Sourceforge article

Get help with compiling or installing the game, and discuss announcements of new official releases.

Moderator: Forum Moderators

Post Reply
User avatar
Naenthos
Posts: 4
Joined: August 24th, 2009, 4:27 pm

Sourceforge article

Post by Naenthos »

I came across this article on ars technica on Sourceforge. I am unsure whether this is better posted here or elsewhere.

I just figured that this might be of some interest given that Wesnoth is also on there. I don't know enough about such things to give comment. The article's title is SourceForge grabs GIMP for Windows’ account, wraps installer in bundle-pushing adware.
Last edited by Pentarctagon on May 28th, 2015, 6:55 pm, edited 1 time in total.
Reason: Updated url to point to the article and not the comments
Andrettin
Posts: 189
Joined: September 2nd, 2013, 5:40 pm
Location: Vienna, Austria

Re: Sourceforge article

Post by Andrettin »

Oh wow, this doesn't look good at all...
User avatar
iceiceice
Posts: 1056
Joined: August 23rd, 2013, 2:10 am

Re: Sourceforge article

Post by iceiceice »

Rather than summarize, the dev discussion of this (from yesterday) is at the bottom of this log and top of the next:
http://www.wesnoth.org/irclogs/2015/05/ ... -05-27.log
http://www.wesnoth.org/irclogs/2015/05/ ... -05-28.log
stegyre
Posts: 53
Joined: August 18th, 2008, 4:35 pm

Re: Sourceforge article

Post by stegyre »

A. This explains some of the crap I've been getting on the computers.

B. It's nice to know the Devs are concerned.

C. Seems like my best short-terms solution is just to have good malware/adware removal software and "clean and disinfect" after downloads. While that's not ideal, I remind myself that BfW is a really high-quality product that we're getting for free, thanks to a lot of people's hard work. Thank you, all.
gnombat
Posts: 670
Joined: June 10th, 2010, 8:49 pm

Re: Sourceforge article

Post by gnombat »

stegyre wrote:A. This explains some of the crap I've been getting on the computers.

B. It's nice to know the Devs are concerned.

C. Seems like my best short-terms solution is just to have good malware/adware removal software and "clean and disinfect" after downloads. While that's not ideal, I remind myself that BfW is a really high-quality product that we're getting for free, thanks to a lot of people's hard work. Thank you, all.
AFAIK SourceForge downloads have been bundled with adware only when (a) the account owner has opted-in to allowing this, or (b) the account has been considered "abandoned" and taken over by SourceForge (in which case the original owner is locked out of the account), and neither of these is the case for the Wesnoth SourceForge account.

Personally I have been using the Windows installers from SourceForge for years up to and including the most recent 1.12.5 and 1.13.2 versions, and I have never observed any adware or other malicious infections.
User avatar
Pentarctagon
Project Manager
Posts: 5496
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Sourceforge article

Post by Pentarctagon »

Part of the problem, besides bundling adware with anything for any reason, is that the original owners of "abandoned" accounts weren't notified by Sourceforge that it was happening.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
gnombat
Posts: 670
Joined: June 10th, 2010, 8:49 pm

Re: Sourceforge article

Post by gnombat »

Pentarctagon wrote:Part of the problem, besides bundling adware with anything for any reason, is that the original owners of "abandoned" accounts weren't notified by Sourceforge that it was happening.
Yes, that's true. Note that if it ever does happen in the future that SourceForge starts tampering with the downloads, it will be possible to detect this by checking the SHA256 checksum on the https://wiki.wesnoth.org/Download page.
User avatar
Pentarctagon
Project Manager
Posts: 5496
Joined: March 22nd, 2009, 10:50 pm
Location: Earth (occasionally)

Re: Sourceforge article

Post by Pentarctagon »

A bit of an update on this: Sourceforge was sold to someone else, and they're trying to clean up the place. Apparently this actually happened all the way back in February, though I just heard about it today.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
Post Reply