SourceForge Terms of Service Change, Users Unhappy 444
An email fluttering around a few mailing lists has been submitted in
various forms here today. It's about changes to the SourceForge
terms of service. Some relevant links unclude the
old terms,
new terms,
old privacy statement,
new privacy statement
and
contact for "questions or concerns"
(Patrick McGovern, Site Director). Obviously since SF is owned by the
same parent company as Slashdot, I'm biased and corrupt and you should
ignore my opinions on the subject, but while
I don't particularly like this any more then anyone else, I also
don't think it's the huge deal that others are making of it. Especially
considering projects aren't paying for the free service. You get
what you pay for after all.
I have attached a summary to this article of the changes that are
being called into question if you don't want to do a mental diff
on the links above.
This list was submitted by a few different users and was apparently originally posted to several mailing lists, although I don't know who actually originally wrote it. I just quote it here for reference.
- They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
- They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
- They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
- They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
- The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
I dunno ... (Score:3, Interesting)
Re:I dunno ... (Score:3, Informative)
Having a useless "Privacy Policy" is a common tactic by commercial web sites to decieve users. It fools most users into thinking that there are protections on thier data due to the fact that the policy exists, or if the user bothers to read it the goal is make it worded such that the lack of protections is concealed.
Re:I dunno ... (Score:2)
Question to Taco: How do you think has OSDN been perceived by its users ?
Added Bonus for elaborating what this shift means for OSDN's corporate identity
Re:I dunno ... (Score:5, Informative)
Hotmail. After avoiding them for ages, I created an account in order to scope Passport.
The "Greet-King" spam I received within a week of creating a hotmail account that I never used resulted in a lengthy bout of mails to their abuse department and to "TrustE" (the supposed industry "watchdog" which is actuallly just a shill to prevent guvmnt action).
Despite MS assurances that my information would not be shared, their insistence remained that Greet-King got my name and email address from me, when it was not at all possible. Despite the statement that "Hotmail will not sell, lease or rent its member lists with any third parties," they refuse to accept any statement on the user's part that the email address and my name were not shared anywhere.
Hence, a "useless" privacy policy. And a deception -- even if it was just a renegade MS employee that pilfered some user names, MS is uninterested in knowing about it. Carelessness that is not, I believe, an uncommon phenomenon.
I can understand what the controversy is about (Score:5, Funny)
What this basically means is that they reserve the right to call you on the phone at 3 AM and breathe heavily.
Re:I can understand what the controversy is about (Score:2)
Why isn't everyone kicking CmdrTaco's ASS? (Score:3, Interesting)
Did CmdrTaco, one of the helmsmen of the most popular Free/OS news sites in existence just mimic what Microsoft PR/FUD machine has been saying since Linux showed up on its threat radar?
Why isn't everyone kicking CmdrTaco's ASS?
Re:Why isn't everyone kicking CmdrTaco's ASS? (Score:5, Insightful)
I was thinking something along those same lines, but then I remembered that he's talking about a service that it costs money to continue providing. He's not talking about source code or software, he's talking about a website providing a service.
There is a very big difference.
We're lucky to live in a time when people are giving away their code, but we're luckier still to live in a time when there are SO many entirely free (except for ads) web services.
All the same, free or not, I can't think of an above-the-board reason a why site would need a policy allowing it to change it's terms of use without first notifying it's users. That just seems low down and shady.
Re:Why isn't everyone kicking CmdrTaco's ASS? (Score:2)
I don't use SF, and so none of this effects me...plus, I'm a horrible programmer [grin]
But if SF can't do it right, why not just quit? If they did, I'm sure some alternative would pop up. But the fact that a huge vendor is still in the gap, providing service for free, means that others who might be able to do it better, but might have to charge, can't.
Sheesh, this is like saying, "I'll mow your lawn, but occastionally, I reserve the right to kill the lawn..." Well, if you can't do it right, just get out of the way, don't do it at all, and let someone else do it better.
The terms are inexcusable. They don't really provide any significant benefit to SF. What I think happened, they got some shark-head lawyer to redo the terms. He promptly slanted all the terms dramatically in the favor of SF. It wasn't necessasary, and SF should tell said legal counsel where to stick it. They should also redraw the terms again to be more fair.
Re:Why isn't everyone kicking CmdrTaco's ASS? (Score:2)
The terms are slanted far in SF's favor...why? They don't need these terms. It doesn't really make life better for them.
Lots of people are saying.."but they won't do these evil things that the terms say they can... "Well, why have them in the terms then?
AGAIN SF SHOULD DO IT RIGHT, OR NOT AT ALL. This is like volenteering your time to habitat for humanity, and building houses that are shoddy. When anyone complains, just say, "Well, you get what you pay for..." What a crock!
If SF wants to donate to the community, then do it with a pure heart, and openly and fairly. Otherwise, get out of the "charity" business.
Cheers!
Re:Why isn't everyone kicking CmdrTaco's ASS? (Score:5, Insightful)
And in case you didn't know... alot of the volunteer housing projects aren't exactly examples of fine craftsmanship... but it is the BEST people can offer. they are trying to help and make a difference. So shut up and take it... or shut up and dont' take it... or speak up and DO something about it. What have you done?
hmm (Score:5, Interesting)
Re:hmm (Score:5, Insightful)
Also, considering SourceForge is their product and SourceForge.net is a great demo of their functionality/scalability they'd have to be looking to sell the whole SourceForge business, not just SourceForge.net for it to make sense... Logical buyers would probably be RedHat or IBM. It would be a PR coo for whoever buys it, and if it's IBM and they move it over to their hardware it'd be a REALLY good marketing point... especially for their new Linux mainframe...
Nothing like fanning the flames of random speculation =)
Sourceforge.net not a viable business (Score:5, Informative)
SourceForge will eventually either need to charge money or will be spun off as a (soon to be bankrupt) spinoff business, leaving VA Software with just the various web sites. The web sites are probably (barely) profitable with the cost-cutting that has been done on them over the past year or so. SourceForge is not profitable, and never can be.
I currently have four projects hosted at SourceForge. I download the CVS web-ball every night in my crontab, and am investigating alternatives. At the moment it appears that any alternative will require developers to fork up money to help pay for the bandwidth. SourceForge itself has too many big (bandwidth) projects to make money even then, because if they charged what the bandwidth costs, most of those projects would end up hosted elsewhere shortly with companies who can hide the bandwidth costs in their accounting noise.
Does this mean that I wish SourceForge ill? Of course not. I just don't see how it can ever be profitable, and thus while I'll use it while it lasts, I'm not banking on it.
Re:Sourceforge.net not a viable business (Score:3, Informative)
what is a viable business? (Score:3, Insightful)
Let's see, Microsoft spends $1,000,000,000 to promote XP through print, TV, Radio, purchase of journalists, politicians and stenographers and billboards. This brings abslolutlly nothing in return but some marginal good will that they nullify with poor programs and scandal. Their sales are kept through extortion and other monopoly tricks. Yet people consider it a viable business.
You would conclude that Red Hat, IBM and Source Forge taken as a unit are not a viable business? Source Forge returns good will and programs for free use to both Red Hat and IBM. Without that kind of PR, what does Open Source have? The scale of losses you quote, if accurate are nothing to a company with revenues in the billions. Those paltry millions, spent on ordinary adverts, could hardly push a brand of soap.
The only think that can kill source forge is a betrayal of free software or some other greedy grab move. It's bad enough that they would switch to comercial databases and made the site an advertisment for software they would sell rather than a demonstration of free software they would service and issue with equipment. Anything to lessen Source Forge good will or software contribution would hurt them more than any direct costs.
Re:Sourceforge.net not a viable business (Score:3, Insightful)
If either company wanted to be more targeted, they could set something like SF up and be more selective of their projects.
Re:hmm (Score:2)
hehe too little sleep... yes, coo should be coup... thanks for pointing it out.... 4 times (as of this post) =)
Alternatives (Score:2, Insightful)
Like a combination of CVS/PHP with a saucy bug-reporting and discussion thingie..
I'm sure one already exists.
Dave
Re:Alternatives (Score:5, Insightful)
Re:Alternatives (Score:2, Informative)
Sourceforge has yet to compete with Bugzilla (Score:4, Interesting)
Bugzilla/bonsai/tinderbox provides a more complete solution. We were even able to modify the trio to deal with java, our many different build scripts (make is rather lacking for java), and our test automation.
What we found was that Sourceforge provided discussion groups which we got using exchange or INND, bug tracking which wasn't nearly as feature rich as bugzilla, and cvs integration which bonsai provided just as well. It was still lacking the automated builds, and by the time they got back to us after linuxworld we had allready deployed the bugzilla solution (partly thanks to some nice debian packages put together by Remi Perrot).
One large drawback is that bonsai relies on glimpse as its fulltext indexer. Glimpse used to be free but since then has gone commercial. We were, however, able to find some old glimpse source (which may have been GPL or artistic license - perhaps we should redistribute the old code as GNUlimpse).
We have made our own tweaks to bugzilla/tinderbox/bonsai and contributed a few of them back to the mozilla developers (in the future probably all will be recycled into the public implementation).
Big deal (Score:4, Insightful)
I think this is perfectly reasonable; they're running the show, and a lot of the time in communities, there are members you need to deal with. I think the changes listed are more of an administrative streamlining than a major conspiracy.
Now, if they start abusing things, folks will be all over them, and they'll be sorry they did. So that ain't gonna happen.
Not a big deal.
-me
Re:Big deal (Score:4, Insightful)
Re:Big deal (Score:3, Informative)
Re:Big deal (Score:2, Interesting)
privacy policy (Score:2, Informative)
NO GUARANTEES
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
/snip
Re:privacy policy (Score:2)
Yes, we'd like to believe that it just means that if someone cracks their system or a dude with a warrant shows up they aren't responsible. That's reasonable, after all.
But the fact is that their privacy statement -also- disclaims them of responisibility if they, say, sold all our user data to AOL.
We might want to believe (and strongly suspect) that only the first case would apply... But that doesn't change the fact that they've given themselves carte blanche for the second, and thus being suspicious is reasonable.
If they only wanted to disclaim themselves from the "reasonable" situations, they should have specified those cases.
Sourceforge reality. (Score:5, Interesting)
Anyone who's using Sourceforge to host their project, as I am, should be realistic about what they're getting and for how long they'll get it.
First of all, I love sourceforge. It gives me all of the things I want right out of the box and for free. User forums, bug tracking, SSH CVS, and so on.
However, it is free and I think we all know has a pretty slim chance of making money. With that in mind, no matter what their polcies state there seems to be a pretty good chance of them just exploding one fine morning and taking a whole bunch of source down with them. Make backups, I should too.
Other than that, we can be a demanding lot so try to go easy on these guys, let's give them a chance to survive.
Re:Sourceforge reality. (Score:2, Insightful)
Is there a way to sync a private CVS server with theirs? Including all previous versions in the current system? A HOWTO might be nice, possibly attached to that email.
--
Evan "Who really has to get around to uploading a half dozen patches he has for a variety of apps" E.
Re:Sourceforge reality. (Score:2, Informative)
http://cvs.sourceforge.net/cvstarballs/your_pro
Re:Sourceforge reality. (Score:2)
You can download a CVS tree tarball (updated nightly) by grabbing the URL:
http://cvs.sourceforge.net/cvstarballs/PROJECTN
Personally, considering some of the recent changes made to SourceForge (the one I dislike the most is the fact that SourceForge is no longer an open source project (you can no longer download the current source for SourceForge itself (actually, you haven't been able to for quite a long time)) and worse, they've worked hard at covering up the fact that they've closed sourced the project and killed it's development) I would suggest grabbing CVS tarballs of your project very frequently. . . just in case.
[Wow, that's one long, convoluted sentence.]
Re:Sourceforge reality - how to get CVS from SF (Score:2, Informative)
How about this? Replace PROJECT with your project name:
(change into a suitable directory to put your CVS tarball in)
(change to where you want your working directory)
Perhaps related to DOS attacks (Score:2, Interesting)
Anyhow let them have the tools to do the job. Personally I think they ought to offer the service for a small fee, something like a web hosting service but tune'd for the software distributor. I already keep a seperate web space and could just as easily host at sourceforge. They should also have shopping cart service for shareware and for developers that do both freeware and commercial software. Finally a small fee based update subscription service would be great for people who don't have the time to track all the different projects. Something that auto-pulls stuff to your system but lets you control install/backup
gnu savannah (Score:3, Informative)
Re:gnu savannah (Score:3, Interesting)
This is round 1, round 2 will sneak by (Score:5, Insightful)
It seems like this is laying the ground work for real changes that can be slipped by when they think no one is paying attention!
Re:This is round 1, round 2 will sneak by (Score:2)
Will they be open source? Wll they be hosted on Sourceforge?
Substantive? (Score:2, Interesting)
My only problem (Score:2, Interesting)
It's inevitable (Score:5, Funny)
Anytime you get a wide user base to anything, ranging from a development site to a game site to a bbs or chatroom, if the powers that be add a period to the end of a sentance in thier policies, there will be:
Now, watch the comments here, and have your scorecards ready.
I got more than what I paid for (Score:5, Insightful)
Big whoop.
There is nothing they can take from me. I have the source code. I update my local cvs daily. The project webpage is garbage, and half of the discussions about development are in email. The greatest benefit is that the package I run has been difficult to find, and now it has a 'permanent' home.
I'd have more problems with, oh, say, Comcast changing the TOS. Or M$. Or AOL. When those guys change things, I always get the "I changed the bargain, just pray I don't alter it any further" impression. With sourceforge, I AM A LEECH. I live at the whim of my host.
If they piss me off, it's off to the FSF hosted site. No problem.
Hey, I don't like the VA Systems->Linux->Software scam. I'm part of the gang whinging about the 'post'. And I often question the integrity of folks. But sourceforge.net never promised anything, and they haven't disappointed me yet.
Nothing to see. Move along.
What are the chances ... (Score:5, Interesting)
SF is a great resource and all, but there needs to be some way to filter out the abandoned stuff.
Re:What are the chances ... (Score:4, Insightful)
Re:What are the chances ... (Score:5, Informative)
I was thinking the same thing, but the OP has a point. Why not create a "Sourceforge attic" with an option to exclude the attic from searches? A project would go into the attic if it had less than a minimum number of downloads and/or changes for a period of 6 months.
The attic could be hosted on older, slower servers, or on a configuration that worked well under low demand. Or perhaps it could even be archived on CD or DVD and distributed to various mirrors.
Regardless of how it is maintained, old code is a valuable resource, even if it's just there to let people know about methods that have been tried and failed. How can we learn from mistakes if we can't *see* them?
Not 'old' but empty. (Score:2)
I thinking keeping old projects around is a good idea, if the projects have actually done something. Too many times I've looked into a project only to find that absolutely nothing has happened other than the project's name being approved and added to SF. Even the homepage hadn't been touched.
Those projects are the ones that need to be removed. An empty project does nothing but take up space.
you get what you pay for (Score:2, Funny)
You get what you pay for after all.
An ironic quote coming from someone who supports FREE software.
Coincidence? (Score:4, Funny)
Projects (Score:3, Informative)
It's a bit questionable if you need a CVS somewhere else, a mailing list archive somewhere else, a patch archive somewhere else, project homepage somewhere else.. whether it's any use to have them a SourceForge at all.. too bad since it really is a great tool, even if sometimes really laggy.
This sure ain't good news for maintainers of small projects.. especially of projects of questionable usefulness..
It's true, it's not true (Score:5, Insightful)
1. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
To say that the clause at the end claims the privacy policy is "not true" is pretty simplistic. It attempts to avoid iablility for circumstances beyond their control, which is a far cry from disclaiming the entire thing.
In other words if armed men break into our facilities and steal our database and sell it to spammers, or our daatabase administrator gets a brain tumor and tries to "MAKE MONEY FAST!", we think we shouldn't be sued.
Re:It's true, it's not true (Score:2)
Also, a police organization (e.g. FBI) can force them to hand over information about their users.
Re:It's true, it's not true (Score:2)
If they are liquidated, and whoever the owning entity is, if they voliate the terms of the contract, they should get sued.
All the reasons I've seen so far explaining the changes in privacy policy are bogus, short of those saying that SF wants to abandon any restrictions on their privacy requirements.
That doesn't mean they're going to violate your privacy, but they want no reprocussions when they do.
Privacy Statement (Score:5, Insightful)
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
Since I don't think we're dealing with an vast evil corporate conspiracy here, I don't think the proper reading of this is "these statements are not true."
Basically they're protecting themselves against crackers. If someone steals the password list, they aren't responsible. I don't think that this means they're going lax on security or forgetting about privacy, it just means that shit happens, and they don't want to be sued.
As to the rest of the changes: this is their perrogative. They don't have to warn you about service changes. And if that fact alone bothers you, you can take your (non-paying) business elsewhere. It's how they use this priviledge that matters, and I don't think that they are going to radically alter their service in an attempt to scam users.
slashdot editors propogating yet another myth (Score:5, Insightful)
Amazing. Now I understand why the slashdot editors really appear to not "get" a lot of fundamental things, like the ongoing, direct harm the Copyright Cartels (Hollywood and the music industry in particular) are doing to free software.
"You get what you pay for," is demonstrably a myth. (c.f. GNU/Linux, FreeBSD, non-paid sex, love be it familial or romantic, and as a counter example underscoring the very same point, Windows vis-a-vis quality, used cars, enron stock, and so on ad nauseum.). Air is the most valuable substance to any living, breathing human. Don't believe me? Try going ten minutes without it. Yet it costs nothing.
With free software you don't "get what you pay for," you get what many thousands have contributed to a public commons to give themselves and you, with a resulting value far greater than any single enterprise could possibly offer. These contributions are often completely unrelated to any economic value as defined in the traditional market sense, and are only very indirectly related to any sort of free market or monetary value at all.
If you don't understand this (because of your libertarian bent of capitalism ueber alles, perhaps
In this particular case the area is more gray
I should point out that the Free Software Foundation's GNU project offers a similar service to sourceforge called Savannah [gnu.org], which I highly recommend. Will the laws of supply and demand as created out of scarcity apply, or are there enough willing donars, and enough inexpensive (or free) resources available that the laws of plenty will apply? In this gray area the answer is probably both yes, and no, depending on local circumstances and conditions.
In any event, the notion that "you get what you pay for" has been disproven numerous times in the physical world of scarcity-driven capitalism (ask any number of people who have purchased property or used automobiles, only to have their worth drop to zero, or climb insanely, in no relation to "what they paid for"), and in the abundant sphere of free software is demonstrably inapplicable in nearly every case.
Free as in "air" (Score:2)
Re:slashdot editors propogating yet another myth (Score:2)
Air is the most valuable substance to any living, breathing human. Don't believe me? Try going ten minutes without it. Yet it costs nothing.
It's free? Damn. I paid like twelve bucks for three bottles of it just last weekend.
Excuse me... I've got to go have a word with the guys at the dive shop.
Whats the big deal... (Score:5, Insightful)
1. They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
It is a free service... if they want to change something should they be shackled by having to email all the users to change anything?
2. They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
They avoid leagle entanglement for said free service... People abuse free systems, they need to be delt with quickly and effectivly.
3. They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
The users should have local backups... this is more then resonable.
4. They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
Hmmm, some web notice would be nice... but again it is a free service...
5. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
Well, if you bother to read (and comprehend) the policy you should know what you are in for, again it is a free service...
Have you read Hotmail Terms of Use [msn.com]?
You know they have your best interest at heart.
~Sean
Re:Whats the big deal... (Warning: Spoiler) (Score:2)
From the Hostmail Terms of Use:
By way of example, and not as a limitation, you agree that when using a Communication Service, you will not:
Funny. I thought that point was their business model and represented their 'heaviest users' base! (Of course, if you dont like it, you can email their abuse department at angelgirl435_abuse@hotmail.com
really number three is the only one that sucks (Score:2)
The thing about backups and CVS... (Score:2)
Yes, the users should have local backups. But of what?
Another poster commented that this wasn't a big deal because "I update my local CVS checkout daily." So what? You have the latest current version, okay, true, that's good. But without the CVS repository itself, you've lost all the history (diffs over time, commit log entries, etc).
For the projects I care about, I use rsync and get a local copy of the CVS repository itself; that way I have it all. (It's also handy to be able to check out a copy from that repository; CVS ops go really quickly. *grin*)
I'd like SF.net to make a "reasonable effort" to mail me the CVS repo. Other than that I don't particularly care.
Re:Whats the big deal... (Score:3, Insightful)
I've always hated those "we can change things without any real notice" clauses. 15 days could be a bit long, i suppose... Why not 2 business days or something like that? Gives people enough time to move out if they really don't like the changes, and still allows reasonably fast changes to the policy.
They avoid leagle entanglement for said free service... People abuse free systems, they need to be delt with quickly and effectivly.Couldn't they still do that with having to give a reason? Hell, "abuse of site resources" is one of their explicitly listed reasons for termination. This makes me think they're going to start deleting things for reasons they don't want to be publically known...
Ok, reading the actual terms of service, these seem to be not exactly true. Since the reasons for termination were never limited, "we don't like you" is technically a good enough reason. And they were never obligated to make the information available, they just said "We'll be nice and do it if we can without too much trouble." It's still kind of shady though...
Hmmm, some web notice would be nice... but again it is a free service...That's no excuse for giving no notice. It would be nice to know what their lawyers (it always comes down to lawyers) consider "substantive". Fixing grammar and spelling mistakes is fine for no notice, but i'd want notice of anything that changed the actual policy.
Taco turns Republican (Score:2, Funny)
Ain't it always the case? You start making lots of money and the Republicans start making sense.
Pot, Kettle, etc. (Score:2, Redundant)
Hmm, I'm going to say that about Linux now.
Let's see how that get's moderated.
Taco says "No privacy is not a huge deal" (Score:2, Insightful)
All CYA (Score:2, Insightful)
e.g. The term "reasonable effort" is open to a million interpretations. Anything you do would likely disapoint somebody. Promise nothing and you always exceed what was promised.
Use the service to its best advantage, don't rely on SourceForge (or anything else) 100%, and if it doesn't work for you move on. After all, it IS free.
Indemnity is the real issue (Score:2, Interesting)
In other words, if I do something that upsets a corporation with a legal department, and SourceForge gets sued, I have to pay their lawyer's bills.
Because of that clause, I can't do anything that is legally sensitive; and because free software is by definition revolutionary, I can't do anything real or important on SourceForge at all. I respect and admire the Freenet people, who are going ahead and hosting with SourceForge anyway, but I have no wish to emulate that display of courage. I don't blame SourceForge for having the indemnity clause in their TOS, but it means that their service isn't much use to me. The risks are just too great.
Incidentally, y'all have missed the most important new terms in today's revised TOS - the new DMCA compliance terms. Those, too, are perfectly understandable, and I can't blame SourceForge for having them. As a business operating in the U.S.A., SourceForge is legally obligated to have DMCA compliance procedures. But if I had any illusions left that SourceForge was part of the revolution, those illusions are gone now. SourceForge is now just another profit-making business, and I don't need, or have any particular reason to want, to do business with them. I'll be hosting my free software on amateur servers outside the U.S.A. (I'm outside the U.S.A. myself) where I can be assured of its continued freedom.
"You get what you pay for"?! (Score:4, Insightful)
but I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all.
What the heck kind of attitude is this for the founder of a pro-Open, pro-Linux website, CmdrTaco?! I took a quick diff of the terms of use changes, and you're right, it's not a big deal. But reinforcing the myth of "you get what you pay for" doesn't help traditionally minded people embrace new paradigms such as Open and Free. Tsk tsk.
Re:"You get what you pay for"?! (Score:5, Insightful)
sourceforge alternative (Score:2, Informative)
Re:sourceforge alternative (Score:2)
The only big problem I see.. (Score:2)
Journalistic efforts when covering one's self (Score:3, Insightful)
Yes, it's CmdrTaco's site, but it looks bad when a VA employee uses his position to put his opinion that a controversy involving his employer is a non-story in the article rather than in a comment.
It would be better form to use a just-the-facts approach in the story itself and then post opinions as comments like every other user. Another possibility would be to have a separate "Editorials" section for staff members to give their opinions, and to have a separate news item and editorial in cases like this.
Re:Journalistic efforts when covering one's self (Score:4, Insightful)
Obviously since SF is owned by the same parent company as Slashdot, I'm biased and corrupt and you should ignore my opinions on the subject, but while I don't particularly like this any more then anyone else, ...
then it would be OK. It's almost like he thinks he has as much right as everyone else around here. Sheesh!
Re:Journalistic efforts when covering one's self (Score:2, Interesting)
It is? I'd argue that Taco and all teh editors here are just replaceable figureheads.
You get... wha? (Score:2, Funny)
I've been suspicious of Sourceforge stability (Score:2, Interesting)
Savannah is a gnu.org alternative to SF; comments? (Score:2, Interesting)
Re:Savannah is a gnu.org alternative to SF; commen (Score:3, Informative)
With regards of compatibility there is an offer (when you sign up) to use your existing CVS's data on their systems. The only caveat was that they are far stricter with licensing. So if you use the Sourceforge CVS it should be easy (providing the licence is OK) to transfer to Savannah.
You also geta homepage at: http://www.freesoftware.fsf.org/yourprojectname
Which is adminned via RSYNC or CVS over SSH.
So almost identical to Sourceforge.
It doesn't seem to be as fast as Sourceforge, but this is opionion and I have no metric to support this.
Dear Sir (Score:2)
you're a commercial company, but you've shown your dedication to open source. Please start hosting something like SourceForge so we can stop having to trust SourceForge. You seem safer.
Dear IBM,
you are new to open source, but you've produced a lot of great technology over the years, lost out to Microsoft for a dose of humility, and shown recent commitment you open source. You own Lotus Notes, and you host that free really cool patent database. Howsabout you start hosting something like Slashdot? it's a discussion forum just like Notes. Oh, and host something like SourceForge too while you're at it.
No, guys, not to drive these other guys out of business, but because competition makes everybody perform better, just like in the Olympics. It's so much easier to trust competitors than monopolists.
Something has to give somewhere (Score:3, Insightful)
Let's look at this a little more objectively. Hosting kernel.org costs about $80,000 a year (Larry McVoy posted this number to lkml about a month ago) at the least. It's an ftp site. That's bandwidth, not any warm bodies doing admin, not any fancy database stuff, nothing fancy just an ftp server and a minimal web site. Sourceforge has to cost 20 times more, probably more, to run. I have no idea what the numbers are but it has a staff and a huge amount of resources to manage and keep running. Personally, I'd assume that it's in the neighborhood of $5million+ a year, that's just my half-assed guess though. That's some substantial output for most companies, at IBM you can't spend that kind of money without producing something, people notice chunks that big. At most places, that kind of funding simply isn't available for something like that. At some point the free ride has to end, or something has to come out of it, or something has to change. Even a company like MS would see $5mill on the books in red ink and not black and there would have to be some reason to justify it and goodwill towards the community might not be enough.
Then with subjects like these, things rise up. Well they should trim dead stuff out of the tree, trimming the "dead" stuff is silly becuase it might be useful to people, that's the whole premise, if it's in use anywhere then it's not really dead. It might be dead to you and me, but that guy who is using it might want it. They should do x, y, or z to better support projects like q. They could do this or that. I think the most alarming propect is that there will be code in SF and it could be lost because of a policy change. I can get over most things, the changes to the mailing lists, and various other things they've done, it's free and you get what you pay for but a big part of the justification has been to promote interaction with developers to give VA a community they have close ties with and to promote open source software development. The idea of losing code is appauling, SF no longer serves a big part of its purpose at that point. That's what brings credibility in to question, what are they doing to prevent that from happening? Can I buy a set of DVDs that have SF backed-up on to them? Or is this it, the policy change is that there won't be any warning of future policy changes and those might cost you your code. I understand that they might have to sell stuff, or charge for services or do lot's of different things. I also understand that services like SF are prime for pirates and porn hustlers and others to use to propagate data and they need to protect themselves. It's time to look to tigris [tigris.org], Savannah [slashdot.org], and Berlio [berlios.de] more seriously.
I wonder if there is something we could add to licenses that would prevent a place like SF from shutting down and taking your code with them.
Re:Something has to give somewhere (Score:4, Informative)
Re:Something has to give somewhere (Score:2)
Either way, SF has to be forking out some very serious money for the bandwidth, the machines, the admin staff and then any development they are trying to do on it all.
Sourceforge shutdown and your code (Score:2)
This DOES mean that I'm reluctant to use SourceForge's forum and bug tracking and etc. software, since those cannot be easily backed up. Luckily I don't currently work on any multi-programmer project where bug tracking is necessary (and as for their forums, I prefer mailing lists and don't enable the forums on any of my projects).
As for VA, I've had my reservations about them ever since interviewing there in 1999 and finding that all the top VP's were former Apple and Sun people installed by the VC's and that the people who'd built the business were relegated to low-level sysadmin and wrench monkey jobs. Their business model also sucked, they needed to be the Dell of the Linux business and were instead trying to be the Compaq of the Linux business. VP's who didn't understand the Linux business, disgruntled employees, bad business model, to say I lacked enthusiasm is an understatement. I hate to say "I told you so", but I suspect that if I pulled out the EMAIL's that I shared with VA VP's back then, they would be eerily prescient.
-E
Re:Sourceforge shutdown and your code (Score:3, Insightful)
(This includes mailing list archives)
Pat-
Centralized Source Projects a bad idea? (Score:2, Insightful)
1) Break ins.
2) Sourceforge is bought by Microsoft.
3) Disruption to work to SO MANY projects at once, due to break ins.
The disruption and dependance of the Open Source way on one organization is probably a bad idea. Not that SourceForge is the one stop and only place on the net, but it has a large enough number of projects to be of concern.
I don't know why or what sourceforge is that is is such a big deal to have projects here. Big fat Pipe perhaps?
There are plenty of tools for individual projects and group projects that work just fine and are free for everyone too use.
There are too many gotcha's that could impact too many projects if someone got in and decided to spend the next 5-10 months secretly writing small back doors into fairly large projects, that just perhaps not many would notice.
Makes my skin crawl just thinking about it.
I think source forge should probably be a "BinaryForge" with MD5 and CRC signatures with perhaps the ability to sign out certs for binarys that are extremely critical.
Perhaps a mechanism to post builds from CVS systems authors maintain themselves to sourceforge of binaries would be OK.
At least that would maintain the ease of use of getting all your goodies from one location.
But in general I don't think it is a good idea to have so many open source source code trees in one place on the net.
-hack
You get what you pay for? (Score:2)
With all due respect... (Score:4, Insightful)
Needed: tools to recover bug lists, patches, etc. (Score:2, Interesting)
So, here's what we need:
1. Tool to "web-scrape" the contents of the bug-list for a project.
2. Tool to "web-scrape" the contents of the patch-list for a project.
3. Tool to "web-scrape" the mailing list archive and member list for a project.
4. Tool to put together a mirrored CVS repo (a la CVSup, but it just needs to work in one shot).
5. Any other similar tools to above needed to reconstitute project state on a different host.
Putting an XML-RPC interface on these would allow them the most general use.
We've always needed them. This announcement doesn't really change anything, but it should bring the point home that we who admin projects are responsible for our own disaster recovery, just in case Lars Ulrich decides he owns that sample mp3 of your cat hacking up a hairball because it sounds just like Metallica.
And finally, just a common sense clarification, in case some people don't get it: don't put crypto on SF, because it'll probably get DMCA'd.
I'll start the project on sourceforge.net (of course). Volunteers welcome.
Conflict of interest and logical problem (Score:2)
Yes, publically defending changes made by your owner, especially considering how those changes would likely be savaged if done by an opponent, raises deep issues of conflict of interest which deserve better than such an offhand dismissal.
After all, how different is "You get what you pay for after all", from "If you don't like our click-wrap license, don't use the software"?
Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]
Re:Conflict of interest and logical problem (Score:3, Insightful)
*My* feeling is that this TOS change is not a substantive change. The part in which the Privacy Policy is disavowed is done specifically because *if* the site is cracked, then we're lying about protecting it - not because we're going to sell anything. I'll shoot myself in the eye before we do that.
Something is missing..... (Score:4, Funny)
Further proof... (Score:3, Insightful)
It's the same general deal you get anywhere these days:
You can't get us for nuttin..
We don't know nuttin, and if we did, we wouldn't admit it anyway..
If you got it, it's ours, an' we're gonna take it no matter what you do..
Here's a real punchline from the Privacy Statement:
uh.. then who is in a position to guarantee what Sourceforge itself has just attested to?
No-body!
End of discussion!
And have a nice day!
t_t_b
Re:Further proof... (Score:5, Interesting)
I run a very small (read: profits are almost half my car payment) web hosting service under the flag of openness and freedom of content. I started it because I got upset that every single host I went with wanted to corral me into a year contract, tell me what I couldn't do or say and take credit and the ability to edit my personal thoughts and ideas. Originally, it was a co-op, and I began to take on extra users who wanted the same thing -- ownership of their work and a fair charge for the low bandwidth they were moving.
In the past three months we've grown a dozen times larger -- so big that I no longer know every site op by name. Now, I don't want to have to force the new people to sign a TOS or a EULA. I think that posting the rules on the frontpage should be good enough for everybody. But I'm afraid. We've had a couple users ask if they could serve porn, and when I said no a few signed up anyway. I trust them (and check my logs), but if I go away on vacation and one of them starts serving nude shots of Frankie Muniz, I'm the one who gets in trouble. I'm the one who's got his name on the tax forms, and I don't intend to incorporate the business.
So I'm stuck. I want to let users do their own thing, own their own shit, but I'm the one who's ass is on the line. If one site slips up, they all go down. Everybody loses their stuff and all the good I've tried to do, all the bright young folks I've formed relationships with are scrambling for a new host. Someday soon I'll need to call my lawyer (okay, I don't have a lawyer to call my own, I'll have to pick a name out of the phone book) and have him draw me up a plan for a TOS. It'll probably be pretty brutal. Legally, I'll have to claim responsibility or ownership over users and content so I'll have the ability to pull it if I have to. And I'll have to do the same stupid shit, bowing to C&Ds and dropping user info and so forth.
It won't make me as a host and as a person any more of an asshole. I won't trade email addresses for cigarettes or claim rights to rkm's work [somethingpositive.net]. But I'll look just as corporate and uncaring as the rest.
Just think about it, baby, before you hate the legalese. You can't avoid being screwed without screwing somebody on paper. At the end of the day, it all comes down to who you trust, and after these long years with Slashdot, OSDN and SourceForge, I guess I trust VA. I have to, they designed my new server!
Shameless plug: webslum.net [webslum.net]. Say you read this post and I'll give you a free shell
Let's think about exploiting p2p (Score:3, Interesting)
How can we surmount this problem? Maybe by making a set of standards (beyond the informal ones that exist now) for how to document what your software is and where to get it. This could be a variation on the old
I am concerned that a lot of good code and good projects are left to die while other people re-invent that particular wheel. Since FS/OS is based on volunteer work, we can't really afford to throw it away or waste it. I hope other people who also have ideas about this will reply to this, and perhaps we can get together a mailing list or something to brainstorm about possible solutions to this problem.
this is the part I hate.. (Score:4, Interesting)
They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
This is the part that disgusts me about "Terms of Use". Basically, they could say anything they want, and you would be bound by it, before you can even read it!
So Tuesday, they can say they don't own the copyright in your programs, but Wednesday they can, and NOBODY WOULD KNOW until AFTER the terms went into effect.
Yes, they have the right to put pretty much anything in their terms, BUT they should have to make a reasonable effort to inform their users of any new terms.
Free markets work best when information is available about your choices. Saying "if you don't like it, go elsewhere" is silly if you don't know what it is exactly you just agreed to.
There should be a consumer protection law that says, you have 30 days before new terms go into effect, no matter what. Then you would know, just have your attorney or your web-page watcher script check the terms every 30 days. But now, they can change them twice a day, or just for 5 minutes every night, or whatever, and nobody knows.
Of course every company is completely honest and above-board and would never change their terms like that, would they??
How does this save sourceforge money? (Score:3, Insightful)
But what I fail to comprehend is -- how on earth do these new terms create any reduction in the cost of running Sourceforge?
Re:They're obviously attempting to coopt projects (Score:2)
and it's 'all your base are belong to us' by the way.
Re:Makes them look like assholes. (Score:3, Informative)
Umm, no. You don't sign away your copyright when you host something on Sourceforge. In many cases you don't even have the authority to do so if you wanted to. Sourceforge has the right to do whatever they want with the copy of data on their server, they can delete it and they can delete your account, but they don't own the data you stored there.
But that's okay. "The sky is falling!" is catchier.
Re:Next... (Score:2)
graspee
Re:what's wrong with these changes (Score:3, Interesting)