Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SourceForge nmap project analysis

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 3 Jul 2015 21:25:28 -0500
Max,

Nmap is not on SourceForge. The project moved to self-hosted Subversion
repositories many years ago, but Sourceforge persisted in keeping a
"mirror" up to continue to capitalize on the Nmap name. It's this "mirror"
that continually shows misleading ads, and it was a similar "mirror" of the
GIMP project that was hijacked to include bundled adware.

Nmap is currently on Github in a semi-official capacity. The Nmap Github
repository [1] is a read-only mirror of the Subversion repository that is
updated once an hour. We are making active use of the Github Issues
associated with that repository, which you can reach via
http://issues.nmap.org/. We like receiving pull requests because of the
ease of review and the integration with Travis CI, though because of the
read-only nature of the repository, PRs are converted to patches and
applied to SVN instead of being merged directly from the PR. We are
continuing to conservatively expand our use of Github, but with caution,
since the project obviously has a history of being burned by third-party
code hosting services.

Dan

[1] https://github.com/nmap/nmap

On Fri, Jul 3, 2015 at 9:54 AM, Max Schubert <maxs () webwizarddesign com>
wrote:


Fyodor,

Have you considered a move to Github? I moved away from Source Forge years
ago when they started doing all of this .. this may have been discussed
before, so my apologies if I missed the discussion.

Github is so much more accessible for developers and contributors and easy
to do releases from than Source Forge -  the issue tracking is straight
forward and captures lots of user context with comments and responses - and
the pull request process is awesome for swarm code reviews.

Are there philosophical reasons that cause you to want to keep nmap on
Source Forge?

- Max

On Fri, Jul 3, 2015 at 10:39 AM Fabio Pietrosanti (naif) - lists <
lists () infosecurity ch> wrote:


On 7/2/15 10:41 AM, Fyodor wrote:

On Sun, Jun 28, 2015 at 1:35 AM, Fabio Pietrosanti (naif) - lists
<lists () infosecurity ch <mailto:lists () infosecurity ch>> wrote:


    Given that SF is for the opensource community, and it's not

softpedia or

    download.com <http://download.com> or other pseudo-malware-oriented
    commercial sites,


Sadly, Sourceforge has gone that same route :(.  We need to judge them
on their actions, and those don't speak well of the current management.
You'd think that, after all this negative attention, they'd be on their
best behavior, right?  And that they'd be following their promise[1] to
eliminate fake download buttons?


I don't like non-constructive criticism, especially when we need to
judge on "actions" like you suggest.

Have you reported what do you describe by sending them an email to
blockthis () sourceforge net as indicated in the link you referred at [1] ?

It's easy to say "streets are plenty of holes" but then don't report
"that hole" to the municipality trough their reporting procedure to get
it fixed.

You may have a bias that SF is bad-behaving and i may have a bias that
SF is good-behaving.

But the facts are that for each single of the claims/issues being
reported there's a pragmatic reaction considering community needs.



-Fyodor
[1] https://sourceforge.net/blog/?s=blockthis



Fabio
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: