On 06/18/2015 11:06 PM, Benjamin Smith wrote: > Dunno if you're aware of recent tech news, but SourceForge isn't exactly a trustworthy source any longer.
Their claim is that they are only doing that projects that have been "abandoned". In theory, that means that they aren't yet doing it to anything distributed by _The Apache Software Foundation_. In practice, I have my doubts. ##### If somebody has something concrete, that meets the legal criteria for a chain of custody, and a chain of evidence, that demonstrates that SourceForge is putting things into either the project binaries, or wrappers used exclusively to download, or install the project binaries, then that needs to be reported/provided to the Apache Board pronto. In the meantime, what we have is SourceForge doing that which is dirty play, but nonetheless allowable under the license that it is distributed under. ##### I've seen several small projects look for somewhere to migrate to, because code commits that were apparently included in the SourceForge distributed binary, that they didn't approve/include. jonathon
signature.asc
Description: OpenPGP digital signature
