SourceForge Terms of Service Change, Users Unhappy 444
An email fluttering around a few mailing lists has been submitted in
various forms here today. It's about changes to the SourceForge
terms of service. Some relevant links unclude the
old terms,
new terms,
old privacy statement,
new privacy statement
and
contact for "questions or concerns"
(Patrick McGovern, Site Director). Obviously since SF is owned by the
same parent company as Slashdot, I'm biased and corrupt and you should
ignore my opinions on the subject, but while
I don't particularly like this any more then anyone else, I also
don't think it's the huge deal that others are making of it. Especially
considering projects aren't paying for the free service. You get
what you pay for after all.
I have attached a summary to this article of the changes that are
being called into question if you don't want to do a mental diff
on the links above.
This list was submitted by a few different users and was apparently originally posted to several mailing lists, although I don't know who actually originally wrote it. I just quote it here for reference.
- They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
- They can henceforth remove user accounts without giving a reason. (Currently they are obliged to have a reason, though the set of acceptable reasons is open-ended.)
- They're no longer obliged to make the contents of a deleted account available to its owner. (There was previously a "reasonable effort" clause to that effect.)
- They're no longer obliged to provide notice of changes to the privacy policy, unless the changes are "substantive". (Currently they are obliged to provide notice of any change.)
- The privacy policy is acquiring a disclaimer that amounts to "this is not true". It actually disclaims the entire privacy policy.
I dunno ... (Score:3, Interesting)
hmm (Score:5, Interesting)
Sourceforge reality. (Score:5, Interesting)
Anyone who's using Sourceforge to host their project, as I am, should be realistic about what they're getting and for how long they'll get it.
First of all, I love sourceforge. It gives me all of the things I want right out of the box and for free. User forums, bug tracking, SSH CVS, and so on.
However, it is free and I think we all know has a pretty slim chance of making money. With that in mind, no matter what their polcies state there seems to be a pretty good chance of them just exploding one fine morning and taking a whole bunch of source down with them. Make backups, I should too.
Other than that, we can be a demanding lot so try to go easy on these guys, let's give them a chance to survive.
Substantive? (Score:2, Interesting)
My only problem (Score:2, Interesting)
What are the chances ... (Score:5, Interesting)
SF is a great resource and all, but there needs to be some way to filter out the abandoned stuff.
Indemnity is the real issue (Score:2, Interesting)
In other words, if I do something that upsets a corporation with a legal department, and SourceForge gets sued, I have to pay their lawyer's bills.
Because of that clause, I can't do anything that is legally sensitive; and because free software is by definition revolutionary, I can't do anything real or important on SourceForge at all. I respect and admire the Freenet people, who are going ahead and hosting with SourceForge anyway, but I have no wish to emulate that display of courage. I don't blame SourceForge for having the indemnity clause in their TOS, but it means that their service isn't much use to me. The risks are just too great.
Incidentally, y'all have missed the most important new terms in today's revised TOS - the new DMCA compliance terms. Those, too, are perfectly understandable, and I can't blame SourceForge for having them. As a business operating in the U.S.A., SourceForge is legally obligated to have DMCA compliance procedures. But if I had any illusions left that SourceForge was part of the revolution, those illusions are gone now. SourceForge is now just another profit-making business, and I don't need, or have any particular reason to want, to do business with them. I'll be hosting my free software on amateur servers outside the U.S.A. (I'm outside the U.S.A. myself) where I can be assured of its continued freedom.
Perhaps related to DOS attacks (Score:2, Interesting)
Anyhow let them have the tools to do the job. Personally I think they ought to offer the service for a small fee, something like a web hosting service but tune'd for the software distributor. I already keep a seperate web space and could just as easily host at sourceforge. They should also have shopping cart service for shareware and for developers that do both freeware and commercial software. Finally a small fee based update subscription service would be great for people who don't have the time to track all the different projects. Something that auto-pulls stuff to your system but lets you control install/backup
Sourceforge has yet to compete with Bugzilla (Score:4, Interesting)
Bugzilla/bonsai/tinderbox provides a more complete solution. We were even able to modify the trio to deal with java, our many different build scripts (make is rather lacking for java), and our test automation.
What we found was that Sourceforge provided discussion groups which we got using exchange or INND, bug tracking which wasn't nearly as feature rich as bugzilla, and cvs integration which bonsai provided just as well. It was still lacking the automated builds, and by the time they got back to us after linuxworld we had allready deployed the bugzilla solution (partly thanks to some nice debian packages put together by Remi Perrot).
One large drawback is that bonsai relies on glimpse as its fulltext indexer. Glimpse used to be free but since then has gone commercial. We were, however, able to find some old glimpse source (which may have been GPL or artistic license - perhaps we should redistribute the old code as GNUlimpse).
We have made our own tweaks to bugzilla/tinderbox/bonsai and contributed a few of them back to the mozilla developers (in the future probably all will be recycled into the public implementation).
How do I remove my account? (Score:1, Interesting)
I've been suspicious of Sourceforge stability (Score:2, Interesting)
Savannah is a gnu.org alternative to SF; comments? (Score:2, Interesting)
Re:Alternatives (Score:1, Interesting)
Here is a case study from my own OpenSource project setup:
- qmail/ezmlm for mail server/mailing lists, hypermail for mail archives
- ssh/scp for secure file access/server administration
- cvs for code repository (including ssh and anonymous access)
- apache for the web server (with virtual host for every project)
Note, there is no bug tracking - this is a missing part of such setup. I was reluctant to use bugzilla, since it is CGI-based and therefore vulnerable to attacks
Also there is no FTP, since I hate to install a new patch every week (same is true for sendmail, therefore qmail is used) Files are uploaded via ssh/scp, downloads are done via HTTP
This proved to be an ideal setup. Simple secure and extensible. Since it is a community project, user requested features (say, nightly builds) can be implemented on request pretty easy. A DSL connection and a static IP is all you need to host such a beast.
- Andrus
andrus a t objectstyle.org
http://objectstyle.org
Why isn't everyone kicking CmdrTaco's ASS? (Score:3, Interesting)
Did CmdrTaco, one of the helmsmen of the most popular Free/OS news sites in existence just mimic what Microsoft PR/FUD machine has been saying since Linux showed up on its threat radar?
Why isn't everyone kicking CmdrTaco's ASS?
Re:gnu savannah (Score:3, Interesting)
Needed: tools to recover bug lists, patches, etc. (Score:2, Interesting)
So, here's what we need:
1. Tool to "web-scrape" the contents of the bug-list for a project.
2. Tool to "web-scrape" the contents of the patch-list for a project.
3. Tool to "web-scrape" the mailing list archive and member list for a project.
4. Tool to put together a mirrored CVS repo (a la CVSup, but it just needs to work in one shot).
5. Any other similar tools to above needed to reconstitute project state on a different host.
Putting an XML-RPC interface on these would allow them the most general use.
We've always needed them. This announcement doesn't really change anything, but it should bring the point home that we who admin projects are responsible for our own disaster recovery, just in case Lars Ulrich decides he owns that sample mp3 of your cat hacking up a hairball because it sounds just like Metallica.
And finally, just a common sense clarification, in case some people don't get it: don't put crypto on SF, because it'll probably get DMCA'd.
I'll start the project on sourceforge.net (of course). Volunteers welcome.
Re:Big deal (Score:2, Interesting)
Re:Journalistic efforts when covering one's self (Score:2, Interesting)
It is? I'd argue that Taco and all teh editors here are just replaceable figureheads.
My offer is open (Score:2, Interesting)
If you want hosting, no ads, no hidden requirements, no surprises, let me know. The SOSDG is run by individuals, not by any company.
The Summit Open Source Development Group [2mbit.com]
Re:Big deal (Score:2, Interesting)
Re:Further proof... (Score:5, Interesting)
I run a very small (read: profits are almost half my car payment) web hosting service under the flag of openness and freedom of content. I started it because I got upset that every single host I went with wanted to corral me into a year contract, tell me what I couldn't do or say and take credit and the ability to edit my personal thoughts and ideas. Originally, it was a co-op, and I began to take on extra users who wanted the same thing -- ownership of their work and a fair charge for the low bandwidth they were moving.
In the past three months we've grown a dozen times larger -- so big that I no longer know every site op by name. Now, I don't want to have to force the new people to sign a TOS or a EULA. I think that posting the rules on the frontpage should be good enough for everybody. But I'm afraid. We've had a couple users ask if they could serve porn, and when I said no a few signed up anyway. I trust them (and check my logs), but if I go away on vacation and one of them starts serving nude shots of Frankie Muniz, I'm the one who gets in trouble. I'm the one who's got his name on the tax forms, and I don't intend to incorporate the business.
So I'm stuck. I want to let users do their own thing, own their own shit, but I'm the one who's ass is on the line. If one site slips up, they all go down. Everybody loses their stuff and all the good I've tried to do, all the bright young folks I've formed relationships with are scrambling for a new host. Someday soon I'll need to call my lawyer (okay, I don't have a lawyer to call my own, I'll have to pick a name out of the phone book) and have him draw me up a plan for a TOS. It'll probably be pretty brutal. Legally, I'll have to claim responsibility or ownership over users and content so I'll have the ability to pull it if I have to. And I'll have to do the same stupid shit, bowing to C&Ds and dropping user info and so forth.
It won't make me as a host and as a person any more of an asshole. I won't trade email addresses for cigarettes or claim rights to rkm's work [somethingpositive.net]. But I'll look just as corporate and uncaring as the rest.
Just think about it, baby, before you hate the legalese. You can't avoid being screwed without screwing somebody on paper. At the end of the day, it all comes down to who you trust, and after these long years with Slashdot, OSDN and SourceForge, I guess I trust VA. I have to, they designed my new server!
Shameless plug: webslum.net [webslum.net]. Say you read this post and I'll give you a free shell
Slashdot hypocrisy (Score:1, Interesting)
Most Slashdot users don't post their exact email addresses on the pages. They put NOSPAM or REMOVETHIS in the middle of the address. It's a very intelligent thing to do - spammers have robots that harvest email addresses from web pages.
So what do we do when we get angry with someone? We post a hyperlink their email address on the front page. No NOSPAM. No link to a page CONTAINING the email address. The email address right where it can first be Slashdotted, and then harvested by spammers.
What a disgrace.
Let's think about exploiting p2p (Score:3, Interesting)
How can we surmount this problem? Maybe by making a set of standards (beyond the informal ones that exist now) for how to document what your software is and where to get it. This could be a variation on the old
I am concerned that a lot of good code and good projects are left to die while other people re-invent that particular wheel. Since FS/OS is based on volunteer work, we can't really afford to throw it away or waste it. I hope other people who also have ideas about this will reply to this, and perhaps we can get together a mailing list or something to brainstorm about possible solutions to this problem.
this is the part I hate.. (Score:4, Interesting)
They can henceforth change the terms without notice, just by posting the new terms on the website. (Currently they are obliged to give 15 days notice by email, a period that we are currently in for this change.)
This is the part that disgusts me about "Terms of Use". Basically, they could say anything they want, and you would be bound by it, before you can even read it!
So Tuesday, they can say they don't own the copyright in your programs, but Wednesday they can, and NOBODY WOULD KNOW until AFTER the terms went into effect.
Yes, they have the right to put pretty much anything in their terms, BUT they should have to make a reasonable effort to inform their users of any new terms.
Free markets work best when information is available about your choices. Saying "if you don't like it, go elsewhere" is silly if you don't know what it is exactly you just agreed to.
There should be a consumer protection law that says, you have 30 days before new terms go into effect, no matter what. Then you would know, just have your attorney or your web-page watcher script check the terms every 30 days. But now, they can change them twice a day, or just for 5 minutes every night, or whatever, and nobody knows.
Of course every company is completely honest and above-board and would never change their terms like that, would they??
Re:what's wrong with these changes (Score:3, Interesting)