I'm willing to give the new team the benefit of the doubt; let's just assume they want to create a high quality product. That's great, but I think the first step is starting over with a non-tainted brand.
It may make sense to migrate existing projects and accounts across, or even to build on top of the existing code base, just don't call it SourceForge.
Well, we are using Sourceforge... For one particular reason - free mailing
list [for our open source project]. The code is on GitHub, but we want
to do things the "old way" - send a patch to the mailing list, let people
Some of that is 100% stagnant, some of that is lightly maintained with a bug fix once every few years, and a little of it is somewhat actively maintained.
I always thought that Freshmeat, while not a hosting site and therefore not comparable, was an ok brand, and didn't necessarily have to go inactive, even though, yes, it couldn't keep up with everything. It could've continued to play some interesting role.
...that being said, I don't think SourceForge is the product to supplant Github. But I think that says more about SourceForge that it does Github.
- forced users to look at ads and go through two steps in order to download projects
- when that was not enough, injected malware into the files users were downloading
- irrecoverably lost project information
I don’t think they can do anything to salvage their image at this point. The last incident didn’t even inflict too much damage because there wasn’t much left to SourceForge.
Now, if you were in this situation and you decided to come back to the old project a few years later (we're now in the early 2000's) wouldn't you expect to be able to continue where you left off?
Not so with Sourceforge. I found that the entire project was deleted. I contacted them and got the answer that it was indeed deleted because it hadn't been touched in however many years it had been.
To give credit where credit is due, they were actually able to recover my code from a backup and restore the project.
The point of this post was just to point out that they've done some user hostile things for a very long time.
That's unfair. Back then, storage was expensive, backups were expensive, bandwidth was expensive, server CPU time was expensive. You can't fault them for removing unsupported projects in an era when Microsoft and Yahoo were only giving you 10MB of email storage (you might get an extra 15MB for $10/mo) and similarly aggressive purge policies.
More likely early 2000s.
On a more serious note: SourceForge has surely improved a lot, including not shipping malware anymore. The only things that I'd improve are:
1) More reliable SVN servers. Yes, I "still" have SVN projects on SourceForge because I lack motivation to change either the VCS or the hoster. But SourceForge's servers sometimes don't like my attempts to pull from or push to them. I blame the server admins, not the VCS.
2) A better code view. Just like Bitbucket's, SourceForge's code view (especially for diffs) is a mess. That's the one big thing I always liked with GitHub: Reading and comparing commits is perfectly clean.
3) A better project page. It always takes me a while to find the "Code" link on those - although it's always in a similar place.
Good luck, SourceForge.
Then Sourceforge came out and I remember as a 20 year old trying to talk with them about where they saw themselves in the community, and they were basically dismissive of the work that we were doing.
Nonetheless, they had (at the time) flashy software that made them attractive and many projects used them. They were genuinely the Github of their day.
The ultimate lesson of Sourceforge is three fold for me:
1. Never trust a commercial entity that you aren't paying to be your single repository
This applies to Sourceforge and Github, ultimately.
2. Never use proprietary software as your core
Sourceforge, like Github, was proprietary and used that to keep people in. Like Github, the interface to the internals were FLOSS (Subversion in SF's case, git in Github's case).
2. We need better verification/validation methods to handle malware
We need verified builds
There was an article about their (last?) acquisition a couple of years ago where they commented at some length.
I personally, am not interested in returning to SourceForge due to all reasons articulated in other comments.
To be clear, we had nothing to do with the bundled adware decisions of 2015, and when we took over in 2016, the first thing we did was remove the bundled adware, as well as institute malware scans for every project on the site.
We're working hard to restore trust, so if we win some of you back that would be cool. However, we're just focused on doing right by our million daily users.
These are all applications I’ve used that distribute through SourceForge. This isn’t a snarky comment; It’s a legitimate question. I use most of these programs a lot, and if SourceForge’s brand is so tainted, what is one to do? (Never using these programs is not an answer)
The malware incident was really bad, but I'm surprised more people won't give them a look given the fact it is new ownership and a much smaller team.
What's strange, to me, is that last week there was a thread with a majority of commenters defending Microsoft and their new attitude towards open source, when Microsoft has been making terrible products whilst being hostile to developers and consumers alike for decades (just my opinion).
Everyone has different grudges for different reasons, I guess. It's a tough and complex problem as a business.
If any other Sourceforge team is reading comments, I am a happy user and thank you for providing an alternative platform for Open Source projects.
What’s odd about that? Isn’t their new attitude better than the old, and perhaps “good enough” (at least compared to other giants)? Are you saying nothing they do should be considered good enough by devs, based on the previous history?
In any case it does seem like a double standard to not accept the “new people, new philosophy, new chance” in either both or neither case.
- What do VoIP and Internet Speed Test have to do with what they do.
- I wish they have a business model that is not selling ads or my personal information to others. As long as they do that, it is hard to trust them, especially with their malware past.
- Who are their target users, is it me (a developer) or someone else?
- Why do they equate free to open source. Free means so much more in for developers. I use open source despite it being free to use, but because I know I can use it in interesting ways if I need to.
I wonder why?
That pretty much says it all.
They just don't work developers, they work for (unsuspecting) ERM software users, in capacity of an open-source app store. That's why it can succeed - if one makes a CRM software, he might mirror there in hope to be stumbled upon by category browsers.
edit: some grammar
- Companies that torched their reputation by treating users like s#^t. Straight malware. Seriously, they would have been better off going quiet and then building back up later / selling a higher quality brand.
Developers are valuable to the big players - why drive them away with malware - seems like the malware was targeting wrong market.
And yes, I was part of friends and family IPO at SF.