SourceForge drifting

Posted 11 Nov 2001 at 23:36 UTC by loic Share This

Over the past few months the SourceForge development facility, which hosts a large number of Free Software projects, has changed its policies. Features for exporting a project from SourceForge have been removed. The implementation used to be exclusively Free Software but is now based on non-free software. Finally, VA Linux has become rather underhand in their attempts to grasp exclusive control of contributors' work. SourceForge did a lot of good for the Free Software community, but it's now time to break free.

Locking users in a non-free software world

SourceForge brought to Free Software a unified and standard development methodology based on modern tools. Before SourceForge, such tools (bug tracking, cvs, web, support, forums, polls, news, etc.) were available individually, but few developers used many of them together, because they had to set up the combined facilities on their own. SourceForge made the combination conveniently available for both new and experienced developers.

Because of the convenience of SourceForge, many Free Software developers have come to take this collection of features for granted, and would be reluctant to go back to the old way of doing things. Unfortunately, this means that when SourceForge itself takes a turn for the worse, it tends to pull Free Software developers down with it.

The second important thing SourceForge did was to provide this environment based exclusively on Free Software. By doing this, SourceForge not only provided a powerful methodology for the Free Software community, it also demonstrated what Free Software could do, and promoted the use of Free Software. And since the special software for SourceForge was itself free, anyone could set up a similar site. The SourceForge software became permanently available to developers everywhere. Developers in (say) India who can't afford the bandwidth to use the SourceForge site could have the benefit of the same features on their own server.

In August 2001, VA Linux reversed those policies and introduced non-free software on the SourceForge server. In announcing this, Larry Augustin (VA Linux CEO) claims that SourceForge.net users will "see virtually no changes". That may be true if they narrow their vision and consider only what job the site does and how to operate it. But when we consider the implications, things are very different now. Instead of a showcase for Free Software, SourceForge is now a demo site for non-free software. There is a danger that the many thousands of people registered on SourceForge will become increasingly hooked on the SourceForge site and on features implemented by proprietary software.

As a Free Software developer, you are still free to use the SourceForge server, but you won't have the freedom to copy, modify, study and distribute the software it runs; you won't be free to set up a similar site yourself, or adapt it to your own needs. The last published release of the SourceForge software is one year old.

The move to non-free software was the culmination of a series of steps designed to lock users in. There never was a way to fully extract projects from SourceForge, but efforts were made in this direction--then this year they were removed. At present the only things you can get are the CVS tree and tracker data /export/sf_tracker_export.php. Few people are aware of the later because it is undocumented. The export page explains how to use scripts that don't exist anymore; implementation of facilities to ease project extraction was stopped. The developer community is exclusively made of VA Linux employees and a few people who are asked not to disclose the current code.

The mailing lists archives, a major service of SourceForge recently became unmaintained. Will it be replaced by a non-free software based solution ?

Contributors' work appropriation

Here is what happened to me shortly before the announcement that SourceForge would use and develop non-free software. Because I'm listed as a contributor (in the sources and documentation) to the SourceForge software, I received a request from VA Linux to assign copyright to them. I was not surprised or unhappy with this; many Free Software projects ask contributors to assign copyright of their changes to the main author. Assigning copyright to a single holder is a strategy for defending the GNU GPL more effectively, and I would have been happy to cooperate in that regard.

But when I read the details of their copyright assignment, I saw major problems. I was asked to assign copyright of my work that "is, or may in the future be, utilized in the SourceForge collaborative software development platform". The assignment was not limited to my contribution to the SourceForge code, it potentially covered all my past and future work if it was of some interest to SourceForge.

I was also expecting a promise that my work would be released under the GNU GPL, but the assignment said nothing about Free Software. VA Linux would be allowed to release the software I wrote under a non-free software license and not let the community have it at all. But I wasn't sure at the time if this was a real concern, because VA Linux only produced and used Free Software. Two weeks later they decided to introduce non-free software on SourceForge and that cast a different light on the question.

VA Linux told me that they only sent the assignment to two people, in the hope to refine it. We started a long discussion that lasted two months. I assumed this discussion was to make the copyright assignment more palatable to the Free Software community, so I worked hard to give constructive feedback. Finally I was sent the version of the copyright assignment produced by the legal department. I quote it here in its entirety:

SourceForge Copyright Assignment

Thank you for your interest in contributing software code to SourceForge.

In order for us to include the code in our product, we will need you to provide us with the rights to the code.

By signing this agreement, you, the undersigned, hereby assign to VA Linux all right, title and interest in and to the software code described below, and all copyright, patent, proprietary information, trade secret, and other intellectual property rights therein. You also agree to take all actions and sign all documents (such as copyright assignments or registrations) reasonably requested by VA Linux to evidence and record the above assignments.

This was even more of a power grab than the first draft. "You give us total control; we promise nothing". At this point, I knew that the attempts to clarify the copyright assignment were a waste of time; VA Linux clearly wasn't collecting copyright assignments in order to enforce the GNU GPL.

Escape entrapment

It's time for people who value freedom to escape from SourceForge. It has become a tar pit from which escape will become increasingly difficult. Development hosting platforms based completely on Free Software flourish all over the world. You can create your own, join an existing one or help write the underlying software. Some months ago I helped to launch Savannah for the GNU project because I felt the need of a collaboratively run platform. With friends and co-developpers we are now re-writing and packaging distributed development hosting software. The idea is to be able to install and operate a SourceForge-like site within hours. Savannah will run this software at the end of this year. At first it may have less functionality than SourceForge, but it has a bright future because it is rooted in a cooperative effort of people sharing Free Software.

SourceForge is free as in free beer because it was designed this way. It was a very expensive and ephemeral gift to the Free Software community. We could resent VA Linux for such a poisoned gift. On the contrary I think we should thank them. They brought us methodology, and taught us that a development hosting facility must be built in a distributed and collaborative way, not by a single company controlling everything from top to bottom. Of course that means everyone needs to spend a little time developing and maintaining these hosting facilities. We've finished our beer, it's time to win our freedom.

[1] VA Linux is the owner of the SourceForge domain name, provides and owns the hardware, pays for the bandwidth, hire people maintaining SourceForge. VA Linux is also the owner of most OSDN sites, the largest concentration of Free Software related resources in the hands of a single company.


Nice document, posted 12 Nov 2001 at 01:59 UTC by slef » (Master)

The Savannah NG doc actually embodies a few things I've been keen to see for a while, including distributed hosting and more data held in a neutral format (XML in this case). While I've been on the coopx list since I became aware of it, I'm not aware of any of the developments described in the SNG doc - did someone move the coopx list without telling those of us who are discussing this there?

One thing where I think the SNG doc is wrong is in the continued use of PHP. Moving from that to something more featureful is important to ensure better system cohesion and to raise the barrier to entry just enough to keep the bad programmers out. I know that last bit isn't a politically correct point, but I still believe it. Sorry.

You don't have to use Sourceforge, there are dozens of alternatives.., posted 12 Nov 2001 at 02:33 UTC by hacker » (Master)

I've been running my own free cvs project hosting services for about three years (mostly geared towards PalmOS related open source projects, but any project is welcome). I've been sick of Sourceforge usurping my projects and the projects of others. I've heard hundreds of complaints, and have experienced them first-hand. I've put projects there, and asked them to delete/remove them (because they've intionally crippled basic features of cvs in the name of "security"), and they have said that I no longer own the project once it is on their server, but they would gladly mark it as "unmaintained" if I decide to move it offsite. This was in response to relocating an existing (and still active) open source project off their site. "Unmaintained" to me means orphaned project, not one which is still being actively maintained on non-Sourceforge facilities.

The other thing which drove me to creating SourceFubar is that 30% of Sourceforge's listed projects are empty, with no files, and have been for months now. People seem to put projects there in the hopes that the project will just write itself. The open source community is not some compendium of free development talent to suck off of. I think people who have project ideas need to clearly understand that and use a proper process for getting their ideas and projects into the places where people can contribute to them.

Yes, I don't have a huge server farm, yes, I don't have 100 people working for me, but my system is much more secure, and the freedom to whatever you want as project admin exists, within the given set of tools exposed for developer use. They aren't crippled because of a lack of security experience in the implementors. It's also growing because of contributions, not corporate need. I exceed where they fail.

FWIW.

Just Scary..., posted 12 Nov 2001 at 08:30 UTC by asleep » (Journeyer)

That's all I can say, it's just scary. But I'll say more anyway...
I have to admit, when sourceforge came about I got all excited. I placed a couple projects there and loved the tools. Ever since VA started becoming ... well... we'll say shady, I've started to turn away from using sourceforge.
Everything to date has supported my idea and I wanted to take this time to publicly thank the crew @ tigris for hosting my XiteCode project.
I looked at Savannah but without the major parts of the SF codebase in place it's kinda useless to me. I look forward to Savannah's changes and hope for the best.

Translations available (German, French), posted 12 Nov 2001 at 14:04 UTC by ber » (Master)

Just a note that you can also get Loic's article in French and German from its place at the FSFE. Other translations (Spanish/Portugese/Italian) are planned.

Sourcefubar... where are you at coopx?, posted 12 Nov 2001 at 15:57 UTC by slef » (Master)

David, as you may know, I've a great deal of respect for some of your opinions (mostly them not involving a certain scripting language), but why haven't I seen you involved in coopx? Do the world another favour and contribute your considerable wisdom to it...

export of tracker data must work, posted 12 Nov 2001 at 18:00 UTC by sej » (Master)

I can rationalize away most of SourceForge's transgressions. Aladdin built a business around time-delayed dual-licensing with the GPL, and the FSF gave their approval. The current state of SourceForge Open Edition is not that dissimilar. Running a free-software web site that uses proprietary capability might be hypocritical if you had foresworn all proprietary software, but VA Linux never did that as far as I know. They are not the FSF. Can we approve of time-delayed dual licensing and not allow businesses to advertise the result? If not we must also boycott Aladdin and all its software and related programmers and I have to stop using this website right now... :-)

But I didn't. What I think pmcgovern should tell us, rather quickly, is how one goes about exporting tracker data from SourceForge. Give it to us in SQL today, and we can proceed with a more natural evolution of open-source hosting services, letting each party find the home that suits them best over time.

What was valuable to me, posted 12 Nov 2001 at 18:51 UTC by aero6dof » (Journeyer)

For me the most valuable aspect about sourceforge was not the development tools, but the fact that there was one site I could hit to find open source projects that provided some capability I needed. Sometimes I needed it with a specific license, or in a specific language. If Open Source development hosting begins to fragment, I would like that some effort be put into some sort of distributed index framework be implemented so users and developers have an easier time of locating projects.

What was valuable to me, posted 12 Nov 2001 at 18:51 UTC by aero6dof » (Journeyer)

For me the most valuable aspect about sourceforge was not the development tools, but the fact that there was one site I could hit to find open source projects that provided some capability I needed. Sometimes I needed it with a specific license, or in a specific language. If Open Source development hosting begins to fragment, I would like that some effort be put into some sort of distributed index framework be implemented so users and developers have an easier time of locating projects.

Isn't that freshmeat not sourceforge?, posted 12 Nov 2001 at 19:16 UTC by slef » (Master)

aero6dof, aren't you thinking of freshmeat not sourceforge? I'd like to see the information about open source projects recommoditised, though, and I hope that holding it in a common XML format would make it easier to submit it to multiple places.

From the Site Director of SourceForge.net, posted 12 Nov 2001 at 20:10 UTC by pmcgovern » (Master)

My name is Patrick McGovern and I manage SourceForge.net. I wanted to take a moment to address the issues that Loic raised in his recent article.

As a background: SourceForge.net is a website within the Open Source Developers Network (OSDN), owned by VA Linux Systems. SourceForge.net provides free hosting for Open Source software development projects via its web site at http://sourceforge.net and http://sf.net

SourceForge.net, OSDN and VA Linux systems are committed to the Open Source community. Two years ago (almost to the day) SourceForge.net was started to provide a way for Open Source developers to collaborate with each other and make great software. This mission has not changed. Today VA spends a tremendous amount of money and resources to provide excellent service to 30,000 projects.

Loic brings up a number of points that are simply not accurate.

* SourceForge (not SourceForge.net) is a collaborative software development platform. The SourceForge software originated as the foundation of the SourceForge.net service, and is now the basis of a number of products offered by VA Linux Systems. SourceForge Enterprise Edition is the commercial product released by VA Linux Systems last week. SourceForge is a software platform.

* SourceForge.net is a service provided freely to Open Source software development projects. SourceForge.net is not running the SourceForge Enterprise Edition software. SourceForge.net is a web site, which provides a service to the Open Source community.

* SourceForge.net provides free hosting for Open Source Software development projects. SourceForge.net is not now, or nor has it ever been, exclusive to free software -- we accept hosting requests from projects licensed under any OSI-approved Open Source License, and projects whose licenses have not been directly approved, but comply with the OSI Open Source Definition.

* Data Export: The ability to export data from SourceForge.net has not changed. There is no conspiracy to 'lock projects in' to SourceForge.net. Every project has the ability to download a nightly tarball of their CVS code. If people have any concerns about their code, we recommend they set up a cron job to download the latest version. Eight months ago we did have a XML API that allowed project admins to download bug report data. The API broke earlier in the year when we enhanced the SF.NET code (version 2.5) to include the tracker (a tool that unifies all 'ticket-related' systems). Until recently, we didn't receive a lot of interest from the community to re-introduce the feature... so we have been focusing on other aspects of the site. We are now re-examining the issue. In the mean time, there are third-party programs which will collect the content directly from the site and extract that data.

* Mailing Lists: One area we concentrating on, which Loic alludes to, is mailing list archives. This, historically, has been one of the weakest areas of SourceForge.net. We are currently working on a new solution, which directly integrates the mailing lists with SourceForge.net, as opposed to Geocrawler. We have just entered the initial beta phase for this project. It is still being worked on, but you can see it here in action: http://sourceforge.net/forum/?group_id=27464 (look at the last four forums). We are essentially using the SourceForge Forum code; the same code base that has been available to the community for some time.

--

Developers are choosing SourceForge.net because of the excellent resources and service we give the community. The site is currently growing at over 60 new projects and 700 developers a day. We just added new personnel and purchased 70 new servers to make sure we retain our excellent quality of service. We have added new download servers to make sure the community can get Source code as fast as possible. We have been adding additional hardware to the compile farm. (OS X systems were added last month).

Finally, SourceForge.net is a free service. It's a service I believe greatly enhances the Open Source Developer's ability to write and release great software; and have it seen by a lot of people. If you feel that SourceForge.net is not for you, that is okay too. There are alternatives out there, and it's better to host your code where you think you will be the most productive.

If you have any questions or concerns, please feel free to write me: pat at sourceforge.net

Thank you,

Pat-

Patrick McGovern
email: Pat at SourceForge.net
Director, SourceForge.net

Must it be sourceforge?, posted 12 Nov 2001 at 20:12 UTC by roundeye » (Journeyer)

I'm not going to disagree with the wisdom of caution in the face of sourceforge.net's probable demise, 'cause, quite frankly I believe sf.net is doomed -- it's just a matter of the date. The thing that irks me is that I don't see the sourceforge software as being worth a damn, yet everyone seems to presume that replacements for sourceforge should use a back-end derived from the sourceforge code (c.f., the admirable savannah project, e.g.).

Some of the things I find deplorable about the sourceforge software:

  • The look. 'nuff said?
  • File releases. Why should it take so many steps to make a new tarball available with a new version number? Why the free-for-all incoming nonsense (rhetorical. I know why but it's not what I consider a good solution to the problem)?
  • Workflow. The only part of the system that even has something approaching workflow is the file release system; everything else is just grafted onto the side of the system like it's a space station.
  • Bug tracking. Yes, bugzilla has its quirky deficiencies, but why spend so much effort on writing yet another bug tracker and create one with so little power?
  • Issue/Feature/Bug split. A well-written system would handle issue tracking, bug tracking, and feature requests under one well-integrated component.
  • List management. This is truly grafted onto the side of the system -- no integration. I happen to love mailman, but geocrawler is (IMHO) the worst mailing list archive on the planet. While I know this is a sourceforge.net-ism the temptation to duplicate it is certainly there.
  • Forums vs. Mailing lists. If mailing lists were well-integrated there'd be no need for separate forums (IMO). As is, project maintainers have to track both areas to stay responsive.
  • Compile farms. I'm gonna go out on a limb here and say that any project large enough to need a system to test compilation on either has a developer with such a system or has a user with such a system who is willing to do test compiles on a regular basis.

Besides a *.sourceforge.net-hosted address I personally have never seen any advantage to using sourceforge's software over taking the effort to do some 1-time scripting to manage an installation of Apache, CVS+CVSWeb, Bugzilla, mailman+hypermail+mnogosearch. If sourceforge's benefit is supposed to be integration or high usability, it failed.

In case someone starts tallying them I'm casting a vote against using the sourceforge code for new hosting projects.

Some misconceptions..., posted 12 Nov 2001 at 20:30 UTC by chrisd » (Master)

So Hacker noted two things that should be corrected. First with regards to the empty project problem: We don't delete projects. Period. The point of SF was that people could find old code. So even if every project left tomorrow, we'd still have a record. If you want to have that kind of control, do not write open source software. If we want to find a way to remove projects with no code or activity, ever, then maybe we'll do that later, but right now we have other things to work on. But if you have a project with one line of code under an open source license, we won't delete that project. To insist we do so is to show an ignorance of how open source software works. (not that hacker feels that way, he might, but a lot of people don't understand open source software and that needs to be said)

Second, he noted that his site sourcefubar is more secure. Good for him, but for how long? Lack of exposure should not be confused with security. I have a very secure machine that is unplugged in a locked closet.

But the most important thing he said, and the one thing I want people to read closely (and agree to) is the fact that there -are- competing projects. Go use them if you don't like how VA runs things. Yes, the tracker export thing could be done in a way more convienient for people leaving SF, but you can get cvs, mail and the rest so I can't see how this is a major problem, and dont' tell me that we are locking people in somehow. It's free software! You can go anytime you like.

And to answer some of the points of the Savanah project leader, Loic, I'll pass it off to Pat McGovern, who will be posting here and on /. on the inaccuracies of Loics post, but I'll leave you with this: Do you really think that the FSF is going to support licences other than the GPL?

Chris DiBona
OSDN

Two camps going after SF.net, posted 12 Nov 2001 at 21:04 UTC by ftobin » (Journeyer)

I'm sensing two camps in the anti SF.net group

The first camp is the gung-ho FSF group, who are somehow complaining about SourceForge Enterprise edition even though it's not what drives SF.net, and about how VA is plotting behind everyone's back to keep Free software locked up. Note that only the original author is truly in this camp. This camp talks about there beeing Freener pastures over at Savannah. From Patric McGovern's replies, I hope that those listening to this camp realize that these accusations are unfounded.

The second camp is the "I don't like SourceForge because of its look/feel/security/bugtracking/forums/mailinglists/moorman/precision/etc/etc." This camp is riding off of the first group's complaints, and are promoting every Joe and his mother host their own full-service development setup. If these people think they can provide the excellent quality of service that is scalang like SF.net, then, well, go try it out. Most of us are extremely pleased with the QoS that SF.net gives us.

As a Free Software and Open Source advocate, I have not yet seen any legitimate accusations of SF.net, just FUD.

FUD?, posted 12 Nov 2001 at 21:45 UTC by roundeye » (Journeyer)

ftobin, as a Free Software and Open Source advocate criticizing sf.net on their technical (and, by implication, business merits) and therefore in your "second camp":

(1) Even though I don't currently offer hosting for outside projects (I am hosting a number of my own projects many of which are coming out under open source licenses) I'm actually becoming inclined to do exactly as you say and build out a public version of what I and others use away from sf.net. None of us (even the FSF) will probably be able to provide the bandwidth and server resources of sf.net, and I don't think many of us have delusions about that fact. We could well provide better software -- and I'm saying we should definitely try.
and
(2) since I'm in your second camp I should mention that, while I am happy that the FSF is taking hosting of Free projects in a different direction, I don't subscribe to the reasoning you attribute to your first camp. This is mostly because I find myself subscribing more to the BSD definition of Free than the FSF definition of Free. My advocating non-sourceforge (the product) versions of sourceforge (the service) is purely a technical plea, spurred by repeated revelations that sourceforge (the service) is not widely seen to have a rock-solid future.

Simply, I'm someone who thinks sf.net's software is poor (and, as you imply, that may be more a matter of taste than objectivity), and their business model and SEC filings point to a worse than even chance of them existing next year. I call that legitimate criticism, and I'm willing to act on it by building out my own hosting (basically, for myself and those nearby who need a box to park on) and open source tools and not praying that sf.net stays alive.

Although, really, I hope sf.net stays alive.

Re: Isn't that freshmeat, posted 12 Nov 2001 at 22:31 UTC by aero6dof » (Journeyer)

Slef, I could see how you might think that, but for me, SF's search functions were a little better than freshmeat (until FM's recent update). Both of the search functions are still a little slow and feature sparse for my purposes.

That copyright assignment is standard, posted 12 Nov 2001 at 22:39 UTC by Guillaume » (Master)

This is an extract from an Assignment of Copyright which I signed in 1997, for code which I had contributed to GNUStep :

ASSIGNMENT OF COPYRIGHT IN REVISIONS OF GNUstep

For $1 and other good and valuable consideration received from Free Software Foundation, a not-for-profit corporation of the state of Massachusetts, hereinafter "FSF", the undersigned "Developer" does hereby agree as follows:

1.(a) Developer hereby agrees to assign and does hereby assign to FSF Developer's copyright in changes and/or enhancements to the suite of programs and libraries called "GNUstep" (herein called the Program). [...]

(b) The assignment of par. 1(a) above applies to all past and future works (emphasis mine) of Developer that constitute changes and enhancements to the Program.

(d) FSF agrees to grant back to Developer, and does hereby grant, non-exclusive, royalty-free and non-cancellable rights to use the Works (i.e., Developer's changes and/or enhancements, not the Program that they enhance), as Developer sees fit; this grant back does not limit FSF's rights and public rights acquired through this agreement.

(e) FSF has all the rights of a copyright owner in the assigned copyrights, subject to the license grantback to developer stated above, including the right to enforce the copyright in aid of the free software purposes of this agreement, and the right to use, license and distribute the works, or works based on the works, with the program enhanced thereby or as stand-alone modules, all as made or acquired by developer or in modified form. FSF may charge a fee of its choosing for the service of distribution.

On SF & Savannah, posted 12 Nov 2001 at 22:48 UTC by SteveMallett » (Journeyer)

Some folks were nice enough to certify me after my recent diary writing on this subject so I'll reproduce it here:

Firstly. I agree that many people have justified fears about SF's ability to keep up the level of service and about how SF will act given no small amount of pressure to stay alive. People do stupid things under pressure.

That said I fear that trying to make a new SF, or in this case of a distrubited SF, is a silly effort. SF is a larger than life tool for developers, but one that I honestly think, is like eating forbiddin fruit. It will haunt you to have something so wonderful & then have it taken away. It is so large that it's demands on funds are draining & face it there is no self-maintaining revenue. As hard as VA 'whatever' tries to keep it alive it will have to succumb to the financial pressure it exerts.

A distributed SF has the same effect. It drains resources. On a small scale, but still...? To a small guy, hosting it will have smaller financial impact, but aren't those truely just the same? Someone has to maintain it all! Otherwise it will die very quickly.

A valient effort! Yes. But I think it is futile to try to build another in its image (or better image in this case).

I do not criticize without having a helping suggestion either. I do think that efforts should begin to strip down the level of service that are a bare minimum to keeping projects highly effective.! Are these basic tools not available to individual developers? I think they are. Developer efforts should again rise from the ashes of the developer's level! This is surely more sustainable than a hundred distributed machines with a hundred distributed admins with multiplied problems! Yikes!

Also, will Savannah allow you or allow you to continue to develop your non-free, but opensource programs on the platform? I don't know either. But I suspect that many would or should have the same concerns with that project.

I do wonder if people will not start offering specialized services for a fee. People _do_ offer to do so to SF. I have personally seen the offers over some of the SF forums. One such service could be CVS? Another might offer mailing lists. etc. The point is that the individual developers/projects must maintain that point of control over their projects by NOT being dependant on another service. Savannah or otherwise. The world is governed by certain 'laws' and one is that in a financially based economy where services cost money to provide, equally the service will have financial demands on those who use it. So, there will always be a cost. Upfront (service provider), or backend (SF closing, exerting financial pressure like 'ads' or closing certain services, or creating propriety add-ons. Savannah is not immune. So neither are projects who use them. Keep control by using development tools of your own & distribute your project's info

...regarding the deletion of SourceForge.net projects, posted 12 Nov 2001 at 22:58 UTC by hacker » (Master)

chrisd, I have no problem with SourceForge.net as a service, it was a great start, and brought some awareness to the actual process (and pain) open source developers go through to handle things like managing mailing lists, bugs, and source code control.

Regarding deletion of projects, I don't mind that SourceForge.net would like to keep the code "alive" for others to look at and use, but what I do object to, as project maintainer for several projects, is the confusion this presents to users looking to use or contribute to the project in some way.

I used to get several dozen emails a day from people going to SourceForge.net and downloading older alpha code for some of my earlier projects, and reporting non-existant bugs and other issues related to that alphpa codebase, when in fact, newer more functional code exists on the main project site (not on SourceForge.net). This can be alleviated by clearly indicating that the project is either dead (if truly dead and "unmaintained"), or that its development is continuing on another offsite location. I've done my best in HTML hacks to alleviate that with one of the SourceForge.net projects that remains there, pilot-link.sourceforge.net and http://sf.net/projects/pilot-link, but others may not be doing this.

People go to SourceForge.net because it has "brand recognition", but it adds to the confusion from a user's perspective. It also makes my job as a project maintainer much harder because I have to deal with non-existant or closed bug reports, and losing people who think the project is stale, when in fact its development is continuing on a different site.

There are other fundamental issues with aggregation of this many projects (as we've seen before when SourceForge.net has been down for periods of time, taking all projects offline with them), but those are better discussed elsewhere. I fully support the model which SourceForge brought to the community, but I, like others, disagreed with the implementation.

This is what makes the open source community great; we have that choice.

Interesting..., posted 12 Nov 2001 at 23:04 UTC by chrisd » (Master)

Hacker: That is actually not such a bad idea (the notice on the project page that the project may have more updated code at site x). I'll point this out to the developers. I agree that agregation ahs it's challenges though.

Re: Isn't that freshmeat // + more!, posted 13 Nov 2001 at 00:39 UTC by slef » (Master)

aero6dof: but sourceforge only catalogues the versions that were there of projects that were there. Although it's a lot less useful since the "lockdown", freshmeat at least catalogues projects hosted elsewhere. Searching sourceforge is like limiting your evaluations to products from one publisher, but then I guess some morons do that. ;-)

ftobin: I want interoperability. I have said this in multiple places over the last few months. I don't care that sf is the biggest site, but I think the way it is abusing its current dominance is depressing and you have to think "what goes around, comes around". They seem to be destroying a lot of VA's goodwill reserves lately, with the "non-free sourceforge" and some attempted landgrabs. This worries me, as a failed VA would be very very sad to see. Basically, I'm upset by the VA people's conduct. Make me a third group if you like.

pmcgovern: YYSW. Where's the interoperability work?

chrisd: Why attack the people posting valid comments, like loic and hacker, rather than addressing the points they raise, regardless of their affiliation. Your use of FUD is shameful and many of the original points are unanswered.

The sourceforge monoculture is distressing. I don't have a desire to use one tool for every job, rather than the best available tool for each job. If I want to have cvs at sf, website elsewhere, mailing list somewhere else, and releases announced to many sites, sf doesn't really help me to do that.

looking for third-party programs, posted 13 Nov 2001 at 00:42 UTC by sej » (Master)

pmcgovern sez: Eight months ago we did have a XML API that allowed project admins to download bug report data. The API broke earlier in the year when we enhanced the SF.NET code (version 2.5) to include the tracker (a tool that unifies all 'ticket-related' systems). Until recently, we didn't receive a lot of interest from the community to re-introduce the feature... so we have been focusing on other aspects of the site. We are now re-examining the issue. In the mean time, there are third-party programs which will collect the content directly from the site and extract that data.

To be clear, it is the full project contents of the tracker database I would like to backup for my projects, which is more than the display of summary statistics that was previously supported. Bug-lists are very valuable for sizeable software projects, because they point to problems that might only be stumbled on once in a blue moon, and are difficult to independently discover.

Can anyone provide links to the 3rd-party software for downloading/mirroring tracker data? Is is some sort of HTML scraper?

Response..., posted 13 Nov 2001 at 01:23 UTC by chrisd » (Master)

Slef: I did not attack them, I "attacked" what they said. Big difference. You are mistaking my disagreeing with them with me not likign them. I have nothing against hacker or loic. Or you! I did exactly address the points I felt I had the knowledge to address, so I guess I don't see the problem.

Chris DiBona

chrisd, Wild Target, posted 13 Nov 2001 at 01:58 UTC by slef » (Master)

ChrisD, you FUDded both of them, which I'm unsure as to how to take as anything other than a low-level personal attack. Surely if you had a justifiable disagreement with what they said, you'd actually present a counter-argument.

David's site may well be secure, as you or I have no grounds to suggest otherwise at present, while sf definitely has had an "interesting" stance on a couple of security issues. For Loic, you try to portray him as part of some FSF/GPL conspiracy and hidden agenda. Why do this if you have nothing personally against them, or is that just your style? If so, I find it reprehensible and I'm amazed that VA have a second person willing to use that tactic.

FWIW, I'd suspect FSF would be happy with any DFSG-compliant licences, but you can't expect them to promote the others. It's not exactly a hidden agenda and SF can't really expect warm words from them after the double whammy of abandoning free software and adopting non-free.

Cool it!, posted 13 Nov 2001 at 04:13 UTC by ncm » (Master)

slef: Cool it. You are imputing hostile motives where they don't exist. Relax, re-read, and think things over.

everybody: Some people are not expressing themseles very clearly, and that is adding to the confusion. We all feel very strongly about our free software infrastructure, but we also all feel much the same way about it.

Before you push "Post", let your posting sit for a couple of hours, and then re-read it again. Re-write it so it makes sense to somebody besides yourself, and says what you meant to say and not what you accidentally said.

Don't invent excuses for conflict. Help make things better, if you can. Finger-pointing doesn't help make things better. Providing factual information makes things better. Doing useful things makes things better. Letting your confusion and anger subside without spewing it all over Advogato makes things (believe it or not!) better.

There are no bad guys here.

"how open source software works", posted 13 Nov 2001 at 04:32 UTC by forrest » (Journeyer)

slef, I don't see anything remotely resembling a "low level personal attack" in what chrisd has said.

There is one remark of his I find somewhat unsettling, though:

But if you have a project [hosted on SourceForge.net] with one line of code under an open source license, we won't delete that project. To insist we do so is to show an ignorance of how open source software works.
That SourceFourge has no legal obligation to remove a project at the request of the copyright holder cannot be disputed. But is this "how open souce software works"?

Call me naïeve, but I always thought open source software worked by a spirit of cooperation, a sense that we're all working towards a common goal. If SourceForge responds to copyright holder's requests with a nose-thumbing "We don't have to Nyah-nyah! So there!", I have a very different opinion than the one Chris expresses regarding who does or doesn't understand "how open source sofware works".

Regarding the SourceForge code. . ., posted 13 Nov 2001 at 06:48 UTC by topher » (Master)

One thing that loic mentioned, which I'd hoped pmcgovern would address, is regarding the status of the SourceForge project itself.

Specifically, the current development code (CVS treet) for the SourceForge project, is no longer available. And it hasn't been available for quite some time now. In fact, it appears (according to this) that the SourceForge project, alexandria, no longer even makes the year old 2.5 release available. Instead it's been moved to a new project, alexandria-dev. . . which currently contains the ancient 2.5 release, and absolutely nothing else (None of the open or pending bugs, patches, or feature requests that currently exist for the SourceForge code have been moved. . . and no CVS is available). Aditionally, most (if not all) of the forums for the original SourceForge alexandria project are failing to display anything, despite the categories claiming to have numerous.

The status of the SourceForge software seemed like a fairly valid question from loic. He also asked why he was being asked to give up any and all rights he has to any code he's written for the SourceForge project, while SourceForge gives the impression that they no longer intend to make the SourceForge project available (with the exception of the old 2.5 release).

Personally, I'm very curious as to what the answer is. Why exactly should someone sign away all rights to their code without any guarantee (or show of good faith) that the code they contribute will be made available to the community?

I love SourceForge.net. I think it's a great service, and I'm really happy that VA is providing it. However, I've been considering for a while now trying to set up my own little "internal" SourceForge and I've heard some horror stories about how difficult it is to get installed and running. I've also heard that a great many of the problems involved with installation and running have been solved. . . but aren't available to the public. For example, It's been mentioned in numerous places that SourceForge currently makes use of PostgreSQL as it's databse backend. However, most of the documention and setup stuff for alexandria 2.5 is MySQL centric. As someone who greatly prefers PostgreSQL, it'd be nice to be able to run it with PostgreSQL.

I can't speak for loic or anyone else, but do think that if I were in his position, asked to sign away code I'd written for the community, without being given the expectation that it would be released back to the community, I'd balk. Additionally, with the SourceForge development code unavailable, I find myself much less interested in the site itself, sourceforge.net. I loved the fact that the site was built on open source software, and that the software was available so that I could build my own internal development center. Now I find myself seeking alternatives.

Open Source != Free Software ?, posted 13 Nov 2001 at 11:07 UTC by hands » (Master)

Patrick McGovern tries to differentiate Free Software from Open Source:

SourceForge.net is not now, or nor has it ever been, exclusive to free software -- we accept ... projects licensed under ... licenses ... [that] comply with the OSI Open Source Definition.

Which is a little odd, given the fact that the OSI Open Source Definition is directly based on The Debian Free Software Guidelines.

Either he's confused about what Free Software is all about, or he's attempting to marginalise the FSF by spreading disinformation about their views on Free Software.

If the former is the case, I find it rather worrying that he could be confused about this sort of issue.

If the later is true, it would tend to confirm Loic's concerns about VA's motives.

Either way, this is not good.

Re: Cool it!, posted 13 Nov 2001 at 11:40 UTC by slef » (Master)

ncm, forrest: sorry, but all this FUDding really gets me down. I've seen these sort of tactics from VA people before and it makes me really angry. hands even points to a VA FUD that I hadn't spotted, so maybe you can understand my sadness and frustration? I like VA. I have given my time freely to help on one of the OSDN sites in the past. I don't want to see them die, but I don't want to see them live and behave this badly.

Anyway, my actual practical response is quite cold-blooded. I want VA to either play nice with other hosting providers, web site publishers and the developers, or be obsoleted. I am trying to support coopx to make that a reality. I suggest that everyone else who has some time and is concerned by the current situation comes and joins the mailing list. With enough hands, it should be simple to help develop the XML schemata required, and develop the applications to work with it for practical hosting solutions with best-of-breed free software.

DFSG, OSD, posted 13 Nov 2001 at 12:48 UTC by dan » (Master)

hands: I spent a couple of hours looking at this a few months ago. Although the OSD and DFSG are functionally identical for the most part, the list of FSF-approved Free licenses is nevertheless actually not the same list as the OSI have. This seems to be a difference in interpretation where the FSF have just been a bit more careful than the OSI have: for example, iirc the Artistic License is Open Source but not Free. (Not that it makes a lot of difference in that case given that Perl is dual-licensed anyway)

There are certainly projects on sourceforge that would be found in the non-free section of Debian.

Free Software vs. Open Source, posted 13 Nov 2001 at 21:16 UTC by julian » (Master)

The difference that is being pointed out in Free Software vs. Open Source is the difference between the fsf-approved licenses and the OSI-approved licenses. It's a different list. I think it's a bit irrational to say that VA is part of some anti-FSF conspiracy simply because they differentiate Open Source and Free Software...

FUD or not FUD, posted 14 Nov 2001 at 00:15 UTC by thorfinn » (Journeyer)

I see some fairly harsh accusations of FUD flying around... I don't think they're particularly fair. VA Software is a publically listed company. This means that they have to clearly intend to make a profit. Not break-even, not lose money... Make a profit. It's what corporations are designed and required (by law, as well as by simple matters such as having enough money to continue to stay alive) to do.

Sf.net (and larger, the OSDN in general) doesn't make a profit. Noway, nohow. It's a cash sink, not a cash source. So, from the corporate perspective... Why do it? Well, that's the key question, and one that's been answered already. VA Software intend (I'm not going to comment on the likelihood of success or failure of this plan) to sell sourceforge solutions to companies as a development methodology. This isn't new news... and no doubt it's why the code for sf.net hasn't been released for some time.

After all, if you release the latest version, then what incentive is there for anybody to pay you for it? There isn't.

Now, before people go off yelling "but but but"... The point is, sf.net exists. It's owned by a company, and provided by that company as a service to the community... and that company wouldn't (and shouldn't) do so if it didn't expect to reap some eventual tangible reward for doing so.

As a service *in and of itself*, sf.net pretty much rocks. And VA Software is pretty clearly committed to keeping it going. This is good. People should feel free to use it, the way that people should feel free to play with free toys handed out at a company marketing stand.

But, if the company doesn't have its revenue exceed its expenditure, then expenditures will be cut. The users of sf.net have no way to tell what VA Software's real priorities are... there is no insight into the board of directors. So... there are several factors.

It's possible that VA's revenues will suddenly shoot through the roof... at which point, hey, sf.net won't be a problem. It's possible also that VA's revenues will continue to fall, their cash reserves will fall... And at some point, cost-cutting triage will come into play. As it has already... sf.net was above the line this time, and in fact seems to be in the "middle" category of triage (1. healthy enough to live without help; 2. need active help to live; 3. will die anyway).

Where sf.net stands on a current expenditures triage list, I don't know... and neither does anybody, except maybe VA Software's board of directors, and possibly even they haven't decided yet, and won't decide until their cash reserves fall below a certain point.

Also, at the point when a decision to triage is made, it will be made by the board of directors, and come down from on high, and be implemented very very fast. Companies can turn on a dime like that, that's what they're generally designed to do. Small companies especially (and make no mistake, VA is a small company with no entrenched heavy bureaucracy) can turn on a dime with zero warning.

Everybody knows this. The VA reps telling us "we're committed to it"... They aren't lying. Right now, they are committed to it. Selling sf.net is their current main idea for making money, AFAICT. Dropping their hardware division and slashing staff numbers elsewhere says that pretty clearly.

What happens if that strategy doesn't pan out? Well, that's a different question. And, like chrisd said... if you don't like it, go elsewhere.

And, by all the gods, keep backups, especially of mailing list memberships and source code trees, so you can reconstruct elsewhere if things change.

I think people are missing the worst of this., posted 14 Nov 2001 at 01:11 UTC by Qbert » (Journeyer)

I think people are missing the most chilling point of the article. I admit this escaped me the first time I read it, too:

But when I read the details of their copyright assignment, I saw major problems. I was asked to assign copyright of my work that "is, or may in the future be, utilized in the SourceForge collaborative software development platform".

They are asking to take any code this guy has ever written, free or otherwise, and include it in a proprietary product that they will sell for profit, with no compensation to him and no benefit to the free software movement. They aren't being at all forthcoming about the scope of what they are asking, hence the appropriate epithet "underhanded". If it slipped by all of us, it could slip by someone signing the document as well. In fact, I think Stephenson's Mistake is coming into play here:

Most people, on listening to a string of nonsense, will tend to doubt their own sanity before they realize that the person who is jabbering at them is really the one with the damaged brain.
--Neal Stephenson, The Big U

If this really means what it appears to mean, it calls into serious question the good faith of VA.

Re: I think people are missing the worst of this, posted 14 Nov 2001 at 08:07 UTC by effbot » (Master)

They are asking to take any code this guy has ever written, free or otherwise, and include it in a proprietary product that they will sell for profit, with no compensation to him and no benefit to the free software movement

as far as I can tell, he didn't post the full contract, so how do you know what "the work" refers to?

it's pretty clear that the FUD in this thread isn't coming from the sourceforge people...

loic, how about it?, posted 14 Nov 2001 at 09:24 UTC by Qbert » (Journeyer)

Can you post the whole text of the original copyright assignation form that VA sent you? I realize there may be legal impediments to doing so, but, if there are not, please post it. It would certainly restore some of my faith in SourceForge we could determine that they were only trying to appropriate and make proprietary the code you contributed to SourceForge, as opposed to all the code you ever wrote.

Things that hid well..., posted 14 Nov 2001 at 09:53 UTC by greve » (Master)

Please reread the final sentence before the copyright assignment is quoted: I quote it here in its entirety.

What surprised me was that most people also seem to have missed that this posting was not the first step we took, it was the last option we had after trying to talk to SourceForge.net for quite a while; I believe our first discussions started when the announcement was made that SourceForge would now be based on proprietary software. Sending Loic the copyright assigment was their final step.

I wonder: how many people realized that PMcgovern actually did not answer or contradict any of the important points Loic raised?

Re: things that hid well, posted 14 Nov 2001 at 13:12 UTC by effbot » (Master)

Sure. I read that. I also read the sentence before that: Finally I was sent the version of the copyright assignment produced by the legal department.

Since the text he quoted earlier (and that Qbert was referring to) isn't in the "final" version, he sure implies that there was an earlier version, where "the work" is supposedly defined as "all software you will ever create".

It's also interesting that the "final" version "quoted here in its entirety" says "the software code defined below", but doesn't include the definition.

FUD it is.

RE: Two camps going after SF.net, posted 16 Nov 2001 at 01:07 UTC by abo2 » (Apprentice)

ftobin:sez

I'm sensing two camps in the anti SF.net group

The first camp is the gung-ho FSF group, who are somehow complaining about SourceForge Enterprise edition even though it's not what drives SF.net, ...

Question: If SF.net is not running the Enteprise edition, what is it running? This implies that it is running the Free version of SF available for download. I don't believe this is the case.

The second camp is the "I don't like SourceForge because of its look/feel/security/bugtracking/forums/mailinglists/moorman/precision/etc /etc." This camp is riding off of the first group's complaints, and are promoting every Joe and his mother host their own full-service development setup...

The quality of SF is seperate issue.

You missed the group that I'm in; the "what happens if SF disappears group". Another variant of this is "what happens if SF changes into something I don't like".

This is not a problem, _provided_ you can get everything in your project off and onto something different. A project is more than just its code, it is all the mailing-list archives, tracker entries, forum discussions, etc. All of this is live stuff, that is really only useful when viewed/manipulated by the application that created it; SourceForge. Even if I could get all this data off sf.net, it would only be useful if I could install my own SourceForge to use it. Sort of like an MSWord document needs MSWord...

This is the _real_ reseason to have sf.net using a Free SourceForge. It is also a damn good reason to have a distributable/mirrorable implementation, as it would allow easy rapid migration of projects from one SourceForge server to another.

As a Free Software and Open Source advocate, I have not yet seen any legitimate accusations of SF.net, just FUD.

Although I've been mildly re-assured by the SF staff responces, I still believe that it's a legitimate concern. Until I can migrate my entire project off SF.net into my own SourceForge, I'll continue to be concerned.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page