[jr2]

Unsure if this is as bad as it seems, but:

http://seclists.org/nmap-dev/2015/q2/194

The comments on reddit have links to compromised projects.

http://reddit.com/r/technology/comments/38dnue/sourceforge_has_begun_hijacking_popular_accounts/


Shorter list of more recognizable ones:

openoffice, audacity, fedora, firefox, gimp, gnu privacy guard, joomla, libre office, multiwii, neverball, nmap, sqlite, simulationcraft, snort, texworks, transmission, vlc media player, wordpress, recaptcha, apache, mame, mysql, thunderbird

So be sure to get those goodies from another source.   (alternatives mentioned in the reddit comments)

[Bobboau]

yeah, and the same company owns slashdot and has been censoring any news of this for a while (oh wait, they aren't a government, I guess this is just fine). Also, some of the affiliated projects are complicit, like filezilla, they have received complaints about this and have been like "tough ****"

related article: http://arstechnica.com/information-technology/2015/06/sourceforge-locked-in-projects-of-fleeing-users-cashed-in-on-malvertising/

I don't get why anyone was still using them as of four years ago, github had them beat on all fronts.