Re: [MLUG] Warning: Don’t Download Software From SourceForge If You Can Help It

Wed Jun 10 01:26:20 UTC 2015

On 6/9/15, Robin Garen Aaberg <robin.garen at gmail.com> wrote:
> No! Not sf too. :(

It is in the nature of all proprietary companies - no matter how good
the founder's intentions are, when the founder moves on/ sells out,
which can include public listing for the company (dilution of control,
to shareholders), then the fundamentally sociopathic constitutional
requirement for a company to maximise profit eventually takes over.

We see it very clearly with examples such as SourceForge, now owned by
dice. We see it perhaps less clearly with Google, who had to fall
back/away from their proud public position of "do no evil", for the
lesser "choose the lesser evil" (namely go into China + provide some
advantages to the people but suffer requirements of China govt, or
don't go into China + hold to higher principle; Google went into China
as we know).

Today, just like 'yesterday' with sourceforge, github looks excellent,
is excellent. 'Tomorrow', github may be controlled by different
entities. With github it is arguably easier to jump off, but the
concentration of libre community projects there is worrying
nonetheless.

Fundamentally in all cases where we don't manage the infrastructure we
use for our project, we don't control our own project to some degree
and are risking an eventual requirement to jump off to alternative
infrastructure, possibly at an inopportune time.

Two suggestions:
1) OpenStack or some other infrastructure and "micro host" your and
your mate's' projects - perhaps in a distributed way, so if my home
ISP connection changes or has a problem, one of my mates should still
have an accessible mirror.

2) Write a little utility to multi-deploy a new project to multiple
proprietary / corporate hosts:
a) Definitely include SourceForge! You need to control your namespace
as it appears at adversarial corporate entities (where possible);
automating this control is one of the purposes for this utility.
b) Each host is just a declarative (YAML or JSON) set of configuration
properties and commands for working with that host, some steps of
which may not even be automatable.
c) Use a libre license and throw your code up on a bunch of said hosting sites.

With definitively adversarial sites such as SourceForge (how sad we
can say this), it starts to become imperative to create an account for
your project on said site, simply so you can control your own brand/
integrity of your own widely accessed downloads (again, where at all
possible).

Good luck,
Zenaan