SourceForge, once the go-to repository for open source projects large and small, on Wednesday quietly gave project websites using the service the ability to secure their projects through an SSL HTTPS connection.
It shouldn't take an Einstein to figure out why this would be useful. In this day and age, with black hats working overtime to compromise everything on the Internet, connecting to a project's crown jewels -- its code -- through an insecure HTTP connection makes absolutely no sense whatsoever, even though all uploads are securely protected. In addition, this is the direction the web is moving, with nearly all web sites expected to be serving HTTPS pages within the next couple of years.
According to the notice posted by SourceForge explaining the new feature, implementing it is easy: "With a single click, projects can opt-in to switch their web hosting from http://name.sourceforge.net to https://name.sourceforge.io Project admins can find this option in the Admin page, under 'HTTPS', naturally." After the changes, the old domain will automatically redirect to the new.
One click. No fuss. No muss. Nice.
If you're an administrator, you probably won't wonder why the decision was made to make the switch opt-in instead of just making it automatic for everybody, but we asked anyway.
"It’s opt in because our HTTPS instance of SourceForge is on the SourceForge.io domain," Logan told Dev Pro. "We didn’t want to forcibly move projects from SourceForge.net to .io without people’s consent or knowledge of the change. In addition, elements on websites don’t always automatically just work with https. Projects may have to make updates to their site so they don’t have mixed http/https content, etc."
In addition, he pointed out that the domain name extensions, .net and .io, "keeps the project website cookies separate from the main site."
Since purchasing SourceForge, along with the social media site Slashdot, in January, the new owners have been scrambling to return the site to relevancy. Under the management of previous owner Dice Holdings, the company had suffered from many controversial -- some would say unethical -- missteps which led to many large projects, most notably the photo editing application GIMP, to very publicly leave to find homes elsewhere.
Under Logan's leadership, SourceForge has not only done away with all programs that users found objectionable, it's added new features as well, like onsite malware scans and Internet speed tests. This seems to have quelled further abandonment of the site. There have been no recent reports of projects leaving the site in protest, and many large projects -- including some popular Linux distributions -- remain.
Although it's a given that the site will never again be the dominant open source repository it once was -- mainly because there's more competition now from the likes of GitHub -- it's good to see it taking steps to insure its survival.