Yeah, because that was the substantive point about your company, its business model, and its relationship to the FOSS community that was made in the article.
We're a small independently owned private company, and not a single person responsible for those decisions made years ago is still involved with the company. It's been over 3 years since we bought SourceForge and we reversed all the bad decisions on day 1 and never looked back. We still support Mercurial https://sourceforge.net/p/forge/documentation/Mercurial/#pub...
But why buy such a tarnished trademark which has garnered so much ill will over the years for horrible practices? Is it a form of "all PR is good PR", that it's better to have a recognized but hated name than to have a name nobody knows of?
Hi, president of SourceForge here. Glad this is trending, albeit a few months later. These articles seem to trend on HN every few months, with many people not realizing SourceForge changed ownership in 2016 and that the new team's been working hard on improving.
To be clear, we had nothing to do with the bundled adware decisions of 2015, and when we took over in 2016, the first thing we did was remove the bundled adware, as well as institute malware scans for every project on the site.
We're working hard to restore trust, so if we win some of you back that would be cool. However, we're just focused on doing right by our million daily users.
FYI the SourceForge version of FileZilla is clean, and has been since 2016. The official FileZilla installer has been doing this for some time now though. In case people don’t know, a lot has changed at SourceForge since my company acquired them in 2016. All projects are scanned for malware. We covered the improvements again here https://sourceforge.net/blog/brief-history-sourceforge-look-...
That is awesome and I'm glad you are working to clean up the Sourceforge reputation. However, the issue (at least for me) is one of shattered trust. Even though you can affirm the Filezilla downloads you host don't have malicious payloads in the installer, I no longer trust the creator of Filezilla. If he's scummy enough to fill up his "bundled" installer with known malware and viruses, and then lie to his users about it on his forum, he's scummy enough to put something potentially harmful in the program itself.
It would be trivial to integrate a hidden Monero or other coin miner in the source of the main Filezilla program that only runs when the program itself is running. I know I often leave my FTP going overnight for uploading big files (I have really fast downstream but painfully slow upstream) and that's a lot of time for my machine to be surreptitiously mining for someone else. Multiply that by the hundred of thousands if not millions of Filezilla users across all platforms, and you have the potential for a ton of illicitly gained virtual money at your users' expense.
FYI the SourceForge version of FileZilla is clean, and has been since 2016. The official FileZilla installer has been doing this for some time now though. In case people don’t know, a lot has changed at SourceForge since my company acquired them in 2016. All projects are scanned for malware. We covered the improvements again here https://sourceforge.net/blog/brief-history-sourceforge-look-...
Sorry if my comments rubbed you the wrong way, but it's a bit frustrating when these threads pop up weekly, and people feel like it's open license to attack me and my company. We really are doing our best to make SourceForge a trusted destination, but still get the flack as if we were the previous ownership.
