Heads UP!! Warning: Don’t Download Software From SourceForge If You Can Help It
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not ashamed to admit it but I did use sourceforge.net and freshmeat.net alot back in the mid 2000s when I was using slackware. When I started with slackware in the beginning, I was not aware of slackbuilds.org. And I when I did, I used all three sources to get the programs and the dependencies.
I'm not using slackware today, but if I did, I would definitely stick to just slackbuilds.org as I am a bit leery to using sourceforge.net as a trusted site and with thousands of programs it's hard to tell which ones will have malware or not.
Last edited by buffer overflow; 06-08-2015 at 02:03 PM.
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 3,137
Rep:
no! this is a load of parnoid, conspiracy theory rubbish! been using sourceforge for years, if there are any dodgy binary installs it's because of the people who uploaded them and not sourceforge, you stand the same chance of getting an iffy binary from anywhere, the moral being don't install stuff that you don't know what it is, and as for 'infecting' source code that's just plain la la land, and no i am not connected with source forge and yes i do have a couple of really old projects on it that i haven't updated in some years.
Has anyone here observed their downloads modified by sourceforge?
in the last ten years
only linux and a few windows
BUT !!!! i build from source
it has been over ten years since i installed a win XP binary from SF
for gimp is use the gimp mirror page ( or git for the development code"gimp 2.9")
for Nmap ( the other one taken over) i use zypper or yum
BUT
i have seen ADVERTISING !!! that really dose look like a download link
and i did look at the nmap page
and the ONLY one that was working WAS!!!! owned by "sf_admin_1 and 3"
the NORMAL nmap page was basically DEAD in the water
no! this is a load of parnoid, conspiracy theory rubbish!
You and I are wasting our time, Keith! People who believe in wicked men in suits don't need evidence to set them off and so won't be deterred by lack of it.
Distribution: Linux From Scratch, Slackware64, Partedmagic
Posts: 3,137
Rep:
Quote:
Originally Posted by DavidMcCann
You and I are wasting our time, Keith! People who believe in wicked men in suits don't need evidence to set them off and so won't be deterred by lack of it.
Could be right!, just needed to inject a bit of sanity, don't know why, just a masochist I suppose
No one has spoken of wicked men in suits. Just that some caution for any downloads from SourceForge. Evidence shows that SourceForge has injected add junkware to some downloads. Who is to say they would not do so to OpenSource Gnu/Linux applications. Trust is a valued sense but once you have caused something to dis-trust then it becomes harder to trust again.
Personally, that is the reason for my posting of this thread. I do not trust SourceForge any longer therefore no downloads from that site for me and for my clients who hire me. You can call it paranoid but to me I will caution on the safe side every time. I can get most of what I need elsewhere to build on my own safe system.
Hope this helps.
Have fun & enjoy!
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I read the linked-to statement by the GIMP project and I may try to look for examples as when I have downloaded things like GIMP I have realised they are GNU (or similar) so stopped any downloads with other things -- I know it goes on but Sorceforge may not do that.
I do think that any "flashing banner advert" for a version of the program from somebody other than the creators may not be obvious.
I have seen that "Green Button" but I can't confirm what it does so on my evidence it is safe to download from SourceForge.
I see it as "someone has to pay the piper".
I haven't noticed anything nefarious with sf - I often recommend people download bootinfoscript when we are asked to shoot boot problems here e.g.
Don't use sf a lot other than that.
Who is to say they would not do so to OpenSource Gnu/Linux applications.
I could care less as I know CNET and others are bigger offenders when using what I am interpreting
as using what is is called opensource gnu/linux applications in a .exe file for windows.
I just do not care how the windows world has to deal with linux made programs pawned off as open source.
2nd edit: durn it. I forgot my new attitude in my signature statement.
I gotta improve that.
In today's open source roundup: SourceForge may have lingered for too long. Plus: It's time for developers and users to move on from SourceForge. And redditors discuss the tactics of SourceForge
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.