In looking at this myself, I concur with everyone else's opinions. It is a good point that our download mirroring is a crucial part of our online presence, and thus it is important that our decisions about changes to that be especially conservative and risk-adverse. I do like the passion they show for helping Open Source projects and would certainly be interested in partnering with them in other areas of mutual benefit.
Bryce On Fri, Oct 26, 2018 at 08:26:34AM +0100, C R wrote: > After further consideration, and Mc's pointing out past hackings, I think > also "no". > > I also dislike adverts on download pages as they can be used to trick the > visitor into downloading something they didn't intend to, or go somewhere > they don't want to go. > > -C > > On Wed, Oct 24, 2018 at 9:30 PM Marc Jeanmougin <m...@jeanmougin.fr> wrote: > > > Hi, > > > > > > On 10/24/18 7:43 PM, docto...@gmail.com wrote: > > > Our proposal: Use FossHub as the primary download mirror, […] > > > > > > I would not agree with that. > > > > > > (0) They are free to host a mirror of our files (which they already do : > > https://www.fosshub.com/Inkscape.html * ), > > > > but > > > > (1) we already have fastly as a powerful CDN [so we don't really "need" > > the service]; > > > > (2) Their business model of having an advertisement banner to get income > > is opposed to my principles (also, I'm not sure how much traffic we > > would send them, but 20k$ is like 4M views which we would probably send > > over a year (Martin, do you know how many yearly page views we have on > > the /releases/ section of the website ?) ); so in addition it would look > > financially strictly worse than putting an ad on inkscape.org > > > > (3) Their policies** are sort of restrictive and very much > > script-unfriendly > > > > (4) Loss of control over the files served, from us (not our website) and > > for people in general (served from a website that is afaik not open > > source*** while our website is) > > > > (5) Centralization of official (primary) downloads places for > > high-profile open source software makes for high-profile targets. They > > were already pwnd 2 years ago**** when their major hosted projects was > > Audacity, with unsalted password exposed and people downloading malware. > > > > -- > > > > Mc > > > > > > > > > > *: « Inkscape is a source vector graphics software that took nearly half > > a decade to create. The program is supposed to compete with Adobe® > > Illustrator®, yet many users claim that it falls short of Adobe® high > > standard. » > > > > **: https://www.fosshub.com/faq.html#fh-tou-o1 > > > > ***: and using direct web requests to cloudflare, google, adsense, and > > onesignal analytics while we only use "inkscape.org" requests > > > > ****: > > > > https://www.theregister.co.uk/2016/08/05/pegglecrew_we_hacked_fosshub_so_ransomware_scum_couldnt_and_also_for_fun/ > > > > > > > > > > _______________________________________________ > > Inkscape-board mailing list > > Inkscape-board@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/inkscape-board > > > _______________________________________________ > Inkscape-board mailing list > Inkscape-board@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/inkscape-board _______________________________________________ Inkscape-board mailing list Inkscape-board@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-board
