SourceForge drifting

The Savannah NG doc actually embodies a few things I've been keen to see for a while, including distributed hosting and more data held in a neutral format (XML in this case). While I've been on the coopx list since I became aware of it, I'm not aware of any of the developments described in the SNG doc - did someone move the coopx list without telling those of us who are discussing this there?

One thing where I think the SNG doc is wrong is in the continued use of PHP. Moving from that to something more featureful is important to ensure better system cohesion and to raise the barrier to entry just enough to keep the bad programmers out. I know that last bit isn't a politically correct point, but I still believe it. Sorry.

I've been running my own free cvs project hosting services for about three years (mostly geared towards PalmOS related open source projects, but any project is welcome). I've been sick of Sourceforge usurping my projects and the projects of others. I've heard hundreds of complaints, and have experienced them first-hand. I've put projects there, and asked them to delete/remove them (because they've intionally crippled basic features of cvs in the name of "security"), and they have said that I no longer own the project once it is on their server, but they would gladly mark it as "unmaintained" if I decide to move it offsite. This was in response to relocating an existing (and still active) open source project off their site. "Unmaintained" to me means orphaned project, not one which is still being actively maintained on non-Sourceforge facilities.

The other thing which drove me to creating SourceFubar is that 30% of Sourceforge's listed projects are empty, with no files, and have been for months now. People seem to put projects there in the hopes that the project will just write itself. The open source community is not some compendium of free development talent to suck off of. I think people who have project ideas need to clearly understand that and use a proper process for getting their ideas and projects into the places where people can contribute to them.

Yes, I don't have a huge server farm, yes, I don't have 100 people working for me, but my system is much more secure, and the freedom to whatever you want as project admin exists, within the given set of tools exposed for developer use. They aren't crippled because of a lack of security experience in the implementors. It's also growing because of contributions, not corporate need. I exceed where they fail.

FWIW.

That's all I can say, it's just scary. But I'll say more anyway...
I have to admit, when sourceforge came about I got all excited. I placed a couple projects there and loved the tools. Ever since VA started becoming ... well... we'll say shady, I've started to turn away from using sourceforge.
Everything to date has supported my idea and I wanted to take this time to publicly thank the crew @ tigris for hosting my XiteCode project.
I looked at Savannah but without the major parts of the SF codebase in place it's kinda useless to me. I look forward to Savannah's changes and hope for the best.

Just a note that you can also get Loic's article in French and German from its place at the FSFE. Other translations (Spanish/Portugese/Italian) are planned.

David, as you may know, I've a great deal of respect for some of your opinions (mostly them not involving a certain scripting language), but why haven't I seen you involved in coopx? Do the world another favour and contribute your considerable wisdom to it...

I can rationalize away most of SourceForge's transgressions. Aladdin built a business around time-delayed dual-licensing with the GPL, and the FSF gave their approval. The current state of SourceForge Open Edition is not that dissimilar. Running a free-software web site that uses proprietary capability might be hypocritical if you had foresworn all proprietary software, but VA Linux never did that as far as I know. They are not the FSF. Can we approve of time-delayed dual licensing and not allow businesses to advertise the result? If not we must also boycott Aladdin and all its software and related programmers and I have to stop using this website right now... :-)

But I didn't. What I think pmcgovern should tell us, rather quickly, is how one goes about exporting tracker data from SourceForge. Give it to us in SQL today, and we can proceed with a more natural evolution of open-source hosting services, letting each party find the home that suits them best over time.

For me the most valuable aspect about sourceforge was not the development tools, but the fact that there was one site I could hit to find open source projects that provided some capability I needed. Sometimes I needed it with a specific license, or in a specific language. If Open Source development hosting begins to fragment, I would like that some effort be put into some sort of distributed index framework be implemented so users and developers have an easier time of locating projects.

For me the most valuable aspect about sourceforge was not the development tools, but the fact that there was one site I could hit to find open source projects that provided some capability I needed. Sometimes I needed it with a specific license, or in a specific language. If Open Source development hosting begins to fragment, I would like that some effort be put into some sort of distributed index framework be implemented so users and developers have an easier time of locating projects.

My name is Patrick McGovern and I manage SourceForge.net. I wanted to take a moment to address the issues that Loic raised in his recent article.

As a background: SourceForge.net is a website within the Open Source Developers Network (OSDN), owned by VA Linux Systems. SourceForge.net provides free hosting for Open Source software development projects via its web site at http://sourceforge.net and http://sf.net

SourceForge.net, OSDN and VA Linux systems are committed to the Open Source community. Two years ago (almost to the day) SourceForge.net was started to provide a way for Open Source developers to collaborate with each other and make great software. This mission has not changed. Today VA spends a tremendous amount of money and resources to provide excellent service to 30,000 projects.

Loic brings up a number of points that are simply not accurate.

* SourceForge (not SourceForge.net) is a collaborative software development platform. The SourceForge software originated as the foundation of the SourceForge.net service, and is now the basis of a number of products offered by VA Linux Systems. SourceForge Enterprise Edition is the commercial product released by VA Linux Systems last week. SourceForge is a software platform.

* SourceForge.net is a service provided freely to Open Source software development projects. SourceForge.net is not running the SourceForge Enterprise Edition software. SourceForge.net is a web site, which provides a service to the Open Source community.

* SourceForge.net provides free hosting for Open Source Software development projects. SourceForge.net is not now, or nor has it ever been, exclusive to free software -- we accept hosting requests from projects licensed under any OSI-approved Open Source License, and projects whose licenses have not been directly approved, but comply with the OSI Open Source Definition.

* Data Export: The ability to export data from SourceForge.net has not changed. There is no conspiracy to 'lock projects in' to SourceForge.net. Every project has the ability to download a nightly tarball of their CVS code. If people have any concerns about their code, we recommend they set up a cron job to download the latest version. Eight months ago we did have a XML API that allowed project admins to download bug report data. The API broke earlier in the year when we enhanced the SF.NET code (version 2.5) to include the tracker (a tool that unifies all 'ticket-related' systems). Until recently, we didn't receive a lot of interest from the community to re-introduce the feature... so we have been focusing on other aspects of the site. We are now re-examining the issue. In the mean time, there are third-party programs which will collect the content directly from the site and extract that data.

* Mailing Lists: One area we concentrating on, which Loic alludes to, is mailing list archives. This, historically, has been one of the weakest areas of SourceForge.net. We are currently working on a new solution, which directly integrates the mailing lists with SourceForge.net, as opposed to Geocrawler. We have just entered the initial beta phase for this project. It is still being worked on, but you can see it here in action: http://sourceforge.net/forum/?group_id=27464 (look at the last four forums). We are essentially using the SourceForge Forum code; the same code base that has been available to the community for some time.

--

Developers are choosing SourceForge.net because of the excellent resources and service we give the community. The site is currently growing at over 60 new projects and 700 developers a day. We just added new personnel and purchased 70 new servers to make sure we retain our excellent quality of service. We have added new download servers to make sure the community can get Source code as fast as possible. We have been adding additional hardware to the compile farm. (OS X systems were added last month).

Finally, SourceForge.net is a free service. It's a service I believe greatly enhances the Open Source Developer's ability to write and release great software; and have it seen by a lot of people. If you feel that SourceForge.net is not for you, that is okay too. There are alternatives out there, and it's better to host your code where you think you will be the most productive.

If you have any questions or concerns, please feel free to write me: pat at sourceforge.net

Thank you,

Pat-

Patrick McGovern
email: Pat at SourceForge.net
Director, SourceForge.net

I'm not going to disagree with the wisdom of caution in the face of sourceforge.net's probable demise, 'cause, quite frankly I believe sf.net is doomed -- it's just a matter of the date. The thing that irks me is that I don't see the sourceforge software as being worth a damn, yet everyone seems to presume that replacements for sourceforge should use a back-end derived from the sourceforge code (c.f., the admirable savannah project, e.g.).

Some of the things I find deplorable about the sourceforge software:

• The look. 'nuff said?
• File releases. Why should it take so many steps to make a new tarball available with a new version number? Why the free-for-all incoming nonsense (rhetorical. I know why but it's not what I consider a good solution to the problem)?
• Workflow. The only part of the system that even has something approaching workflow is the file release system; everything else is just grafted onto the side of the system like it's a space station.
• Bug tracking. Yes, bugzilla has its quirky deficiencies, but why spend so much effort on writing yet another bug tracker and create one with so little power?
• Issue/Feature/Bug split. A well-written system would handle issue tracking, bug tracking, and feature requests under one well-integrated component.
• List management. This is truly grafted onto the side of the system -- no integration. I happen to love mailman, but geocrawler is (IMHO) the worst mailing list archive on the planet. While I know this is a sourceforge.net-ism the temptation to duplicate it is certainly there.
• Forums vs. Mailing lists. If mailing lists were well-integrated there'd be no need for separate forums (IMO). As is, project maintainers have to track both areas to stay responsive.
• Compile farms. I'm gonna go out on a limb here and say that any project large enough to need a system to test compilation on either has a developer with such a system or has a user with such a system who is willing to do test compiles on a regular basis.

Besides a *.sourceforge.net-hosted address I personally have never seen any advantage to using sourceforge's software over taking the effort to do some 1-time scripting to manage an installation of Apache, CVS+CVSWeb, Bugzilla, mailman+hypermail+mnogosearch. If sourceforge's benefit is supposed to be integration or high usability, it failed.

In case someone starts tallying them I'm casting a vote against using the sourceforge code for new hosting projects.

So Hacker noted two things that should be corrected. First with regards to the empty project problem: We don't delete projects. Period. The point of SF was that people could find old code. So even if every project left tomorrow, we'd still have a record. If you want to have that kind of control, do not write open source software. If we want to find a way to remove projects with no code or activity, ever, then maybe we'll do that later, but right now we have other things to work on. But if you have a project with one line of code under an open source license, we won't delete that project. To insist we do so is to show an ignorance of how open source software works. (not that hacker feels that way, he might, but a lot of people don't understand open source software and that needs to be said)

Second, he noted that his site sourcefubar is more secure. Good for him, but for how long? Lack of exposure should not be confused with security. I have a very secure machine that is unplugged in a locked closet.

But the most important thing he said, and the one thing I want people to read closely (and agree to) is the fact that there -are- competing projects. Go use them if you don't like how VA runs things. Yes, the tracker export thing could be done in a way more convienient for people leaving SF, but you can get cvs, mail and the rest so I can't see how this is a major problem, and dont' tell me that we are locking people in somehow. It's free software! You can go anytime you like.

And to answer some of the points of the Savanah project leader, Loic, I'll pass it off to Pat McGovern, who will be posting here and on /. on the inaccuracies of Loics post, but I'll leave you with this: Do you really think that the FSF is going to support licences other than the GPL?

Chris DiBona
OSDN

I'm sensing two camps in the anti SF.net group

The first camp is the gung-ho FSF group, who are somehow complaining about SourceForge Enterprise edition even though it's not what drives SF.net, and about how VA is plotting behind everyone's back to keep Free software locked up. Note that only the original author is truly in this camp. This camp talks about there beeing Freener pastures over at Savannah. From Patric McGovern's replies, I hope that those listening to this camp realize that these accusations are unfounded.

The second camp is the "I don't like SourceForge because of its look/feel/security/bugtracking/forums/mailinglists/moorman/precision/etc/etc." This camp is riding off of the first group's complaints, and are promoting every Joe and his mother host their own full-service development setup. If these people think they can provide the excellent quality of service that is scalang like SF.net, then, well, go try it out. Most of us are extremely pleased with the QoS that SF.net gives us.

As a Free Software and Open Source advocate, I have not yet seen any legitimate accusations of SF.net, just FUD.

(1) Even though I don't currently offer hosting for outside projects (I am hosting a number of my own projects many of which are coming out under open source licenses) I'm actually becoming inclined to do exactly as you say and build out a public version of what I and others use away from sf.net. None of us (even the FSF) will probably be able to provide the bandwidth and server resources of sf.net, and I don't think many of us have delusions about that fact. We could well provide better software -- and I'm saying we should definitely try.
and
(2) since I'm in your second camp I should mention that, while I am happy that the FSF is taking hosting of Free projects in a different direction, I don't subscribe to the reasoning you attribute to your first camp. This is mostly because I find myself subscribing more to the BSD definition of Free than the FSF definition of Free. My advocating non-sourceforge (the product) versions of sourceforge (the service) is purely a technical plea, spurred by repeated revelations that sourceforge (the service) is not widely seen to have a rock-solid future.

Simply, I'm someone who thinks sf.net's software is poor (and, as you imply, that may be more a matter of taste than objectivity), and their business model and SEC filings point to a worse than even chance of them existing next year. I call that legitimate criticism, and I'm willing to act on it by building out my own hosting (basically, for myself and those nearby who need a box to park on) and open source tools and not praying that sf.net stays alive.

Although, really, I hope sf.net stays alive.

This is an extract from an Assignment of Copyright which I signed in 1997, for code which I had contributed to GNUStep :

ASSIGNMENT OF COPYRIGHT IN REVISIONS OF GNUstep

For $1 and other good and valuable consideration received from Free Software Foundation, a not-for-profit corporation of the state of Massachusetts, hereinafter "FSF", the undersigned "Developer" does hereby agree as follows:

1.(a) Developer hereby agrees to assign and does hereby assign to FSF Developer's copyright in changes and/or enhancements to the suite of programs and libraries called "GNUstep" (herein called the Program). [...]

(b) The assignment of par. 1(a) above applies to all past and future works (emphasis mine) of Developer that constitute changes and enhancements to the Program.

(d) FSF agrees to grant back to Developer, and does hereby grant, non-exclusive, royalty-free and non-cancellable rights to use the Works (i.e., Developer's changes and/or enhancements, not the Program that they enhance), as Developer sees fit; this grant back does not limit FSF's rights and public rights acquired through this agreement.

(e) FSF has all the rights of a copyright owner in the assigned copyrights, subject to the license grantback to developer stated above, including the right to enforce the copyright in aid of the free software purposes of this agreement, and the right to use, license and distribute the works, or works based on the works, with the program enhanced thereby or as stand-alone modules, all as made or acquired by developer or in modified form. FSF may charge a fee of its choosing for the service of distribution.

Some folks were nice enough to certify me after my recent diary writing on this subject so I'll reproduce it here:

Firstly. I agree that many people have justified fears about SF's ability to keep up the level of service and about how SF will act given no small amount of pressure to stay alive. People do stupid things under pressure.

That said I fear that trying to make a new SF, or in this case of a distrubited SF, is a silly effort. SF is a larger than life tool for developers, but one that I honestly think, is like eating forbiddin fruit. It will haunt you to have something so wonderful & then have it taken away. It is so large that it's demands on funds are draining & face it there is no self-maintaining revenue. As hard as VA 'whatever' tries to keep it alive it will have to succumb to the financial pressure it exerts.

A distributed SF has the same effect. It drains resources. On a small scale, but still...? To a small guy, hosting it will have smaller financial impact, but aren't those truely just the same? Someone has to maintain it all! Otherwise it will die very quickly.

A valient effort! Yes. But I think it is futile to try to build another in its image (or better image in this case).

I do not criticize without having a helping suggestion either. I do think that efforts should begin to strip down the level of service that are a bare minimum to keeping projects highly effective.! Are these basic tools not available to individual developers? I think they are. Developer efforts should again rise from the ashes of the developer's level! This is surely more sustainable than a hundred distributed machines with a hundred distributed admins with multiplied problems! Yikes!

Also, will Savannah allow you or allow you to continue to develop your non-free, but opensource programs on the platform? I don't know either. But I suspect that many would or should have the same concerns with that project.

I do wonder if people will not start offering specialized services for a fee. People _do_ offer to do so to SF. I have personally seen the offers over some of the SF forums. One such service could be CVS? Another might offer mailing lists. etc. The point is that the individual developers/projects must maintain that point of control over their projects by NOT being dependant on another service. Savannah or otherwise. The world is governed by certain 'laws' and one is that in a financially based economy where services cost money to provide, equally the service will have financial demands on those who use it. So, there will always be a cost. Upfront (service provider), or backend (SF closing, exerting financial pressure like 'ads' or closing certain services, or creating propriety add-ons. Savannah is not immune. So neither are projects who use them. Keep control by using development tools of your own & distribute your project's info

Regarding deletion of projects, I don't mind that SourceForge.net would like to keep the code "alive" for others to look at and use, but what I do object to, as project maintainer for several projects, is the confusion this presents to users looking to use or contribute to the project in some way.

I used to get several dozen emails a day from people going to SourceForge.net and downloading older alpha code for some of my earlier projects, and reporting non-existant bugs and other issues related to that alphpa codebase, when in fact, newer more functional code exists on the main project site (not on SourceForge.net). This can be alleviated by clearly indicating that the project is either dead (if truly dead and "unmaintained"), or that its development is continuing on another offsite location. I've done my best in HTML hacks to alleviate that with one of the SourceForge.net projects that remains there, pilot-link.sourceforge.net and http://sf.net/projects/pilot-link, but others may not be doing this.

People go to SourceForge.net because it has "brand recognition", but it adds to the confusion from a user's perspective. It also makes my job as a project maintainer much harder because I have to deal with non-existant or closed bug reports, and losing people who think the project is stale, when in fact its development is continuing on a different site.

There are other fundamental issues with aggregation of this many projects (as we've seen before when SourceForge.net has been down for periods of time, taking all projects offline with them), but those are better discussed elsewhere. I fully support the model which SourceForge brought to the community, but I, like others, disagreed with the implementation.

This is what makes the open source community great; we have that choice.

ftobin: I want interoperability. I have said this in multiple places over the last few months. I don't care that sf is the biggest site, but I think the way it is abusing its current dominance is depressing and you have to think "what goes around, comes around". They seem to be destroying a lot of VA's goodwill reserves lately, with the "non-free sourceforge" and some attempted landgrabs. This worries me, as a failed VA would be very very sad to see. Basically, I'm upset by the VA people's conduct. Make me a third group if you like.

pmcgovern: YYSW. Where's the interoperability work?

chrisd: Why attack the people posting valid comments, like loic and hacker, rather than addressing the points they raise, regardless of their affiliation. Your use of FUD is shameful and many of the original points are unanswered.

The sourceforge monoculture is distressing. I don't have a desire to use one tool for every job, rather than the best available tool for each job. If I want to have cvs at sf, website elsewhere, mailing list somewhere else, and releases announced to many sites, sf doesn't really help me to do that.

To be clear, it is the full project contents of the tracker database I would like to backup for my projects, which is more than the display of summary statistics that was previously supported. Bug-lists are very valuable for sizeable software projects, because they point to problems that might only be stumbled on once in a blue moon, and are difficult to independently discover.

Can anyone provide links to the 3rd-party software for downloading/mirroring tracker data? Is is some sort of HTML scraper?

Chris DiBona

David's site may well be secure, as you or I have no grounds to suggest otherwise at present, while sf definitely has had an "interesting" stance on a couple of security issues. For Loic, you try to portray him as part of some FSF/GPL conspiracy and hidden agenda. Why do this if you have nothing personally against them, or is that just your style? If so, I find it reprehensible and I'm amazed that VA have a second person willing to use that tactic.

FWIW, I'd suspect FSF would be happy with any DFSG-compliant licences, but you can't expect them to promote the others. It's not exactly a hidden agenda and SF can't really expect warm words from them after the double whammy of abandoning free software and adopting non-free.

everybody: Some people are not expressing themseles very clearly, and that is adding to the confusion. We all feel very strongly about our free software infrastructure, but we also all feel much the same way about it.

Before you push "Post", let your posting sit for a couple of hours, and then re-read it again. Re-write it so it makes sense to somebody besides yourself, and says what you meant to say and not what you accidentally said.

Don't invent excuses for conflict. Help make things better, if you can. Finger-pointing doesn't help make things better. Providing factual information makes things better. Doing useful things makes things better. Letting your confusion and anger subside without spewing it all over Advogato makes things (believe it or not!) better.

There are no bad guys here.

There is one remark of his I find somewhat unsettling, though:

But if you have a project [hosted on SourceForge.net] with one line of code under an open source license, we won't delete that project. To insist we do so is to show an ignorance of how open source software works.

Call me naïeve, but I always thought open source software worked by a spirit of cooperation, a sense that we're all working towards a common goal. If SourceForge responds to copyright holder's requests with a nose-thumbing "We don't have to Nyah-nyah! So there!", I have a very different opinion than the one Chris expresses regarding who does or doesn't understand "how open source sofware works".

One thing that loic mentioned, which I'd hoped pmcgovern would address, is regarding the status of the SourceForge project itself.

Specifically, the current development code (CVS treet) for the SourceForge project, is no longer available. And it hasn't been available for quite some time now. In fact, it appears (according to this) that the SourceForge project, alexandria, no longer even makes the year old 2.5 release available. Instead it's been moved to a new project, alexandria-dev. . . which currently contains the ancient 2.5 release, and absolutely nothing else (None of the open or pending bugs, patches, or feature requests that currently exist for the SourceForge code have been moved. . . and no CVS is available). Aditionally, most (if not all) of the forums for the original SourceForge alexandria project are failing to display anything, despite the categories claiming to have numerous.

The status of the SourceForge software seemed like a fairly valid question from loic. He also asked why he was being asked to give up any and all rights he has to any code he's written for the SourceForge project, while SourceForge gives the impression that they no longer intend to make the SourceForge project available (with the exception of the old 2.5 release).

Personally, I'm very curious as to what the answer is. Why exactly should someone sign away all rights to their code without any guarantee (or show of good faith) that the code they contribute will be made available to the community?

I love SourceForge.net. I think it's a great service, and I'm really happy that VA is providing it. However, I've been considering for a while now trying to set up my own little "internal" SourceForge and I've heard some horror stories about how difficult it is to get installed and running. I've also heard that a great many of the problems involved with installation and running have been solved. . . but aren't available to the public. For example, It's been mentioned in numerous places that SourceForge currently makes use of PostgreSQL as it's databse backend. However, most of the documention and setup stuff for alexandria 2.5 is MySQL centric. As someone who greatly prefers PostgreSQL, it'd be nice to be able to run it with PostgreSQL.

I can't speak for loic or anyone else, but do think that if I were in his position, asked to sign away code I'd written for the community, without being given the expectation that it would be released back to the community, I'd balk. Additionally, with the SourceForge development code unavailable, I find myself much less interested in the site itself, sourceforge.net. I loved the fact that the site was built on open source software, and that the software was available so that I could build my own internal development center. Now I find myself seeking alternatives.

SourceForge.net is not now, or nor has it ever been, exclusive to free software -- we accept ... projects licensed under ... licenses ... [that] comply with the OSI Open Source Definition.

Which is a little odd, given the fact that the OSI Open Source Definition is directly based on The Debian Free Software Guidelines.

Either he's confused about what Free Software is all about, or he's attempting to marginalise the FSF by spreading disinformation about their views on Free Software.

If the former is the case, I find it rather worrying that he could be confused about this sort of issue.

If the later is true, it would tend to confirm Loic's concerns about VA's motives.

Either way, this is not good.

Anyway, my actual practical response is quite cold-blooded. I want VA to either play nice with other hosting providers, web site publishers and the developers, or be obsoleted. I am trying to support coopx to make that a reality. I suggest that everyone else who has some time and is concerned by the current situation comes and joins the mailing list. With enough hands, it should be simple to help develop the XML schemata required, and develop the applications to work with it for practical hosting solutions with best-of-breed free software.

There are certainly projects on sourceforge that would be found in the non-free section of Debian.

The difference that is being pointed out in Free Software vs. Open Source is the difference between the fsf-approved licenses and the OSI-approved licenses. It's a different list. I think it's a bit irrational to say that VA is part of some anti-FSF conspiracy simply because they differentiate Open Source and Free Software...

I see some fairly harsh accusations of FUD flying around... I don't think they're particularly fair. VA Software is a publically listed company. This means that they have to clearly intend to make a profit. Not break-even, not lose money... Make a profit. It's what corporations are designed and required (by law, as well as by simple matters such as having enough money to continue to stay alive) to do.

Sf.net (and larger, the OSDN in general) doesn't make a profit. Noway, nohow. It's a cash sink, not a cash source. So, from the corporate perspective... Why do it? Well, that's the key question, and one that's been answered already. VA Software intend (I'm not going to comment on the likelihood of success or failure of this plan) to sell sourceforge solutions to companies as a development methodology. This isn't new news... and no doubt it's why the code for sf.net hasn't been released for some time.

After all, if you release the latest version, then what incentive is there for anybody to pay you for it? There isn't.

Now, before people go off yelling "but but but"... The point is, sf.net exists. It's owned by a company, and provided by that company as a service to the community... and that company wouldn't (and shouldn't) do so if it didn't expect to reap some eventual tangible reward for doing so.

As a service *in and of itself*, sf.net pretty much rocks. And VA Software is pretty clearly committed to keeping it going. This is good. People should feel free to use it, the way that people should feel free to play with free toys handed out at a company marketing stand.

But, if the company doesn't have its revenue exceed its expenditure, then expenditures will be cut. The users of sf.net have no way to tell what VA Software's real priorities are... there is no insight into the board of directors. So... there are several factors.

It's possible that VA's revenues will suddenly shoot through the roof... at which point, hey, sf.net won't be a problem. It's possible also that VA's revenues will continue to fall, their cash reserves will fall... And at some point, cost-cutting triage will come into play. As it has already... sf.net was above the line this time, and in fact seems to be in the "middle" category of triage (1. healthy enough to live without help; 2. need active help to live; 3. will die anyway).

Where sf.net stands on a current expenditures triage list, I don't know... and neither does anybody, except maybe VA Software's board of directors, and possibly even they haven't decided yet, and won't decide until their cash reserves fall below a certain point.

Also, at the point when a decision to triage is made, it will be made by the board of directors, and come down from on high, and be implemented very very fast. Companies can turn on a dime like that, that's what they're generally designed to do. Small companies especially (and make no mistake, VA is a small company with no entrenched heavy bureaucracy) can turn on a dime with zero warning.

Everybody knows this. The VA reps telling us "we're committed to it"... They aren't lying. Right now, they are committed to it. Selling sf.net is their current main idea for making money, AFAICT. Dropping their hardware division and slashing staff numbers elsewhere says that pretty clearly.

What happens if that strategy doesn't pan out? Well, that's a different question. And, like chrisd said... if you don't like it, go elsewhere.

And, by all the gods, keep backups, especially of mailing list memberships and source code trees, so you can reconstruct elsewhere if things change.

I think people are missing the most chilling point of the article. I admit this escaped me the first time I read it, too:

But when I read the details of their copyright assignment, I saw major problems. I was asked to assign copyright of my work that "is, or may in the future be, utilized in the SourceForge collaborative software development platform".

They are asking to take any code this guy has ever written, free or otherwise, and include it in a proprietary product that they will sell for profit, with no compensation to him and no benefit to the free software movement. They aren't being at all forthcoming about the scope of what they are asking, hence the appropriate epithet "underhanded". If it slipped by all of us, it could slip by someone signing the document as well. In fact, I think Stephenson's Mistake is coming into play here:

Most people, on listening to a string of nonsense, will tend to doubt their own sanity before they realize that the person who is jabbering at them is really the one with the damaged brain.
--Neal Stephenson, The Big U

If this really means what it appears to mean, it calls into serious question the good faith of VA.

as far as I can tell, he didn't post the full contract, so how do you know what "the work" refers to?

it's pretty clear that the FUD in this thread isn't coming from the sourceforge people...

Can you post the whole text of the original copyright assignation form that VA sent you? I realize there may be legal impediments to doing so, but, if there are not, please post it. It would certainly restore some of my faith in SourceForge we could determine that they were only trying to appropriate and make proprietary the code you contributed to SourceForge, as opposed to all the code you ever wrote.

Please reread the final sentence before the copyright assignment is quoted: I quote it here in its entirety.

What surprised me was that most people also seem to have missed that this posting was not the first step we took, it was the last option we had after trying to talk to SourceForge.net for quite a while; I believe our first discussions started when the announcement was made that SourceForge would now be based on proprietary software. Sending Loic the copyright assigment was their final step.

I wonder: how many people realized that PMcgovern actually did not answer or contradict any of the important points Loic raised?

Sure. I read that. I also read the sentence before that: Finally I was sent the version of the copyright assignment produced by the legal department.

Since the text he quoted earlier (and that Qbert was referring to) isn't in the "final" version, he sure implies that there was an earlier version, where "the work" is supposedly defined as "all software you will ever create".

It's also interesting that the "final" version "quoted here in its entirety" says "the software code defined below", but doesn't include the definition.

FUD it is.

I'm sensing two camps in the anti SF.net group

The first camp is the gung-ho FSF group, who are somehow complaining about SourceForge Enterprise edition even though it's not what drives SF.net, ...

Question: If SF.net is not running the Enteprise edition, what is it running? This implies that it is running the Free version of SF available for download. I don't believe this is the case.

The second camp is the "I don't like SourceForge because of its look/feel/security/bugtracking/forums/mailinglists/moorman/precision/etc /etc." This camp is riding off of the first group's complaints, and are promoting every Joe and his mother host their own full-service development setup...

The quality of SF is seperate issue.

You missed the group that I'm in; the "what happens if SF disappears group". Another variant of this is "what happens if SF changes into something I don't like".

This is not a problem, _provided_ you can get everything in your project off and onto something different. A project is more than just its code, it is all the mailing-list archives, tracker entries, forum discussions, etc. All of this is live stuff, that is really only useful when viewed/manipulated by the application that created it; SourceForge. Even if I could get all this data off sf.net, it would only be useful if I could install my own SourceForge to use it. Sort of like an MSWord document needs MSWord...

This is the _real_ reseason to have sf.net using a Free SourceForge. It is also a damn good reason to have a distributable/mirrorable implementation, as it would allow easy rapid migration of projects from one SourceForge server to another.

As a Free Software and Open Source advocate, I have not yet seen any legitimate accusations of SF.net, just FUD.

Although I've been mildly re-assured by the SF staff responces, I still believe that it's a legitimate concern. Until I can migrate my entire project off SF.net into my own SourceForge, I'll continue to be concerned.