Sourceforge article
Moderator: Forum Moderators
Sourceforge article
I came across this article on ars technica on Sourceforge. I am unsure whether this is better posted here or elsewhere.
I just figured that this might be of some interest given that Wesnoth is also on there. I don't know enough about such things to give comment. The article's title is SourceForge grabs GIMP for Windows’ account, wraps installer in bundle-pushing adware.
I just figured that this might be of some interest given that Wesnoth is also on there. I don't know enough about such things to give comment. The article's title is SourceForge grabs GIMP for Windows’ account, wraps installer in bundle-pushing adware.
Last edited by Pentarctagon on May 28th, 2015, 6:55 pm, edited 1 time in total.
Reason: Updated url to point to the article and not the comments
Reason: Updated url to point to the article and not the comments
Re: Sourceforge article
Rather than summarize, the dev discussion of this (from yesterday) is at the bottom of this log and top of the next:
http://www.wesnoth.org/irclogs/2015/05/ ... -05-27.log
http://www.wesnoth.org/irclogs/2015/05/ ... -05-28.log
http://www.wesnoth.org/irclogs/2015/05/ ... -05-27.log
http://www.wesnoth.org/irclogs/2015/05/ ... -05-28.log
Re: Sourceforge article
A. This explains some of the crap I've been getting on the computers.
B. It's nice to know the Devs are concerned.
C. Seems like my best short-terms solution is just to have good malware/adware removal software and "clean and disinfect" after downloads. While that's not ideal, I remind myself that BfW is a really high-quality product that we're getting for free, thanks to a lot of people's hard work. Thank you, all.
B. It's nice to know the Devs are concerned.
C. Seems like my best short-terms solution is just to have good malware/adware removal software and "clean and disinfect" after downloads. While that's not ideal, I remind myself that BfW is a really high-quality product that we're getting for free, thanks to a lot of people's hard work. Thank you, all.
Re: Sourceforge article
AFAIK SourceForge downloads have been bundled with adware only when (a) the account owner has opted-in to allowing this, or (b) the account has been considered "abandoned" and taken over by SourceForge (in which case the original owner is locked out of the account), and neither of these is the case for the Wesnoth SourceForge account.stegyre wrote:A. This explains some of the crap I've been getting on the computers.
B. It's nice to know the Devs are concerned.
C. Seems like my best short-terms solution is just to have good malware/adware removal software and "clean and disinfect" after downloads. While that's not ideal, I remind myself that BfW is a really high-quality product that we're getting for free, thanks to a lot of people's hard work. Thank you, all.
Personally I have been using the Windows installers from SourceForge for years up to and including the most recent 1.12.5 and 1.13.2 versions, and I have never observed any adware or other malicious infections.
- Pentarctagon
- Project Manager
- Posts: 5564
- Joined: March 22nd, 2009, 10:50 pm
- Location: Earth (occasionally)
Re: Sourceforge article
Part of the problem, besides bundling adware with anything for any reason, is that the original owners of "abandoned" accounts weren't notified by Sourceforge that it was happening.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
take one down, patch it around
-2,147,483,648 little bugs in the code
Re: Sourceforge article
Yes, that's true. Note that if it ever does happen in the future that SourceForge starts tampering with the downloads, it will be possible to detect this by checking the SHA256 checksum on the https://wiki.wesnoth.org/Download page.Pentarctagon wrote:Part of the problem, besides bundling adware with anything for any reason, is that the original owners of "abandoned" accounts weren't notified by Sourceforge that it was happening.
- Pentarctagon
- Project Manager
- Posts: 5564
- Joined: March 22nd, 2009, 10:50 pm
- Location: Earth (occasionally)
Re: Sourceforge article
A bit of an update on this: Sourceforge was sold to someone else, and they're trying to clean up the place. Apparently this actually happened all the way back in February, though I just heard about it today.
99 little bugs in the code, 99 little bugs
take one down, patch it around
-2,147,483,648 little bugs in the code
take one down, patch it around
-2,147,483,648 little bugs in the code