Why big open-source projects are fleeing SourceForge's free software hub

SourceForge's distasteful junkware-pushing antics have soured open-source projects on the one-time free software titan.

sourceforge gimp

SourceForge is in trouble.

The download-hosting site retreated after public outcry, removing the junkware it inserted into downloads of the popular GIMP image editing tool without the developers’ permission. But SourceForge has still lost the trust of the open-source community after the junkware-wrapping scandal—and now more open-source projects are leaving SourceForge for greener pastures like GitHub and FossHub.

Wine and Notepad++ are leaving

The Wine project—which makes the Wine compatibility layer for running Windows applications on operating systems like Linux and Mac OS X—seems to be moving away from SourceForge. The Wine newsletter indicates a developer proposed moving away from SourceForge due to “SourceForge’s recent activities with taking over open source projects for their own gain.” Developers reacted positively to the idea, and Wine looks like it will be moving off of SourceForge going forward.

Wine isn’t the only big-name program looking to flee SourceForge. Notepad++ is a popular programming-focused text editor for Windows. In an announcement, its developer wrote that Notepad++ would be leaving SourceForge and requested other open-source projects do the same. “SourceForge was a good place; unfortunately, sometimes good places don’t last,” he wrote.

Want to stay up to date on Linux, BSD, Chrome OS, and the rest of the World Beyond Windows? Bookmark the World Beyond Windows column page or follow our RSS feed.

Bundling junkware along with open-source projects against their developers’ wishes is the last straw when those developers are struggling to provide free, safe-to-use software without the junk.

VLC and GIMP started the exodus in 2013

Other smaller projects have also moved away from SourceForge recently. If you’re wondering why there hasn’t been more of an exodus of big projects, it’s because many open-source projects really started moving away from SourceForge back in 2013.

VLC was the biggest, most-downloaded application on SourceForge in 2012. But SourceForge hosted misleading ads that encouraged users to download VLC and other applications from other websites where they were bundled with junkware. SourceForge wouldn’t remove the ads, so VLC left and began hosting their own downloads.

A video showing the multiple ads SourceForge bundled with GIMP's installer.

SourceForge later came back to VLC and asked them if they wanted to participate in “DevShare” to gain money from bundling obnoxious junkware with VLC — and VLC said no. A VLC developer notes that VLC was subject to a large DDoS attack on their download servers around this time. “We still don’t know who was behind this attack and their motivations but the coincidence is striking, I let you draw your own conclusions,” he wrote.

GIMP faced a similar problem in 2013. User who went to SourceForge to download the Windows version of the GIMP might click a “sponsored” ad that led them to another website where the GIMP was bundled along with junkware. GIMP left SourceForge a few months after VLC did in 2013, telling SourceForge point-blank that they weren’t interested in participating in DevShare and other schemes. In 2015, SourceForge took over the account and began bundling junkware along with the GIMP, only relenting after media attention and public pressure forced them to. A GIMP developer tells the story in more detail.

gimp banner Ludovic Fauvet

A "misleading link to the Gimp project deliberately added by Sourceforge," according to VLC developer Ludovic Fauvet. The version in the sponsored link tried slipping junkware onto users' systems.

Don’t download software from SourceForge

Many open-source programs are still available for download from SourceForge, as the open-source license means SourceForge is allowed to host them. But many developers are advising everyone not to download from SourceForge.

Nmap’s developer recently sounded the alarm, saying that the nmap files on SourceForge weren’t provided by the official project. “So far they seem to be providing just the official Nmap files (as long as you don’t click on the fake download buttons) and we haven’t caught them trojaning Nmap the way they did with GIMP,” he wrote. “But we certainly don’t trust them one bit!”

SourceForge appears to have removed nmap from their site, as per the developer’s wishes. But there are still many open-source programs available for download on SourceForge. My recommendation? Download them from the open-source project’s official website and avoid SourceForge.

Related:

Subscribe to the Best of PCWorld Newsletter

Comments