It was just this week that I was kvetching about crapware being installed, or trying to be installed, with routine software updates. Apparently this is going to be the rule, rather than the exception, from here on out:
When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy. (baring unintentional bugs)
They do not expect the software to be a source of “drive by installer” style malware, spyware, adware, or any other unrelated/unintended software.
SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust.
With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them.
In terms of sheer enormity, this is like PBS replacing Charlie Rose with Jerry Springer.
Oh, and guess where OpenOffice sends you to download the suite? Yep. Supposedly this is opt-in — the developer need not submit his package to this kind of wrapping, if he’s willing to forgo the revenue that supposedly would be generated therefrom — but bad downloads eventually crowd out good ones, à la Gresham.