SourceForge seems to add adware to software (windows installer)

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

SourceForge seems to add adware to software (windows installer)

tmacchant
Hello

SourceForge seems to add adware to software (windows installer).


Gimp project is an example.

http://arstechnica.com/information-technology/2015/05/sourceforge-grabs-gimp-for-windows-account-wraps-installer-in-bundle-pushing-adware/

http://www.infoworld.com/article/2929732/open-source-software/sourceforge-commits-reputational-suicide.html

http://www.engadget.com/2015/05/29/gimp-sourceforge-fight/

Octave community has started discussions.
 http://octave.1599824.n4.nabble.com/Sourceforge-adding-adware-to-software-will-we-be-moving-to-github-td4670950.html
 http://octave.1599824.n4.nabble.com/We-need-to-talk-about-SourceForge-td4670942.html


However, the problem seems only to be happened only on windows installer.

Fortunately, the phenomena seem not to be observed on gnuplot windows binary installers.

The gnuplot windows binary installers are produced by Inno setup dislike other projects.
It is possible that the selection of Inno setup gives happy a result at this moment.


I do not think that the gnuplot project should escape SourceForge at this moment but 
we have to start to consider what should we do when our windows installers will be affected by adwares.

Tatsuro

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

sfeam
On Tuesday, 16 June 2015 09:54:23 AM Tatsuro MATSUOKA wrote:
More information and discussion here:

  http://lwn.net/Articles/646118/

 
> Fortunately, the phenomena seem not to be observed on gnuplot windows binary installers.
>
> The gnuplot windows binary installers are produced by Inno setup dislike other projects.
> It is possible that the selection of Inno setup gives happy a result at this moment.
>
>
> I do not think that the gnuplot project should escape SourceForge at this moment but
> we have to start to consider what should we do when our windows installers will be affected by adwares.

In the case of the Gimp project, the project had *already left* SourceForge.
The Gimp developers themselves were no longer placing any files on SourceForge.
The offending installers were placed in the former (no longer in use)
project page on SourceForge.  

Anyhow, I have added md5 checksums for the gnuplot windows installer binaries
on the download page.   Anyone worried about authenticity should confirm
the checksum values before running the installer.

        Ethan


------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

tmacchant


----- Original Message -----

> From: sfeam 
> To: gnuplot-beta Tatsuro MATSUOKA
> Cc:
> Date: 2015/6/16, Tue 15:18
> Subject: Re: SourceForge seems to add adware to software (windows installer)
>
> On Tuesday, 16 June 2015 09:54:23 AM Tatsuro MATSUOKA wrote:
>>  Hello
>>
>>  SourceForge seems to add adware to software (windows installer).
>>
>>
>>  Gimp project is an example.
>>
>>
> http://arstechnica.com/information-technology/2015/05/sourceforge-grabs-gimp-for-windows-account-wraps-installer-in-bundle-pushing-adware/
>>
>>
> http://www.infoworld.com/article/2929732/open-source-software/sourceforge-commits-reputational-suicide.html
>>
>>  http://www.engadget.com/2015/05/29/gimp-sourceforge-fight/
>>
>>  Octave community has started discussions.
>>  
> http://octave.1599824.n4.nabble.com/Sourceforge-adding-adware-to-software-will-we-be-moving-to-github-td4670950.html
>>  
> http://octave.1599824.n4.nabble.com/We-need-to-talk-about-SourceForge-td4670942.html
>>
>>
>>  However, the problem seems only to be happened only on windows installer.
>
> More information and discussion here:
>
>   http://lwn.net/Articles/646118/
>
Thank you for your information. 
I have gotten to know what happened in the Gimp Project in more details.



>>  I do not think that the gnuplot project should escape SourceForge at this
> moment but
>>  we have to start to consider what should we do when our windows installers
> will be affected by adwares.
>


> In the case of the Gimp project, the project had *already left* SourceForge.
> The Gimp developers themselves were no longer placing any files on SourceForge.
> The offending installers were placed in the former (no longer in use)
> project page on SourceForge. 
>
> Anyhow, I have added md5 checksums for the gnuplot windows installer binaries
> on the download page.   Anyone worried about authenticity should confirm
> the checksum values before running the installer.
>


It is a good idea to add md5 checksums.

(I have been providing md5 checksums for my own binaries of cvs version gnuplot for windows on my  distribution site.)

Tatsuro

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

Lars Hecking

> It is a good idea to add md5 checksums.
>
> (I have been providing md5 checksums for my own binaries of cvs version gnuplot for windows on my ??distribution site.)
 
 I used to sign releases with my gpg key. Maybe the creation of a signing key
 would not be such a bad idea.


------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

Clark Gaylord-3
Signing is definitely a good idea.

If you guys want to move away from sf, I'm willing to facilitate as needed. At one time we hosted everything at Virginia Tech (I think the primary v6 location might actually still be here - sf's IPv6 routing was frequently broken when I set this up).

Likewise, we can always separate the canonical gnuplot.info distribution location from wherever we manage code (part of the reason we shouldn't publicize the SourceForge links directly even when is hosted there). Github is clearly a good option for code repository; bitbucket is also quite good.

So far it sounds like there's not a lot of groundswell for moving, but let me know. Worth considering, imho.

Regards
Clark

--
Clark Gaylord
[hidden email]

... thumbed on Android
    auto-correct may have improved this message ...

On Jun 16, 2015 4:48 AM, Lars Hecking <[hidden email]> wrote:

>
>
> > It is a good idea to add md5 checksums.
> >
> > (I have been providing md5 checksums for my own binaries of cvs version gnuplot for windows on my ??distribution site.)
>
> I used to sign releases with my gpg key. Maybe the creation of a signing key
> would not be such a bad idea.
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> gnuplot-beta mailing list
> [hidden email]
> Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta 
------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

tmacchant
In reply to this post by sfeam
----- Original Message -----

> From: sfeam 
> To: gnuplot-beta Tatsuro MATSUOKA 
> Cc:
> Date: 2015/6/16, Tue 15:18
> Subject: Re: SourceForge seems to add adware to software (windows installer)

> Anyhow, I have added md5 checksums for the gnuplot windows installer binaries
> on the download page.   Anyone worried about authenticity should confirm
> the checksum values before running the installer.
>
>     Ethan


This is information:
Usual windows users are not familiar with checksum.
Please see:

https://en.wikipedia.org/wiki/Checksum



On windows, Checksum software is not installed by default.
(I have been used "md5sum" on msys or cygwin.)

A command line tool "File Checksum Integrity Verifier" fciv.exe can be downloaded from
Microsoft site
https://www.microsoft.com/en-us/download/details.aspx?id=11533


GUI based Checksum software working on windows can be found on the web.
(There are many softwares for this purpose so that I cannot recommend which is the best.)

Tatsuro

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

Plotter-2
On 17/06/15 02:50, Tatsuro MATSUOKA wrote:

> ----- Original Message -----
>
>> From: sfeam
>> To: gnuplot-beta Tatsuro MATSUOKA
>> Cc:
>> Date: 2015/6/16, Tue 15:18
>> Subject: Re: SourceForge seems to add adware to software (windows installer)
>
>> Anyhow, I have added md5 checksums for the gnuplot windows installer binaries
>> on the download page.   Anyone worried about authenticity should confirm
>> the checksum values before running the installer.
>>
>>      Ethan
>
>
> This is information:
> Usual windows users are not familiar with checksum.
> Please see:
>
> https://en.wikipedia.org/wiki/Checksum
>
>
>
> On windows, Checksum software is not installed by default.
> (I have been used "md5sum" on msys or cygwin.)
>
> A command line tool "File Checksum Integrity Verifier" fciv.exe can be downloaded from
> Microsoft site
> https://www.microsoft.com/en-us/download/details.aspx?id=11533
>
>
> GUI based Checksum software working on windows can be found on the web.
> (There are many softwares for this purpose so that I cannot recommend which is the best.)
>
> Tatsuro
>


Most lambda Windoze users don't even know what a command line is , let
alone a checksum. It's just click, click. double click; say OK to some
EULA they never read then reboot Windoze.


Adding checksum information is probably a good step anyway, though.

Since SF's dishonest behaviour is motivated by creating a revenue
source, it would seem that gnuplot will not be likely target, at least
until they do this kind of crap to every download on their site, which I
suppose is the logical conclusion.

Initially they will target only large circulation packages like GIMP.
Gnuplot is fairly specialised and requires a fair degree of technical
competence and has a fairly studious learning curve.
Those wanting banal graph plotting capabilities will use Exce.

However, since SF is clearly becoming unreliable and dishonest, it may
be worth looking for an exit plan before it becomes a pressing problem,
possibly with added constraints which do not currently exist.

It seems like it should be treated like shutting down a FaceBook
account: you never say you want to close it but remove everything and
retain your log-in rather than relinquishing access. In the case of SF
update the readme every month or so, so as not to have it  picked up as
'dormant' and re-appropriated.

Removing any references to SF as a download source will wither the
traffic and make it progressively less and less attractive as an adware
revenue source

Presenting this kind of thing as a "mirror" which is supposed to
*reflect* exactly the same content as the source is again dishonest .
Hopefully someone like Mozilla, who have the resources will sue their
butt and get this practice stopped.


Peter.








------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

tmacchant
In reply to this post by tmacchant
I have investigated how the source code hosting services are different.

Perhaps many people know the below but I myself found this today.

As information for those who are not familiar to the below (including me) 

Comparison of source code hosting facilities

 https://en.wikipedia.org/wiki/Comparison_of_source_code_hosting_facilities

Tatsuro

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

Plotter-2
In reply to this post by tmacchant
On 17/06/15 13:04, Clark Gaylord wrote:
> The only exception I would make is that this change in philosophy at SourceForge isn't new. I have never felt they were trustworthy, only (begrudgingly) convenient.
>
> Action item: we should always (have had) reference to the canonical gnuplot domain: gnuplot.info At this time, that points to SourceForge and will for the foreseeable future, but when it changes to another hosting service we only want a simple DNS update to make it happen. This change is an eventuality, so we should make changes to all documentation now.
>
> --
> Clark Gaylord
> [hidden email]

Good suggestion.


Hijacking an account then calling it a "mirror" when it delivers
something else with undeclared additional software being installed on
the end user's computer is fundamentally dishonest.

If it was a mirror it would provide the same thing: byte perfect, not
commercial crap.

It betrays the confidence people have in the original product and
damages the reputation thereof.  Image is important and can be
monetised, which is what they are doing, except it is someone else's
rep. they profiting from and damaging in the process.

  If someone could get it together to sue, they would likely be entitled
to damages.

Peter.




------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

tmacchant
----- Original Message -----

> From: "plotter
> To: Clark Gaylord 
> Cc: gnuplot-beta
> Date: 2015/6/17, Wed 20:18
> Subject: Re: SourceForge seems to add adware to software (windows installer)
>
> On 17/06/15 13:04, Clark Gaylord wrote:
>>  The only exception I would make is that this change in philosophy at
> SourceForge isn't new. I have never felt they were trustworthy, only
> (begrudgingly) convenient.
>>
>>  Action item: we should always (have had) reference to the canonical gnuplot
> domain: gnuplot.info At this time, that points to SourceForge and will for the
> foreseeable future, but when it changes to another hosting service we only want
> a simple DNS update to make it happen. This change is an eventuality, so we
> should make changes to all documentation now.
>>
>>  --
>>  Clark Gaylord
>>  [hidden email]
>
> Good suggestion.
>
>
> Hijacking an account then calling it a "mirror" when it delivers
> something else with undeclared additional software being installed on
> the end user's computer is fundamentally dishonest.
>
> If it was a mirror it would provide the same thing: byte perfect, not
> commercial crap.
>
> It betrays the confidence people have in the original product and
> damages the reputation thereof.  Image is important and can be
> monetised, which is what they are doing, except it is someone else's
> rep. they profiting from and damaging in the process.
>
>   If someone could get it together to sue, they would likely be entitled
> to damages.
>
> Peter.


I also think that SourceForge (SF) behavior becomes really bad but facilities that
SF provides is not so bad.

I summarized what services the gnuplot project are offered from SF and compare them
on those alternative (Bitbucket and Github).
(I do not have write access right to the gnuplot project on SF so my summary
may not be complete. Please correct errors the below.)

 1. File distribution
  Source, small document (NEWS, README), windows binary (installer and zip)

 2. Project Trackers
  Bugs

  Feature Requests
  Patches
  Support Requests

 3. Project Mailing Lists
  gnuplot-beta: Subscribe | Archive | Search — Developers and beta testers of new gnuplot code
  gnuplot-info: Subscribe | Archive | Search — For questions and discussion about gnuplot


 4. CVS version control system

 # The "News" facility on SF has been used until ver 4.6.4 but later version do not use this facility.

According to the page I introduced in my previous post
 https://en.wikipedia.org/wiki/Comparison_of_source_code_hosting_facilities


Popular source code hosting facilities seems to be Bitbucket and Github.

For Bitbucket and Github
1.* 2. 4.* are supported but 3*. is not supported.

*1 Facilities of Bitbucket and Github seem not to be so systematical as that in SF.

*3 Bitbucket and Github do not also support forum. 
  I found the tortoisehg uses Bitbucket but their mailing list is hosted on SF
  Mailing list (Personally I prefer mailing list than forum.) or forum cannot be omitted from the project. 

*4 Both Bitbucket and Github do not support CVS.
 The CVS is now considered to be an old version control. Many other projects uses git or mercurial.
  Bitbucket git and mercurial
  Github    git  

  Gnuplot project have been used cvs for a long time and code size is not so large and number of people 
  who has write access is limited so that the CVS is enough for the gnuplot project (Am I right?)

 If the gnuplot project transfer from SF to Bitbucket or Github, the version control system should be changed.
 The automatic transfer tools from cvs to git or mercurial exist but they seem not to be complete.
 Human resources will be required if we change the version control system.

To be honest, I myself cannot judge that the gnuplot project should leave SF because I have never done maintaining
works on SF system.

Tatsuro 

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

tmacchant
----- Original Message -----

> From: Tatsuro MATSUOKA 
> To: "plotter; Clark Gaylord
> Cc: [hidden email]
> Date: 2015/6/18, Thu 09:03
> Subject: Re: SourceForge seems to add adware to software (windows installer)
>
> ----- Original Message -----
>
>>  From: "plotter
>>  To: Clark Gaylord 
>>  Cc: gnuplot-beta
>>  Date: 2015/6/17, Wed 20:18
>>  Subject: Re: SourceForge seems to add adware to software (windows
> installer)
>>
>>  On 17/06/15 13:04, Clark Gaylord wrote:
>>>   The only exception I would make is that this change in philosophy at
>>  SourceForge isn't new. I have never felt they were trustworthy, only
>>  (begrudgingly) convenient.
>>>
>>>   Action item: we should always (have had) reference to the canonical
> gnuplot
>>  domain: gnuplot.info At this time, that points to SourceForge and will for
> the
>>  foreseeable future, but when it changes to another hosting service we only
> want
>>  a simple DNS update to make it happen. This change is an eventuality, so we
>
>>  should make changes to all documentation now.
>>>
>>>   --
>>>   Clark Gaylord
>>>   [hidden email]
>>
>>  Good suggestion.
>>
>>
>>  Hijacking an account then calling it a "mirror" when it delivers
>>  something else with undeclared additional software being installed on
>>  the end user's computer is fundamentally dishonest.
>>
>>  If it was a mirror it would provide the same thing: byte perfect, not
>>  commercial crap.
>>
>>  It betrays the confidence people have in the original product and
>>  damages the reputation thereof.  Image is important and can be
>>  monetised, which is what they are doing, except it is someone else's
>>  rep. they profiting from and damaging in the process.
>>
>>    If someone could get it together to sue, they would likely be entitled
>>  to damages.
>>
>>  Peter.
>
>
> I also think that SourceForge (SF) behavior becomes really bad but facilities
> that
> SF provides is not so bad.
>
> I summarized what services the gnuplot project are offered from SF and compare
> them
> on those alternative (Bitbucket and Github).
> (I do not have write access right to the gnuplot project on SF so my summary
> may not be complete. Please correct errors the below.)
>
>  1. File distribution
>   Source, small document (NEWS, README), windows binary (installer and zip)
>
>  2. Project Trackers
>   Bugs
>
>   Feature Requests
>   Patches
>   Support Requests
>
>  3. Project Mailing Lists
>   gnuplot-beta: Subscribe | Archive | Search — Developers and beta testers of
> new gnuplot code
>   gnuplot-info: Subscribe | Archive | Search — For questions and discussion
> about gnuplot
>
>
>  4. CVS version control system
>
>  # The "News" facility on SF has been used until ver 4.6.4 but later
> version do not use this facility.
>
> According to the page I introduced in my previous post
>  https://en.wikipedia.org/wiki/Comparison_of_source_code_hosting_facilities
>
>
> Popular source code hosting facilities seems to be Bitbucket and Github.
>
> For Bitbucket and Github
> 1.* 2. 4.* are supported but 3*. is not supported.
>
> *1 Facilities of Bitbucket and Github seem not to be so systematical as that in
> SF.
>
> *3 Bitbucket and Github do not also support forum. 
>   I found the tortoisehg uses Bitbucket but their mailing list is hosted on SF
>   Mailing list (Personally I prefer mailing list than forum.) or forum cannot be
> omitted from the project. 
>
> *4 Both Bitbucket and Github do not support CVS.
>  The CVS is now considered to be an old version control. Many other projects
> uses git or mercurial.
>   Bitbucket git and mercurial
>   Github    git  
>
>   Gnuplot project have been used cvs for a long time and code size is not so
> large and number of people 
>   who has write access is limited so that the CVS is enough for the gnuplot
> project (Am I right?)
>
>  If the gnuplot project transfer from SF to Bitbucket or Github, the version
> control system should be changed.
>  The automatic transfer tools from cvs to git or mercurial exist but they seem
> not to be complete.
>  Human resources will be required if we change the version control system.
>
> To be honest, I myself cannot judge that the gnuplot project should leave SF
> because I have never done maintaining
> works on SF system.
>
> Tatsuro 


Perhaps many people know the below but at least for me I have found this today
(2015-06-18).

Third party offers will be presented with Opt-In projects only

http://sourceforge.net/blog/third-party-offers-will-be-presented-with-opt-in-projects-only/


I personally feel that their statement is not consistent with that Gimp project insists on 
this issue.  However, they state that they added adware to the binary of unmaintained project.
The gnuplot project is very active on SF. 
 * Changes on the source tree have been done very frequently.

 * Version up has been regularly done. 

Believing SF's statement the above, the gnuplot project may not become a target.
Therefore we do not need hurry at this moment and discuss this issue with taking time involving 
other people who are related to the gnuplot project. 

# However, what they did on Gimp windows installer is quite horrible.
# I wonder that SF will change their matter again to illy direction.

Tatsuro

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

Mojca Miklavec
In reply to this post by tmacchant
On Thu, Jun 18, 2015 at 2:03 AM, Tatsuro MATSUOKA wrote:
>
> 1. File distribution
> Source, small document (NEWS, README), windows binary (installer and zip)
> Facilities of Bitbucket and Github seem not to be so systematical as that in SF.

Distribution of source code is very well supported. But it's *a lot*
easier if ./configure and other vital files become part of the
sources. Then it becomes just a matter of tagging a specific commit
and declaring it to be a version. GitHub/Bitbucket then automatically
generates zip/tar.gz files. GitHub is a bit more picky about
distributing binaries.

> *4 Both Bitbucket and Github do not support CVS.
>  The CVS is now considered to be an old version control. Many other projects uses git or mercurial.
>   Bitbucket git and mercurial
>   Github    git
>
>   Gnuplot project have been used cvs for a long time and code size is not so large and number of people
>   who has write access is limited so that the CVS is enough for the gnuplot project (Am I right?)

I just wanted to say that if anything, CVS is *the* most vulnerable
part of the project and the one that should be "migrated off" with the
highest priority. I don't think the following would happen, but if
SourceForge really starts being evil, you could loose the complete
history of gnuplot source code (unless you make regular backups of CVS
from the server via rsync; not just the current checkout).

>  If the gnuplot project transfer from SF to Bitbucket or Github, the version control system should be changed.

Indeed, but that's a very good thing. Git (and mercurial) have strong
checksumming built in and even if the server disappears out of the
blue, you'll still have a complete copy on everyone's machine and
nobody would be able to tamper with the sources without everyone else
noticing.

CVS is vulnerable. It has a bit of "dementia" (it's not always
possible to reconstruct the exact history), if one deletes a folder,
the whole history of that folder is gone, one can easily modify files
on the server ...

>  The automatic transfer tools from cvs to git or mercurial exist but they seem not to be complete.
>  Human resources will be required if we change the version control system.

People offered help, but it was usually declined because developers
wanted to stick to CVS. The problem with "incompleteness" of the tools
is that CVS history cannot be reconstructed exactly, so one needs some
 heuristics and guessing (and some obscure features like tagging
together files from different times cannot easily be reproduced in
git). And the longer one waits, the more history gets "forgotten".

The main problem with CVS -> GIT conversion is that it's feasible to
do it once, but it's very annoying to do incremental updates.

Mojca

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

Ethan Merritt
In reply to this post by tmacchant

On Tuesday, 16 June, 2015 09:54:23 Tatsuro MATSUOKA wrote:

> Hello

>

> SourceForge seems to add adware to software (windows installer).

 

Today's installment.

Have your popcorn handy.

 

 

http://sourceforge.net/blog/project-mirroring-policies-will-be-revisited-with-our-community-panel-existing-mirrors-removed/

 

 

Ethan

 

>

>

> Gimp project is an example.

>

> http://arstechnica.com/information-technology/2015/05/sourceforge-grabs-gimp-for-windows-account-wraps-installer-in-bundle-pushing-adware/

>

> http://www.infoworld.com/article/2929732/open-source-software/sourceforge-commits-reputational-suicide.html

>

> http://www.engadget.com/2015/05/29/gimp-sourceforge-fight/

>

> Octave community has started discussions.

>  http://octave.1599824.n4.nabble.com/Sourceforge-adding-adware-to-software-will-we-be-moving-to-github-td4670950.html

>  http://octave.1599824.n4.nabble.com/We-need-to-talk-about-SourceForge-td4670942.html

>

>

> However, the problem seems only to be happened only on windows installer.

>

> Fortunately, the phenomena seem not to be observed on gnuplot windows binary installers.

>

> The gnuplot windows binary installers are produced by Inno setup dislike other projects.

> It is possible that the selection of Inno setup gives happy a result at this moment.

>

>

> I do not think that the gnuplot project should escape SourceForge at this moment but 

> we have to start to consider what should we do when our windows installers will be affected by adwares.

>

> Tatsuro

>

> ------------------------------------------------------------------------------

> _______________________________________________

> gnuplot-beta mailing list

> [hidden email]

> Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta

--

Ethan A Merritt

Biomolecular Structure Center, K-428 Health Sciences Bldg

MS 357742, University of Washington, Seattle 98195-7742

 


------------------------------------------------------------------------------

_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

tmacchant
----- Original Message -----

>From: Ethan A Merritt 
>To: gnuplot-beta Tatsuro MATSUOKA  
>Date: 2015/6/19, Fri 06:20
>Subject: Re: SourceForge seems to add adware to software (windows installer)
>
>
>
>On Tuesday, 16 June, 2015 09:54:23 Tatsuro MATSUOKA wrote:
>> Hello
>>
>> SourceForge seems to add adware to software (windows installer).

>Today's installment.
>Have your popcorn handy.


>http://sourceforge.net/blog/project-mirroring-policies-will-be-revisited-with-our-community-panel-existing-mirrors-removed/


>Ethan


Thank you for your information. Unfortunately I could not get popcorn. 
I have read it with drinking coffee.

Tatsuro


------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

Allin Cottrell
In reply to this post by Ethan Merritt
On Thu, 18 Jun 2015, Ethan A Merritt wrote:

> On Tuesday, 16 June, 2015 09:54:23 Tatsuro MATSUOKA wrote:
>> Hello
>>
>> SourceForge seems to add adware to software (windows installer).
>
> Today's installment.
> Have your popcorn handy.
>
>
> http://sourceforge.net/blog/project-mirroring-policies-will-be-revisited-with-our-community-panel-existing-mirrors-removed/

That text looks quite satisfactory to me.

It does seem that SF's practice with GIMP was seriously wrong, but I'm
prepared to take their retraction of that policy at face value until
proved otherwise.

Allin Cottrell

------------------------------------------------------------------------------
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
Reply | Threaded
Open this post in threaded view
|

Re: SourceForge seems to add adware to software (windows installer)

tmacchant
In reply to this post by tmacchant
Hello

On the Octave ML, there reported a news concerning to SourceForge.
The new owners seem to start to eliminate mistakes from the past.

Octave ML report:
http://octave.1599824.n4.nabble.com/We-need-to-talk-about-SourceForge-tp4670942p4674746.html


SourceForge announce:
https://sourceforge.net/blog/sourceforge-acquisition-and-future-plans/


Tatsuro

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
gnuplot-beta mailing list
[hidden email]
Membership management via: https://lists.sourceforge.net/lists/listinfo/gnuplot-beta