Black “mirror”: SourceForge has now taken over Nmap audit tool project [Updated]

SoureForge has sworn off its ways of wrapping “unmaintained” code from open source projects in installers that offer bundled commercial products in the wake of objections raised by some open source communities. But one policy remains in effect—the takeover of project pages SourceForge’s staff decides are inactive, and assignment of ownership of those projects to staff accounts. One of the latest projects grabbed in this way is the Nmap security auditing tool.

The practice of reassigning ownership was broadly exposed by SourceForge’s takeover of the project page for the Windows version of the GIMP image manipulation tool. While SourceForge staff claimed in a blog post that the project’s account had been abandoned, an official statement from the GIMP development team denied that SourceForge had contacted them about the account, saying that no permission had been given to SourceForge to take over maintenance of the project.

Something similar happened to Nmap, as its developer Gordon Lyon reported in an e-mail message to the project’s mailing list today. “The bad news is that Sourceforge has also hijacked the Nmap account from me,” Lyon, known as “Fyodor” in Internet discussions, wrote. “The old Nmap project page is now blank. Meanwhile they have moved all the Nmap content to their new page which only they control. So far they seem to be providing just the official Nmap files (as long as you don’t click on the fake download buttons) and we haven’t caught them trojaning Nmap the way they did with GIMP. But we certainly don’t trust them one bit! “