Can SourceForge win developers’ trust back?

SourceForge is under new ownership and management (again!), and their plan is to return the service to its former glory.

SourceForge

The past

Once the preferred source code repository and distribution platform for free and open source software (FOSS) projects, SourceForge has been blacklisted by many of its former users due to deceptive ads that looked like download buttons and questionable revenue generation schemes.

The death blow that enraged and alienated many developers came in June 2015, when it was discovered that SourceForge staff started taking over inactive accounts for popular software and adding bundle-ware installers to the packages.

A month later, the (then) site’s owners – online job site Dice.com – announced their plan to sell SourceForge and the news website Slashdot. In January 2016, the two sites were sold to web publisher BIZX.

The present

The new SourceForge owners started cleaning up the site up almost at once.

“The main reason developers left in the first place was because decisions were made at SourceForge before we owned it that eroded trust among developers and end users. When developers would tell end users to go download from our site, they’d sometimes end up clicking on an ad instead of the download button, or getting adware from downloading an installer,” Logan Abbott, one of the BIZX owners and the president of the SourceForge Media subsidiary, told help Net Security.

“We removed the DevShare adware bundling immediately, moved the site to https, and we built and rolled out a feature where we partnered with Bitdefender to scan every project for malware.”

The scan revealed that the vast majority of projects were clean, and those that were not have mostly been cleaned up by developers since then.

“On the very few on the site that still contain malware, we display a large prominent red badge next to the download button, and if someone clicks the download button, they will be prompted again that there is malware. The download won’t start until they bypass this prompt,” Abbot explained.

SourceForge malware detected

Any new project that gets uploaded will get scanned, and any time a new file is uploaded to an existing project, it will get scanned again.

“We also eliminated deceptive ads so that developers can be comfortable in pointing end users to our site to download their software without fear of them getting malware,” he pointed out. They did so by blacklisting the deceptive ads that sneak in via programmatic ad exchanges.

The future

Abbott recently did a Q&A on Reddit about the changes they made on the site. The first reaction of most of those who commented was that they didn’t know that SourceForge was under new management, so the company definitely has to work on making this fact more widely known.

Aside from that, Abbott believes that their efforts to build users’ trust back will be successful, as many developers said they were willing to give SourceForge another chance.

“We still host over 500,000 projects and see over 1 million unique visitors per day, so SourceForge is still an excellent distribution channel. GitHub and others are also great, but SourceForge is probably the simplest and most straightforward destination for end users to download free software that is ready to go,” he explained.

“We did get a lot of feedback and suggestions such as integrating with GitHub or other repositories in some manner (we have a GitHub importer), and we also got suggestions for things we already have that developers had not realized (like git and pull requests).”

The plan is to improve and modernize all the tools that developers request of them, and improving the user experience significantly.

“Beyond that, I don’t see us competing directly head to head with GitHub. SourceForge has an advantage in that it caters to both very technical developers as well as the most non-technical end user, whereas GitHub does not cater in terms of distribution to a non-technical end user. The bottom line is we want to be another legitimate option for developers and end users to come and host with or download software from,” he added.

When it comes to monetizing the site, the plan is to do so via non-intrusive display ads. “We also have ‘Solution Centers’ under the main navingation where people can compare services such as VoIP or cloud storage. If they’re not interested, they simply do not have to check those sections out, but if they are, then we provide some good information,” Abbott notes.

He stresses that they are completely different company with an entirely different ethos than their predecessors, and they are absolutely committed to operating a trustworthy destination for open source software hosting and distribution.

“We very much realize the ill will that many harbored towards SourceForge, but we are doing everything we can to build trust back up. There are projects such as FileZilla that are clean on SourceForge now due to steps we’ve taken, whereas if you were to download from the official FileZilla site, you’d still get a bundled adware installer. On SourceForge FileZilla is completely clean.”

What about Slashdot?

The company is also working on Slashdot but, as Abbott himself pointed out, the news site is “another beast entirely.”

“Most of the core users are resistant to any radical changes and we are respecting that,” he says. “We already addressed a lot of the gripes that regular visitors had. We’re exploring ways to improve Slashdot, but haven’t settled on anything specific yet.”

The site’s popularity waned in the last few years. That’s partly because there are more news aggregators and discussions sites than when Slashdot was started but, to be fair, the site’s comments section is also part of the problem. The lack of appropriate moderation has resulted in reduced discussion quality.