SourceForge Terms of Service Change, Users Unhappy 444
An email fluttering around a few mailing lists has been submitted in
various forms here today. It's about changes to the SourceForge
terms of service. Some relevant links unclude the
old terms,
new terms,
old privacy statement,
new privacy statement
and
contact for "questions or concerns"
(Patrick McGovern, Site Director). Obviously since SF is owned by the
same parent company as Slashdot, I'm biased and corrupt and you should
ignore my opinions on the subject, but while
I don't particularly like this any more then anyone else, I also
don't think it's the huge deal that others are making of it. Especially
considering projects aren't paying for the free service. You get
what you pay for after all.
I have attached a summary to this article of the changes that are
being called into question if you don't want to do a mental diff
on the links above.
This list was submitted by a few different users and was apparently originally posted to several mailing lists, although I don't know who actually originally wrote it. I just quote it here for reference.
- They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
- They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
- They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
- They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
- The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
Alternatives (Score:2, Insightful)
Like a combination of CVS/PHP with a saucy bug-reporting and discussion thingie..
I'm sure one already exists.
Dave
Big deal (Score:4, Insightful)
I think this is perfectly reasonable; they're running the show, and a lot of the time in communities, there are members you need to deal with. I think the changes listed are more of an administrative streamlining than a major conspiracy.
Now, if they start abusing things, folks will be all over them, and they'll be sorry they did. So that ain't gonna happen.
Not a big deal.
-me
This is round 1, round 2 will sneak by (Score:5, Insightful)
It seems like this is laying the ground work for real changes that can be slipped by when they think no one is paying attention!
I got more than what I paid for (Score:5, Insightful)
Big whoop.
There is nothing they can take from me. I have the source code. I update my local cvs daily. The project webpage is garbage, and half of the discussions about development are in email. The greatest benefit is that the package I run has been difficult to find, and now it has a 'permanent' home.
I'd have more problems with, oh, say, Comcast changing the TOS. Or M$. Or AOL. When those guys change things, I always get the "I changed the bargain, just pray I don't alter it any further" impression. With sourceforge, I AM A LEECH. I live at the whim of my host.
If they piss me off, it's off to the FSF hosted site. No problem.
Hey, I don't like the VA Systems->Linux->Software scam. I'm part of the gang whinging about the 'post'. And I often question the integrity of folks. But sourceforge.net never promised anything, and they haven't disappointed me yet.
Nothing to see. Move along.
Re:Sourceforge reality. (Score:2, Insightful)
Is there a way to sync a private CVS server with theirs? Including all previous versions in the current system? A HOWTO might be nice, possibly attached to that email.
--
Evan "Who really has to get around to uploading a half dozen patches he has for a variety of apps" E.
Re:What are the chances ... (Score:4, Insightful)
It's true, it's not true (Score:5, Insightful)
1. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
To say that the clause at the end claims the privacy policy is "not true" is pretty simplistic. It attempts to avoid iablility for circumstances beyond their control, which is a far cry from disclaiming the entire thing.
In other words if armed men break into our facilities and steal our database and sell it to spammers, or our daatabase administrator gets a brain tumor and tries to "MAKE MONEY FAST!", we think we shouldn't be sued.
Privacy Statement (Score:5, Insightful)
While this Privacy Statement expresses SourceForge.net's standards for maintenance of private data, SourceForge.net is not in a position to guarantee that the standards will always be met. There may be factors beyond our control that may result in disclosure of data. As a consequence, SourceForge.net disclaims any warranties or representations relating to maintenance or nondisclosure of private information.
Since I don't think we're dealing with an vast evil corporate conspiracy here, I don't think the proper reading of this is "these statements are not true."
Basically they're protecting themselves against crackers. If someone steals the password list, they aren't responsible. I don't think that this means they're going lax on security or forgetting about privacy, it just means that shit happens, and they don't want to be sued.
As to the rest of the changes: this is their perrogative. They don't have to warn you about service changes. And if that fact alone bothers you, you can take your (non-paying) business elsewhere. It's how they use this priviledge that matters, and I don't think that they are going to radically alter their service in an attempt to scam users.
Re:Alternatives (Score:5, Insightful)
slashdot editors propogating yet another myth (Score:5, Insightful)
Amazing. Now I understand why the slashdot editors really appear to not "get" a lot of fundamental things, like the ongoing, direct harm the Copyright Cartels (Hollywood and the music industry in particular) are doing to free software.
"You get what you pay for," is demonstrably a myth. (c.f. GNU/Linux, FreeBSD, non-paid sex, love be it familial or romantic, and as a counter example underscoring the very same point, Windows vis-a-vis quality, used cars, enron stock, and so on ad nauseum.). Air is the most valuable substance to any living, breathing human. Don't believe me? Try going ten minutes without it. Yet it costs nothing.
With free software you don't "get what you pay for," you get what many thousands have contributed to a public commons to give themselves and you, with a resulting value far greater than any single enterprise could possibly offer. These contributions are often completely unrelated to any economic value as defined in the traditional market sense, and are only very indirectly related to any sort of free market or monetary value at all.
If you don't understand this (because of your libertarian bent of capitalism ueber alles, perhaps
In this particular case the area is more gray
I should point out that the Free Software Foundation's GNU project offers a similar service to sourceforge called Savannah [gnu.org], which I highly recommend. Will the laws of supply and demand as created out of scarcity apply, or are there enough willing donars, and enough inexpensive (or free) resources available that the laws of plenty will apply? In this gray area the answer is probably both yes, and no, depending on local circumstances and conditions.
In any event, the notion that "you get what you pay for" has been disproven numerous times in the physical world of scarcity-driven capitalism (ask any number of people who have purchased property or used automobiles, only to have their worth drop to zero, or climb insanely, in no relation to "what they paid for"), and in the abundant sphere of free software is demonstrably inapplicable in nearly every case.
Whats the big deal... (Score:5, Insightful)
1. They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
It is a free service... if they want to change something should they be shackled by having to email all the users to change anything?
2. They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
They avoid leagle entanglement for said free service... People abuse free systems, they need to be delt with quickly and effectivly.
3. They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
The users should have local backups... this is more then resonable.
4. They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
Hmmm, some web notice would be nice... but again it is a free service...
5. The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
Well, if you bother to read (and comprehend) the policy you should know what you are in for, again it is a free service...
Have you read Hotmail Terms of Use [msn.com]?
You know they have your best interest at heart.
~Sean
You guys are all blind lemming hypocrites (Score:1, Insightful)
Look at the privacy statement. No guarantees? What does that mean?
They can cancel your account for no reason? What about open source projects that they don't like for whatever reason? They don't even have to return anything back to you.
This is a disgusting change. Sure it's free, and there's nothing you can do about it, but don't all of a sudden turn your back on common sense.
Re:hmm (Score:5, Insightful)
Also, considering SourceForge is their product and SourceForge.net is a great demo of their functionality/scalability they'd have to be looking to sell the whole SourceForge business, not just SourceForge.net for it to make sense... Logical buyers would probably be RedHat or IBM. It would be a PR coo for whoever buys it, and if it's IBM and they move it over to their hardware it'd be a REALLY good marketing point... especially for their new Linux mainframe...
Nothing like fanning the flames of random speculation =)
Taco says "No privacy is not a huge deal" (Score:2, Insightful)
All CYA (Score:2, Insightful)
e.g. The term "reasonable effort" is open to a million interpretations. Anything you do would likely disapoint somebody. Promise nothing and you always exceed what was promised.
Use the service to its best advantage, don't rely on SourceForge (or anything else) 100%, and if it doesn't work for you move on. After all, it IS free.
"You get what you pay for"?! (Score:4, Insightful)
but I also don't think it's the huge deal that others are making of it. Especially considering projects aren't paying for the free service. You get what you pay for after all.
What the heck kind of attitude is this for the founder of a pro-Open, pro-Linux website, CmdrTaco?! I took a quick diff of the terms of use changes, and you're right, it's not a big deal. But reinforcing the myth of "you get what you pay for" doesn't help traditionally minded people embrace new paradigms such as Open and Free. Tsk tsk.
Journalistic efforts when covering one's self (Score:3, Insightful)
Yes, it's CmdrTaco's site, but it looks bad when a VA employee uses his position to put his opinion that a controversy involving his employer is a non-story in the article rather than in a comment.
It would be better form to use a just-the-facts approach in the story itself and then post opinions as comments like every other user. Another possibility would be to have a separate "Editorials" section for staff members to give their opinions, and to have a separate news item and editorial in cases like this.
Re:Big deal (Score:4, Insightful)
Re:"You get what you pay for"?! (Score:5, Insightful)
Re:Whats the big deal... (Score:3, Insightful)
I've always hated those "we can change things without any real notice" clauses. 15 days could be a bit long, i suppose... Why not 2 business days or something like that? Gives people enough time to move out if they really don't like the changes, and still allows reasonably fast changes to the policy.
They avoid leagle entanglement for said free service... People abuse free systems, they need to be delt with quickly and effectivly.Couldn't they still do that with having to give a reason? Hell, "abuse of site resources" is one of their explicitly listed reasons for termination. This makes me think they're going to start deleting things for reasons they don't want to be publically known...
Ok, reading the actual terms of service, these seem to be not exactly true. Since the reasons for termination were never limited, "we don't like you" is technically a good enough reason. And they were never obligated to make the information available, they just said "We'll be nice and do it if we can without too much trouble." It's still kind of shady though...
Hmmm, some web notice would be nice... but again it is a free service...That's no excuse for giving no notice. It would be nice to know what their lawyers (it always comes down to lawyers) consider "substantive". Fixing grammar and spelling mistakes is fine for no notice, but i'd want notice of anything that changed the actual policy.
Something has to give somewhere (Score:3, Insightful)
Let's look at this a little more objectively. Hosting kernel.org costs about $80,000 a year (Larry McVoy posted this number to lkml about a month ago) at the least. It's an ftp site. That's bandwidth, not any warm bodies doing admin, not any fancy database stuff, nothing fancy just an ftp server and a minimal web site. Sourceforge has to cost 20 times more, probably more, to run. I have no idea what the numbers are but it has a staff and a huge amount of resources to manage and keep running. Personally, I'd assume that it's in the neighborhood of $5million+ a year, that's just my half-assed guess though. That's some substantial output for most companies, at IBM you can't spend that kind of money without producing something, people notice chunks that big. At most places, that kind of funding simply isn't available for something like that. At some point the free ride has to end, or something has to come out of it, or something has to change. Even a company like MS would see $5mill on the books in red ink and not black and there would have to be some reason to justify it and goodwill towards the community might not be enough.
Then with subjects like these, things rise up. Well they should trim dead stuff out of the tree, trimming the "dead" stuff is silly becuase it might be useful to people, that's the whole premise, if it's in use anywhere then it's not really dead. It might be dead to you and me, but that guy who is using it might want it. They should do x, y, or z to better support projects like q. They could do this or that. I think the most alarming propect is that there will be code in SF and it could be lost because of a policy change. I can get over most things, the changes to the mailing lists, and various other things they've done, it's free and you get what you pay for but a big part of the justification has been to promote interaction with developers to give VA a community they have close ties with and to promote open source software development. The idea of losing code is appauling, SF no longer serves a big part of its purpose at that point. That's what brings credibility in to question, what are they doing to prevent that from happening? Can I buy a set of DVDs that have SF backed-up on to them? Or is this it, the policy change is that there won't be any warning of future policy changes and those might cost you your code. I understand that they might have to sell stuff, or charge for services or do lot's of different things. I also understand that services like SF are prime for pirates and porn hustlers and others to use to propagate data and they need to protect themselves. It's time to look to tigris [tigris.org], Savannah [slashdot.org], and Berlio [berlios.de] more seriously.
I wonder if there is something we could add to licenses that would prevent a place like SF from shutting down and taking your code with them.
Re:Journalistic efforts when covering one's self (Score:4, Insightful)
Obviously since SF is owned by the same parent company as Slashdot, I'm biased and corrupt and you should ignore my opinions on the subject, but while I don't particularly like this any more then anyone else, ...
then it would be OK. It's almost like he thinks he has as much right as everyone else around here. Sheesh!
Centralized Source Projects a bad idea? (Score:2, Insightful)
1) Break ins.
2) Sourceforge is bought by Microsoft.
3) Disruption to work to SO MANY projects at once, due to break ins.
The disruption and dependance of the Open Source way on one organization is probably a bad idea. Not that SourceForge is the one stop and only place on the net, but it has a large enough number of projects to be of concern.
I don't know why or what sourceforge is that is is such a big deal to have projects here. Big fat Pipe perhaps?
There are plenty of tools for individual projects and group projects that work just fine and are free for everyone too use.
There are too many gotcha's that could impact too many projects if someone got in and decided to spend the next 5-10 months secretly writing small back doors into fairly large projects, that just perhaps not many would notice.
Makes my skin crawl just thinking about it.
I think source forge should probably be a "BinaryForge" with MD5 and CRC signatures with perhaps the ability to sign out certs for binarys that are extremely critical.
Perhaps a mechanism to post builds from CVS systems authors maintain themselves to sourceforge of binaries would be OK.
At least that would maintain the ease of use of getting all your goodies from one location.
But in general I don't think it is a good idea to have so many open source source code trees in one place on the net.
-hack
Re:Why isn't everyone kicking CmdrTaco's ASS? (Score:5, Insightful)
I was thinking something along those same lines, but then I remembered that he's talking about a service that it costs money to continue providing. He's not talking about source code or software, he's talking about a website providing a service.
There is a very big difference.
We're lucky to live in a time when people are giving away their code, but we're luckier still to live in a time when there are SO many entirely free (except for ads) web services.
All the same, free or not, I can't think of an above-the-board reason a why site would need a policy allowing it to change it's terms of use without first notifying it's users. That just seems low down and shady.
With all due respect... (Score:4, Insightful)
Re:Conflict of interest and logical problem (Score:3, Insightful)
*My* feeling is that this TOS change is not a substantive change. The part in which the Privacy Policy is disavowed is done specifically because *if* the site is cracked, then we're lying about protecting it - not because we're going to sell anything. I'll shoot myself in the eye before we do that.
Further proof... (Score:3, Insightful)
It's the same general deal you get anywhere these days:
You can't get us for nuttin..
We don't know nuttin, and if we did, we wouldn't admit it anyway..
If you got it, it's ours, an' we're gonna take it no matter what you do..
Here's a real punchline from the Privacy Statement:
uh.. then who is in a position to guarantee what Sourceforge itself has just attested to?
No-body!
End of discussion!
And have a nice day!
t_t_b
Re:Why isn't everyone kicking CmdrTaco's ASS? (Score:5, Insightful)
And in case you didn't know... alot of the volunteer housing projects aren't exactly examples of fine craftsmanship... but it is the BEST people can offer. they are trying to help and make a difference. So shut up and take it... or shut up and dont' take it... or speak up and DO something about it. What have you done?
what is a viable business? (Score:3, Insightful)
Let's see, Microsoft spends $1,000,000,000 to promote XP through print, TV, Radio, purchase of journalists, politicians and stenographers and billboards. This brings abslolutlly nothing in return but some marginal good will that they nullify with poor programs and scandal. Their sales are kept through extortion and other monopoly tricks. Yet people consider it a viable business.
You would conclude that Red Hat, IBM and Source Forge taken as a unit are not a viable business? Source Forge returns good will and programs for free use to both Red Hat and IBM. Without that kind of PR, what does Open Source have? The scale of losses you quote, if accurate are nothing to a company with revenues in the billions. Those paltry millions, spent on ordinary adverts, could hardly push a brand of soap.
The only think that can kill source forge is a betrayal of free software or some other greedy grab move. It's bad enough that they would switch to comercial databases and made the site an advertisment for software they would sell rather than a demonstration of free software they would service and issue with equipment. Anything to lessen Source Forge good will or software contribution would hurt them more than any direct costs.
Re:Sourceforge.net not a viable business (Score:3, Insightful)
If either company wanted to be more targeted, they could set something like SF up and be more selective of their projects.
Re:Sourceforge shutdown and your code (Score:3, Insightful)
(This includes mailing list archives)
Pat-
How does this save sourceforge money? (Score:3, Insightful)
But what I fail to comprehend is -- how on earth do these new terms create any reduction in the cost of running Sourceforge?