Hacker News new | comments | ask | show | jobs | submit login

The Filezilla forum admin in that thread obstinately blames users for "accidentally" accepting a bundeled "offer", when users are clearly warning project admins that the installer is infected with malware.

Does sourceforge share revenue from bundeled installs with projects?

If you opt-in, they do. Filezilla was one of the first to opt-in.

If you say "no, I don’t want you to bundle your installer with my project", they will do so anyway (look at GIMP), and you get nothing.

so yeah, it seems like there's kind of a conflict of interest here. if there's no way for a user to know whether the project opted in to revenue sharing, then how can they trust the project?

in other words, in my view, a project that opts in to revenue sharing with crapware bundlers who are known to sometimes distrubute malware, is behaving unethically.

so now i don't trust filezilla dev's in general, even if i get an package signed by my distro or whatever. very dissapointing. worse still, it makes projects that didn't opt in suspect in my view, simply because they are on sourceforge; if i can't find out whether they opted in, how can i know any project isn't taking kickbacks?

i really hope i'm missing something here....

For your information, currently sourceforge "usually" only bundles the crapware with projects where either the person opted in, or where sourceforge has "seized" the repo.

If it bundles crapware, and the maintainer listed on sourceforge.net is sourceforge itself, they didn’t opt in.

Otherwise they did.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact