This is mostly for my friends who prefer GIMP to photoshop but it applies to an awful lot of things so feel free to pass it on.
SourceForge, a popular repository for open-source projects, has had the option for developers to allow extra add-ons (read: toolbars, bloatware) to be inserted into their installers, but many opted out of this because the financial benefit was entirely SourceForge’s and just made their own software look sketchy. However, SourceForge is now forcing all accounts to include their add-on installers and hijacking accounts to do it, and some users are reporting the presence of malware in some. There is no way for a project to remove itself from SourceForge, and its high Google results direct users there instead of a project’s official page– the vast majority of projects on SourceForge are now on GitHub or Google Code instead.
The story from GIMP’s official website:
Some of you might remember that in November 2013, we abandoned SourceForge (SF) as the primary download site for the GIMP installers for Windows platforms and moved the files to our own download server,download.gimp.org
The tons of links on the web pointing to the former site made keeping the installers there as well a necessity, though, and since SF claimed that our outrage over their “installer with benefits” was based on a misunderstanding, this seemed to be a low-risk approach.
However we are receiving reports that people who get there by chance receive small installers that include additional software. And it’s no clicks on those ‘big green download arrow’ ads this time, we’ve tried ourselves. SF has not responded to our inquiry yet, and we found that the maintainer of the GIMP for Windows installers is locked out of that SF project now.
Please go to our own downloads page to get the GIMP for Windows installers.
and as always, never ever ever use “express installations” or leave unnecessary checkboxes checked when installing any software onto your computer from any source.
If you maintain a project on SourceForge, it’s time to move to GitHub or your own hosting and spread the word to your users. VLC founder JDK has also invited any open source project in need of help with the SourceForge situation and with finding new hosting to contact him.
It looks like this has been addressed (although GitHub is still a better idea).
Kimchi and Justice 