Dear SourceForge and FileZilla;

Some of my earliest open source projects were on SourceForge. I pulled down code to learn how to do my job, submitted code back to various projects that helped me, and collected most of my development suite from the site as well. In its time, SourceForge was a fantastic example of how to do things right in the open source community.

It's come to my attention, however, that the site no longer reflects an open source mission.[ref]The most damning sign is that SourceForge's newest initiative even claims to focus on open source. It's billed in their release article as "giving developers a better way to monetize their projects in a transparent, honest and sustainable way." There is nothing transparent or honest about this tool or the way it presents information to end users.[/ref]

One of the most important parts of my development toolkit is FileZilla, the open source and cross-platform FTP tool. I've used it religiously for years, on both Mac and PC, and highly recommend it to others. Today, however, those recommendations stop.

In addition to advertising, SourceForge now bundles much of the otherwise free software it provides with a wrapped installer. This installer is meant to ease the installation process for non-technical users, but it's causing far more harm than good.

During the installation, the packaged installer presents several additional (unnecessary) applications for download and installation as well. The screens presenting these applications are displayed between FileZilla's licensing and setup panels, with the options "Accept" or "Decline" - eerily similar to the exact same buttons end users click to accept the product license and proceed with the installation.

I know my non-technical friends are often taken by malware installers, clicking "OK" by mistake to install something they don't want. I, on the other hand, am a fairly seasoned software developer and even I accidentally clicked "Accept" the first time before realizing the acceptance screen was acceptance to install a completely separate application I never asked for.

I love open source for its transparency. The SourceForge bundled installer is anything but transparent - its only purpose is to trick end users into installing (potentially malicious) software while setting up the application they actually want.

One of the applications this tool attempted to install was a known scareware tool.[ref]Ironically it was seeing the name of this application, which I just recently removed from a friend's computer, that indicated to me something was wrong with the installation.[/ref]

I cannot in good conscience - and will not - continue using or contributing to SourceForge-affiliated tools.

From this point forward, I will not:

  • Use any software - open source or otherwise - that hosts installers or source on SourceForge (including FileZilla)
  • Contribute any code to a project that hosts any part of its code or application on SourceForge

I am asking everyone who hosts code or compiled binaries on SourceForge, to take a stand with me and the rest of the open source community and migrate their projects to another provider. I am even willing to help, just send me an email.

I am asking everyone who uses a project hosted on SourceForge (like FileZilla), to take a stand and stop using that product today. It will be painful, but unless we take a stance for open source, it will continue to be corrupted by nefarious corporate influences and used for dishonest gain.

I am encouraging members of the SourceForge team, to re-evaluate your stance and attitude towards promoting open source. There is nothing honest about how you are doing business today. You are not only hurting your business, you're doing irreparable damage to the open source community to which you purport to belong.

I am encouraging everyone in the open source community to send this - or similar - letters to projects hosted on SourceForge to alert them of the issue. Together we can take a stand for open source and transparency.