Oh, how the mighty have fallen. In the "we totally didn't see this one coming" department, SourceForge is under fire for "enhancing" downloads offered on its website via the seemingly industry-standard practice of wrapping applications in new installers that beg users to add other software of questionable value.
The initiative behind the practice is called DevShare. It's optional for developers, and it's been in operation since 2013 as a way for the site to share revenue. DevShare was met with some criticism when it was introduced, most notably from the GIMP Project, which subsequently removed SourceForge as a primary download mirror. The folks behind the GIMP complained about not only the installer practices, but also advertisements masquerading as legitimate download links.
As more popular projects got their installers under the DevShare umbrella, more people started noticing. Scott recently downloaded FileZilla and was greeted by an offer to install additional software.
Yo dawg, I put an installer in the installer for the installer
Things have taken a somewhat darker turn since then. The GIMP project had a SourceForge account acting as a secondary mirror for Windows binaries. SourceForge took over that account and altered the installer. The project now falls under the "sf-editor1" account, which also happens to include a lot of other high-profile software.
SourceForge explained in a blog post that the "GIMP-Win project wasn’t hijacked, just abandoned," and it provided a similar statement to Ars Technica. However, the official GIMP site disagrees with that assessment.