Sourceforge (1 Viewer)

[Rick164]

Sourceforge is really going downhill, for instance the SF FileZilla project page download links randomly points to sourceforge.perkydownloadcity.com which has a packed installer containing adware/spyware while sometimes it gives me the right one from Heanet so some bad stuff is going on here.
uBlock Origin also blocks it as being suspicious (Badware risk), are there any plans to move hosting to a new location (GitHub releases perhaps)?

 

[high]

hasn't been really discussed cause SF is no issue for active projects but if someone prefers github he can get both from github now too:
MP2: https://github.com/MediaPortal/Medi...ease15_Update1/MP2-Setup-Summer15_Update1.zip
MP1: https://github.com/MediaPortal/Medi...ease_1.12.0/MediaPortalSetup_1.12.0_Final.zip

 

[Rick164]

In the case of FileZilla it seems to affect active projects as well (recently updated on their homepage), just tried it in different browsers and the download links do change randomly for their client software:

https://filezilla-project.org/download.php?type=client

if you click download from sourceforge you will land on the sourceforge.net download page however it will automatically serve you with an adware embedded installer called "PUA/InstallCore.JM" which gets blocked by Avira.
uBlock lists a few cases of it:

https://github.com/gorhill/uBlock/wiki/Badware-risks

Not sure if switching to Github entirely would be better as they have no statistics and such but wouldn't trust sourceforge at all at this point so might be worth discussing with the team

 

[high]

Filezilla opted in for that adware stuff. Their choice but not relevant to our files (at least not until SF actively change that). To be fair, we host mp-releases on SF for over 10 years with very very few issues and none where about file-integrity. So imho a new solution must be better, not just because it's not SF. Any proposal is welcome. In case we can easily host on our own servers, I just prefer more mirrors

as they have no statistic

they have dl-counts but pretty hidden and not that accurate as SF, you need a tool like http://www.somsubhra.com/github-release-stats/?username=MediaPortal&repository=MediaPortal-1 to get the dl-amount per release.

 

[Rick164]

Filezilla opted in for that adware stuff. Their choice but not relevant to our files (at least not until SF actively change that). To be fair, we host mp-releases on SF for over 10 years with very very few issues and none where about file-integrit

Ah right didn't know that, some other projects like notepad++ did notice the inclusion of fake download buttons on the project pages (ads) which looked a lot like the real deal (same position / styling) so that was one the reason they switched as they got user complaints.

So imho a new solution must be better, not just because it's not SF. Any proposal is welcome. In case we can easily host on our own servers, I just prefer more mirrors

Yeah agree that other options aren't that great or better and self-hosting can be costly, haven't had any issues with MePo downloads so far except that you have to careful on SF.net in general as their motives aren't the same after the takeover (more $$$ orientated now) so have to double-check the downloads.
If I find a better alternate will let you guys know