Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
SourceForge Security

SourceForge Introduces HTTPS Support For Project Websites (sourceforge.net) 44

SourceForge announced on Wednesday that it is introducing HTTPS for all project websites on its platform. Once a project has been moved to HTTPS, old domain will automatically redirect to their new counterparts, resulting in no loss of traffic or inconvenience. From a blog post on the site: With a single click, projects can opt-in to switch their web hosting from http://name.sourceforge.net to https://name.sourceforge.io. Project admins can find this option in the Admin page, under "HTTPS", naturally.There's also a guide to assist developers with the transition. SourceForge launched HTTPS support for SourceForge.net back in February, but this rolls out HTTPS support to individual project websites hosted on SourceForge. There's also a Site News section on the website now where you can read about all SourceForge changes and improvements over the past year since SourceForge was acquired by BIZX, such as eliminating the DevShare program and scanning all projects for malware.
This discussion has been archived. No new comments can be posted.

SourceForge Introduces HTTPS Support For Project Websites

Comments Filter:
  • I thought sourceforge was one of the bad guys now that they're manipulating projects irrespective of those project maintainers...
    • Re: (Score:3, Insightful)

      by Anonymous Coward
      That was last year under DICE. New owners put an end to it. http://www.pcworld.com/article... [pcworld.com]
      • That was last year under DICE. New owners put an end to it. http://www.pcworld.com/article... [pcworld.com]

        Interesting, because as we can see from the comments, the smell still lingers. That fart was not silent but it sure was deadly.

        • Re:Bad guys (Score:4, Insightful)

          by Kobun ( 668169 ) on Wednesday November 30, 2016 @02:20PM (#53395133)
          Speaking from the position of an IT admin - I cannot unblock Sourceforge yet. It will remain locked off to my users as long as this is the status quo - https://sourceforge.net/projec... [sourceforge.net]

          Yes, their installer is scanned for Malware. But then the installer downloads malware during the installation process. My users are not observant enough to be trusted to read a notice "This project uses a 3rd party installer", and certainly not seasoned enough to infer that the message means "download malware here". I've reported this project as distributing malware a few times now since Slashdot/Sourceforge's change of hands, so its continued virus-laden distribution tells me everything I need to know about how much trust I should put in the new regime.
        • by TWX ( 665546 )
          I did not know either. A reputation built over decades can be destroyed in a moment and will then take decades to rebuild again.
          • Yes we acquired SourceForge just this year, and yes what you say about reputations is true. SourceForge's improvements this year weren't covered nearly as much as their previous missteps, but we'll continue to improve it regardless for the 1 million+ users we see per day. Ars Technica did a good write up though. [arstechnica.com]
    • Re:Bad guys (Score:4, Insightful)

      by 93 Escort Wagon ( 326346 ) on Wednesday November 30, 2016 @01:28PM (#53394569)

      The new-ish owners of SourceForge / Slashdot seem to be trying to find a way to rebuild the mindshare and site reputation which the former owners did their best to destroy. But doing that while simultaneously figuring out how to not hemorrhage money is a tough nut to crack on today's internet. I wish them luck - I really want both sites to succeed - but I'm also glad it's not my problem to solve.

      • by TWX ( 665546 )
        Eh. Honestly my return to Slashdot was mostly predicated by the cesspool that other general-purpose forums became after this election cycle got into swing.

        I get the problem that specific-focus mediums have, there's a natural cap to growth based on the size of the market served plus the possible number of competing mediums. Unfortunately people seem to think that they can convert a medium from one subject-focus to another without understanding why the medium worked to begin with and how the attempts to
        • There's still over 1 million users per day on SourceForge, and over 500,000 projects hosted there. Perhaps we've lost some people from back in the day, but it's still a large amount of people using SourceForge every day that we are focused on doing right by.
          • by TWX ( 665546 )
            Well hopefully this will truly manage to save it. I've been avoiding projects hosted on it because of the problems that were reported. Maybe it's time to take a look again.

            I'm just not a fan of github, seems like a lot more zeal relative to actual quality over there. And Freshmeat's dead too if I remember.
          • by tepples ( 727027 )

            Is there a timetable to ensure that important features can be used without JavaScript or with only free JavaScript [gnu.org]? The Savannah code hosting service, based on a fork of the software that SourceForge uses, appears to work without any proprietary JavaScript.

  • Why? (Score:4, Interesting)

    by hsmith ( 818216 ) on Wednesday November 30, 2016 @01:33PM (#53394611)
    Source forge is incredibly annoying to use, and git/github/bitbucket have all pretty much become the ubiquitous tools for hosting projects on. If I find an OS project on SoureForge, I assume it is long since abandoned.
    • by sims 2 ( 994794 )

      I am constantly surprised by things that haven't been updated since 2008 that still work correctly on windows 10.
      Then I wonder is it abandoned or has it just not needed anything fixed in the last 8 years?

    • by Anonymous Coward

      There are some good projects that are still going on SourceForge. In fact, some developers like it better because the higher barrier to entry means you don't have to deal with the noise of +1 comments, PRs to remove "long" from all instances of "long long int," SJW drama over the use of master/slave and pronouns and duplicate bugs galore because people don't know how to search.

      The main things I would change with SourceForge:

      Making activity more visible by adding more info to " 4.3 Stars (28) 3,788 Download

  • by ahziem ( 661857 ) on Wednesday November 30, 2016 @01:54PM (#53394803) Homepage
    I appreciate the changes SF has made, but in January I moved my web hosting from Sourceforge to my own infrastructure. Now I have HTTPS, can make outbound HTTP calls, have more control over the backend, and the web site is 10x faster. It does not cost much, and with reverse proxies, I was able to weather several huge traffic spikes without a blip.
  • https on "social" sites (non bank/finance/medical...etc ones traditionally needing encryption), mostly benefits the site -- not so much most user. It usually harms users more than not as it prevents content caching and local-filtering. On a https site, I can cache near zero in my squid proxy (used by more than one account & user). That allows much tighter tracking of individuals as they go from site to site.

    On news and discussion sites, I can easily get over 25% of the requests satisfied locally --

  • "scanning all projects for malware"
    Irony!

The road to ruin is always in good repair, and the travellers pay the expense of it. -- Josh Billings

Working...