Future - jontro
https://sourceforge.net/blog/brief-history-sourceforge-look-to-future/
======
Lazare
Personally, I feel that the SourceForge brand has _negative_ value right now.
For me they burnt almost all of their goodwill during their long, long period
of neglect and stagnation, then went sharply negative when they started
distributing malware.

I'm willing to give the new team the benefit of the doubt; let's just assume
they want to create a high quality product. That's great, but I think the
first step is starting over with a non-tainted brand.

It may make sense to migrate existing projects and accounts across, or even to
build on top of the existing code base, just don't call it SourceForge.

~~~
mifreewil
Completely agree. Sourceforge, the brand, is so tainted I can’t even read this
on my phone, since a content blocker List I have installed has apparently
blocked the entire domain. The brand has been shit in my own mind for a while.
Not even going to bother reading this. Why does it still exist? Replaced by
GitHub, Bitbucket, and Gitlab.

~~~
DougMerritt
There's still old source code on Sourceforge that hasn't been moved elsewhere.

Some of that is 100% stagnant, some of that is lightly maintained with a bug
fix once every few years, and a little of it is somewhat actively maintained.

I always thought that Freshmeat, while not a hosting site and therefore not
comparable, was an ok brand, and didn't necessarily have to go inactive, even
though, yes, it couldn't keep up with everything. It could've continued to
play some interesting role.

~~~
squarefoot
I was just thinking of Freshmeat, that was a big loss to me as I found it much
easier to navigate compared to SF, at least back in the days: I rarely used SF
in like 10 years and stopped completely after they added malware to archives.

------
ahmedalsudani
History of SourceForge according to me:

\- forced users to look at ads and go through two steps in order to download
projects

\- when that was not enough, injected malware into the files users were
downloading

\- irrecoverably lost project information

I don’t think they can do anything to salvage their image at this point. The
last incident didn’t even inflict too much damage because there wasn’t much
left to SourceForge.

~~~
lokedhs
Many years ago me and a friend wrote an open source game and we hosted the
project on Sourceforge. This was some time in the late 90's. The project got
dropped as so many others do because both of us found more interesting things
to do.

Now, if you were in this situation and you decided to come back to the old
project a few years later (we're now in the early 2000's) wouldn't you expect
to be able to continue where you left off?

Not so with Sourceforge. I found that the entire project was deleted. I
contacted them and got the answer that it was indeed deleted because it hadn't
been touched in however many years it had been.

To give credit where credit is due, they were actually able to recover my code
from a backup and restore the project.

The point of this post was just to point out that they've done some user
hostile things for a very long time.

~~~
macspoofing
>Now, if you were in this situation and you decided to come back to the old
project a few years later (we're now in the early 2000's) wouldn't you expect
to be able to continue where you left off?

That's unfair. Back then, storage was expensive, backups were expensive,
bandwidth was expensive, server CPU time was expensive. You can't fault them
for removing unsupported projects in an era when Microsoft and Yahoo were only
giving you 10MB of email storage (you might get an extra 15MB for $10/mo) and
similarly aggressive purge policies.

~~~
lokedhs
That's a fair argument, but couldn't they at least have sent an email about
it?

~~~
macspoofing
I don't disagree with that. That would have been the right approach.

------
mmanfrin
To me, this is just another website. There is no history, that was burned when
it became an enormous cash grab. I understand they've been making a lot of
changes, but if they want tabula rasa, then they have it -- and they have to
offer something that entices people to use the product, not rely on the name
they inherited.

~~~
mifreewil
As someone else already pointed out, I don’t think they’ll be able to rely on
the name as it’s been severely tarnished beyond repair. They’ll have to rely
on something that is significantly better than what the GitHubs, Bitbuckets,
and Gitlabs are offering.

------
rhabarba
At least it does not belong to Microsoft yet. That seems to be important for
some people. ;-) (I actually laughed when I saw that SourceForge has a GitHub
importer now... SourceForge! Ha!)

On a more serious note: SourceForge has surely improved a lot, including not
shipping malware anymore. The only things that I'd improve are:

1) More reliable SVN servers. Yes, I "still" have SVN projects on SourceForge
because I lack motivation to change either the VCS or the hoster. But
SourceForge's servers sometimes don't like my attempts to pull from or push to
them. I blame the server admins, not the VCS.

2) A better code view. Just like Bitbucket's, SourceForge's code view
(especially for diffs) is a mess. That's the one big thing I always liked with
GitHub: Reading and comparing commits is perfectly clean.

3) A better project page. It always takes me a while to find the "Code" link
on those - although it's always in a similar place.

Good luck, SourceForge.

------
emacsen
In the late 90s, I was part of a project, which later became a non-profit
called Tux.org, who was trying to be an umbrella organization to help Linux
related FLOSS projects. We weren't quite at the model of a fiscal sponsor, but
Tux had mirrors of projects and the goal of helping others.

Then Sourceforge came out and I remember as a 20 year old trying to talk with
them about where they saw themselves in the community, and they were basically
dismissive of the work that we were doing.

Nonetheless, they had (at the time) flashy software that made them attractive
and many projects used them. They were genuinely the Github of their day.

The ultimate lesson of Sourceforge is three fold for me:

1\. Never trust a commercial entity that you aren't paying to be your single
repository

This applies to Sourceforge and Github, ultimately.

2\. Never use proprietary software as your core

Sourceforge, like Github, was proprietary and used that to keep people in.
Like Github, the interface to the internals were FLOSS (Subversion in SF's
case, git in Github's case).

2\. We need better verification/validation methods to handle malware

We need verified builds

------
zzzeek
who even owns sourceforge now? it's like coming across an antique toy, who
knows how many garage sales and antique stores it must have been living in
over the decades - a quick google reminds me it's been at least owned by VA
Software, Geeknet, Dice.com (!) and now apparently some company called BIZX.
from a usability standpoint, including the release process, the mailing list,
and everything else, the site was always of course awful, which wasn't so
unreasonable in 2002 but as the years and owners went by it just got worse and
worse. Along with the ads/malware, I took issue with it's silly practice that
you could never delete a project from it, because that would somehow be
denying the fact that you've promised your project is open source. Never mind
this means if you wanted to move to some other platform that an ancient
fossilized version of your code would stay on Sourceforge forever and confuse
users who were unfortunate to find it there first.

~~~
pvg
One of the principals posts about sourceforge occasionally:

[https://news.ycombinator.com/user?id=loganabbott](https://news.ycombinator.com/user?id=loganabbott)

There was an article about their (last?) acquisition a couple of years ago
where they commented at some length.

[https://news.ycombinator.com/item?id=11092219](https://news.ycombinator.com/item?id=11092219)

------
bachmeier
If SF wants to attract developers, they should support alternative version
control systems like fossil and darcs. I can't think of any reason to use SF
for a new project except possibly that you use mercurial and don't like
bitbucket. The market for git hosting is extremely competitive and they don't
bring much to the table.

~~~
gtirloni
That means a UI that has to take into account the idiosyncrasies of different
tools. It seems like a recipe for disaster, if focus is what SF needs now.

~~~
rhabarba
It works for Bitbucket (Mercurial and Git, although they don't advertise
Mercurial nearly as much as Git).

------
mataug
I wish them good luck and hope they can be a good competitor to gitlab and
github. Some competition is always good. I do hope, as unlikely as it is,
though that they move away from the Ad based revenue model.

I personally, am not interested in returning to SourceForge due to all reasons
articulated in other comments.

------
loganabbott
Hi, president of SourceForge here. Glad this is trending, albeit a few months
later. These articles seem to trend on HN every few months, with many people
not realizing SourceForge changed ownership in 2016 and that the new team's
been working hard on improving.

To be clear, we had nothing to do with the bundled adware decisions of 2015,
and when we took over in 2016, the first thing we did was remove the bundled
adware, as well as institute malware scans for every project on the site.

We're working hard to restore trust, so if we win some of you back that would
be cool. However, we're just focused on doing right by our million daily
users.

------
chrismorgan
Recent history of SourceForge: they migrate data centres, and some things got
broken and went missing for several _months_ , and in one of the two cases
I’ve checked ended up just disappearing completely, though that _could_ be the
project’s decision (specifically, when audacity.sourceforge.net started
working again, it didn’t actually, because links that used to work just
redirect to the project page).

------
paulie_a
Sourceforge is something I used extensively, they burned their reputation. I
don't care about new management or new owners. I will never use their site
again. When I find a package or library that is available only hosted there, I
look for an alternative. That is how bad their reputation is.

~~~
colejohnson66
What’s your FOSS alternative to FlightGear? MinGW? TortoiseSVN? PortableApps?
Code::Blocks? 7Zip? QBittorrent? DeSmuME? WinSCP? XAMPP? Boost? The list goes
on and on...

These are all applications I’ve used that distribute through SourceForge. This
isn’t a snarky comment; It’s a legitimate question. I use most of these
programs a lot, and if SourceForge’s brand is so tainted, what is one to do?
(Never using these programs is not an answer)

------
fuball63
I've used SourceForge for a while for my hobbyist game development. I've never
had a problem with them product wise; their tools work well and they're really
making solid progress on the redesign.

The malware incident was really bad, but I'm surprised more people won't give
them a look given the fact it is new ownership and a much smaller team.

What's strange, to me, is that last week there was a thread with a majority of
commenters defending Microsoft and their new attitude towards open source,
when Microsoft has been making terrible products whilst being hostile to
developers and consumers alike for decades (just my opinion).

Everyone has different grudges for different reasons, I guess. It's a tough
and complex problem as a business.

~~~
alkonaut
> defending Microsoft and their new attitude towards open source

What’s odd about that? Isn’t their new attitude better than the old, and
perhaps “good enough” (at least compared to other giants)? Are you saying
nothing they do should be considered good enough by devs, based on the
previous history?

~~~
fuball63
Personally, I'm a big believer in second chances in any facet of life, but
people seem to act the way you're describing to Sourceforge, despite giving a
pass to other entities. It's all a matter of personal perspective.

~~~
alkonaut
I can see the point of both views but I do think the behavior of sf was worse
than that of ms (in the case of sf it was a criminal breach of trust).

In any case it does seem like a double standard to not accept the “new people,
new philosophy, new chance” in either both or neither case.

------
vineet
I love the guy challenging the big companies and so want them to succeed. But,
when I look at their site I wonder about so many things:

\- What do VoIP and Internet Speed Test have to do with what they do.

\- I wish they have a business model that is not selling ads or my personal
information to others. As long as they do that, it is hard to trust them,
especially with their malware past.

\- Who are their target users, is it me (a developer) or someone else?

\- Why do they equate free to open source. Free means so much more in for
developers. I use open source despite it being free to use, but because I know
I can use it in interesting ways if I need to.

------
owenversteeg
While redesigning the site was undoubtedly a good step, it still feels a bit
"off" to me, anyone else?

~~~
peterwwillis
It feels like it was designed in 2001. I don't think anyone cares about
"history" as much as they care about the fact that the brand is old and tired,
and even looks it.

------
KaoruAoiShiho
No compelling differentiation, literally just worse than all alternatives.

~~~
jelly_dev
There's still a lot of tools that exist nowhere but sourceforge because they
were abandoned by the developers years ago

------
earenndil
> We’ve already seen a huge surge in projects being imported to SourceForge
> from GitHub in the last few days

I wonder why?

------
nathantotten
> Comments disabled

That pretty much says it all.

~~~
rhabarba
SourceForge is controversial. I doubt they'd want to moderate the inevitable
discussion. Nor would you.

~~~
dredmorbius
If you want to rebuild trust, you need full free and frank dialogue.

------
nbabitskiy
If you "browse projects" on their website, they offer you categories, like
ERM, CRM, HR, Ecommerce, Accounting.

They just don't work developers, they work for (unsuspecting) ERM software
users, in capacity of an open-source app store. That's why it can succeed - if
one makes a CRM software, he might mirror there in hope to be stumbled upon by
category browsers.

edit: some grammar

------
deevolution
I dont see any reason for this to still exist now that git is a thing... all
github would have to do is make their release pages a bit more friendly to non
devs and it would demolish sourceforge completely.

~~~
askmike
I don't think developers would ever pick SF because of how user friendly the
release page looks.

------
codazoda
Nah. Bridges burned.

~~~
binarycrusader
New ownership — they didn’t burn the bridges but I agree that I think the name
is too tainted now.

~~~
guntars
Did the new ownership fire every developer and middle manager? If not, that
means there are folks at the “new” sourceforge that are perfectly happy
bundling malware with OSS downloads. It was not addressed in the article at
all so I’m not buying what they’re selling.

~~~
keypusher
They do mention removing bundled installers and implementing virus scans, both
of which seem targeted at removing malware from the site.

~~~
drewbuschhorn
I think the issue was that people who thought that bundling malware was ok,
are still employed there.

~~~
rhabarba
Not necessarily with any responsibilities though.

~~~
DuskStar
If you're employed somewhere, you have responsibilities. Otherwise what's the
point?

~~~
rhabarba
If I'm a mere employee, my chance to decide about what happens around me (or
on my employer's website) might be limited.

~~~
dbasedweeb
I’m a mere consumer, and my only option in reaction to the abdication of
personal responsibility is to never use the product again.

------
privateSFacct
Real networks

Sourceforge

\- Companies that torched their reputation by treating users like s#^t.
Straight malware. Seriously, they would have been better off going quiet and
then building back up later / selling a higher quality brand.

Developers are valuable to the big players - why drive them away with malware
- seems like the malware was targeting wrong market.

And yes, I was part of friends and family IPO at SF.

------
bingchenasian
Too late for a future - I suggest a rebrand.

------
mattl
Sourceforge was briefly free software, proprietary, unpopular and then now
kinda-free but nobody trusts them.

~~~
loganabbott
Huh? Still completely free

~~~
mattl
It might be free now, but I believe there are some non-free parts. For a long
time it was proprietary.

~~~
loganabbott
Nope it's still free and has always been free. And it's built on Apache Allura
which is open source.

~~~
mattl
There were years when it wasn’t free and there was a proprietary enterprise
edition sold for on-premises usage.

------
dqpb
Sourceforge is one of the sketchiest/spammiest looking sites I've ever been
to.

------
n2dasun
One of the guys who started SF taught me about Linux :)

~~~
rhabarba
Is that a good thing?

------
edpichler
This sentence: "We have the most robust search and discovery system of any
open source repository on the web, and offer an unparalleled experience for
end-users looking for software binaries they can download and install with the
click of a button."

~~~
saagarjha
What's wrong with it? GitHub's search isn't great, as I'm sure you're aware.

