In looking at this myself, I concur with everyone else's opinions.
It is a good point that our download mirroring is a crucial part of our online presence, and thus it is important that our decisions about changes to that be especially conservative and risk-adverse. I do like the passion they show for helping Open Source projects and would certainly be interested in partnering with them in other areas of mutual benefit.
Bryce
On Fri, Oct 26, 2018 at 08:26:34AM +0100, C R wrote:
After further consideration, and Mc's pointing out past hackings, I think also "no".
I also dislike adverts on download pages as they can be used to trick the visitor into downloading something they didn't intend to, or go somewhere they don't want to go.
-C
On Wed, Oct 24, 2018 at 9:30 PM Marc Jeanmougin <marc@...143...> wrote:
Hi,
On 10/24/18 7:43 PM, doctormo@...23... wrote:
Our proposal: Use FossHub as the primary download mirror, […]
I would not agree with that.
(0) They are free to host a mirror of our files (which they already do : https://www.fosshub.com/Inkscape.html * ),
but
(1) we already have fastly as a powerful CDN [so we don't really "need" the service];
(2) Their business model of having an advertisement banner to get income is opposed to my principles (also, I'm not sure how much traffic we would send them, but 20k$ is like 4M views which we would probably send over a year (Martin, do you know how many yearly page views we have on the /releases/ section of the website ?) ); so in addition it would look financially strictly worse than putting an ad on inkscape.org
(3) Their policies** are sort of restrictive and very much script-unfriendly
(4) Loss of control over the files served, from us (not our website) and for people in general (served from a website that is afaik not open source*** while our website is)
(5) Centralization of official (primary) downloads places for high-profile open source software makes for high-profile targets. They were already pwnd 2 years ago**** when their major hosted projects was Audacity, with unsalted password exposed and people downloading malware.
--
Mc
*: « Inkscape is a source vector graphics software that took nearly half a decade to create. The program is supposed to compete with Adobe® Illustrator®, yet many users claim that it falls short of Adobe® high standard. »
**: https://www.fosshub.com/faq.html#fh-tou-o1
***: and using direct web requests to cloudflare, google, adsense, and onesignal analytics while we only use "inkscape.org" requests
****:
https://www.theregister.co.uk/2016/08/05/pegglecrew_we_hacked_fosshub_so_ran...
Inkscape-board mailing list Inkscape-board@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-board
Inkscape-board mailing list Inkscape-board@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-board