GIMP flees SourceForge over dodgy ads and installer

Devs tired of all the junk downloads, and no we DON'T mean the free software


The Gnu Image Manipulation Program, a popular and free Photoshop alternative that glories in the name “The GIMP”, has decided it can no longer permit itself to be downloaded from SourceForge.

The application's developers announced their decision here, arguing that SourceForge provides a user experience it can no longer support.

“In the past few months, we have received some complaints about the site where the GIMP installers for the Microsoft Windows platforms are hosted,” the developers write.

“SourceForge, once a useful and trustworthy place to develop and host FLOSS applications, has faced a problem with the ads they allow on their sites - the green 'Download here' buttons that appear on many, many adds leading to all kinds of unwanted utilities have been spotted there as well.”

A quick visit to SourceForge sustains the claim. Vulture South dropped in to download the useful FileZilla FTP tool and found the ad below.

That ad won't fool hardened and cynical Reg readers who if they chose to follow the link to the site offering the chance to “READ NOW YOUR FAVORITE BOOKS, MAGAZINES & COMICS FOR FREE” would back away quickly. Less experienced surfers? We shudder to think.

A scary-looking ad on SourceForge

A free, full version? Sign me up!

The ads weren't The GIMP devs' only beef, as they were willing to tolerate them until SourceForge's new Windows installer came along. As the devs note, that tool “... bundles third-party offers with Free Software packages. We do not want to support this kind of behavior, and have thus decided to abandon SourceForge.”

The outfit now hosts its own mirrors, with downloads available here. ®

Similar topics


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading

Biting the hand that feeds IT © 1998–2022