What happened to Sourceforge?

Disclaimer: I’m a VLC developer, member of the board of VideoLAN and managing the infrastructure behind the distribution of VLC. Views and opinions expressed here are my own and do not express the opinions of the VideoLAN organization.

You may have heard all the recent fuss about the Sourceforge vs Gimp controversy. If not you should read this great article written by a member of the Gimp team.

The full story between VLC and Sourceforge

In 2010 the VideoLAN team decided to delegate the binary distribution of VLC media player to Sourceforge. Back in the time, SF.net (like Slashdot) were still the property of a company called Geeknet. The binaries were uploaded by us, and the service provided was good enough even if some users were sometimes confused by the advertisements that appeared on the download pages.

We quickly became the most downloaded software to date hosted on Sourceforge (in less than two years!). Even today, two years after we left SF.net we’re still #2 totalling more than 895.5M downloads there.

Later, in 2012 Geeknet started to add more banners to their pages and did not bother filtering ads that were obvious scam, misleading users to click on these fake “downloads” buttons. Some if not all of these advertisers were distributing VLC bundled with crapware (as we like to call them).

Spoiler: it's a scam

We alerted SF.net quite a few time asking them to be more careful about these ads and they acted like they were willing to help us, telling they’ll look into it, month after month. But nothing really changed on this side, they removed few ads but they came back eventually. In consequence they also offered to share some revenues with us. They gave few thousands dollars every couple of month to the non-profit (which was welcome since we’re all volunteers) but we were still unhappy because a lot of VLC users were still impacted by these misleading ads.

Then came Dice Holdings who bought most of the online media business of Geeknet (including Sourceforge) in September 2012. Soon after, our previous contact at SF.net left the boat, leaving us without any way to reach the new team for quite some time.

The situation worsened again, we received literally dozens of emails each week from angry users complaining about some bundled software and toolbars that were added to the installer. Sourceforge did not (yet) modify our installer in any way, instead our users were clicking on some of these misleading ads. I remember counting more than seven “download” button on our SF.net page! 1

Misleading link to the Gimp project deliberately added by Sourceforge

We couldn’t continue to operate this way so in April 2013 I started working on a new way to distribute VLC. We rented few servers, contacted some mirrors and everything was ready a couple of weeks later. We were finally able to pull the plug from the Sourceforge website.

The situation improved drastically for us past this change, no more complaints about misleading ads or user being tricked into downloading bundled crapware. But this was also the starting point of Sourceforge being SNAFU. One possible explanation could be that they lost their biggest project which was making a significant portion of their revenues since VLC was the most downloaded software on Sourceforge at the time. Interestingly enough, the Gimp project took the same decision few months later, aggravating the Sourceforge situation.

Soon after we were contacted by one of their employee asking if we would be interested to come back and share more revenues by bundling third-party software with VLC. But since we’ve always refused to do so in the past we declined their offer and continued improving our own distribution platform. Few weeks later they launched DevShare: “A Sustainable Way To Fund Open Source Software”… by bundling third party offerings in opt-in.

Oddly at the same period we faced a large DDOS on our new download infrastructure affecting our main distribution server and taking down some of our mirrors during few days. We still don’t know who was behind this attack and their motivations but the coincidence is striking, I let you draw your own conclusions.

Since then, we never updated the binaries hosted there, the SF.net team did it regulary and we never had to complain about it since the binaries were left untouched.

Fast forward, end of May 2015 we heard about the Gimp binaries being bundled with the SourceForge installer and their admin access taken over by some sf-editor1. We were quite surprised to discover that the same happened to VLC, the project has been taken over without notice, removing all access to it but luckily the binaries weren’t touched. Maybe because we’re now signing all of them for the Windows platform. And we’re now trying to get our access restored to avoid any further damage.

It’s sad to see that what used to be a great company ten years ago is now in a blatant disregard for the rights and work of the open-source community.

  1. The smallest button was indeed the legit one [return]


comments powered by Disqus