Today I read about how SourceForge is hijacking nmap downloads through their old SourceForge account…
— Denis Roy (@droy_eclipse) June 3, 2015
This is just plain naughty behavior in open source land… SourceForge has previously done this with the GIMP project and inserted adware into the download. They even created a response page based on the criticism from that incident stating that:
This is a 100% opt-in program for the developer, and we want to reassure you that we will NEVER bundle offers with any project without the developers consent.
Outside of this just being dubious behavior, this looks to be a lie based on what the nmap developers have stated. Also, what is concerning is that who knows what other open source projects SourceForge is trying to do this for.
This should be a lesson and even a wake up call to open source projects who use external services like SourceForge… there’s inherent risk if the tide of the business you depend on changes.
Furthermore, this is another reason hosting your project at a quality open source foundation can be beneficial as they generally won’t do these type of shenanigans as they protect your projects best interests. These open source foundations can also help you secure a trademark for your project which can help fight against these types of issues.
UPDATE: A response from SourceForge
Analysis of nmap project and data http://t.co/kkFoaCXW16
— sourceforge (@sourceforge) June 5, 2015