This used to be the go-to place for software - they allowed people to host software and a lot of the big applications used SourceForge as their home base.
Now it seems that they have tampered with the files, adding ad-ware and mal-ware to the original content.
From Ars Technica:
SourceForge grabs GIMP for Windows’ account, wraps installer in bundle-pushing adware
SourceForge, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community—locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements.
Update: In a blog post issued shortly after this story posted, an unidentified member of SourceForge's community team wrote that, in fact, "this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current." That runs counter to claims by members of the GIMP development community.
The GIMP project is not officially distributed through SourceForge—approved releases are only posted on the GIMP project's own Web page. But Jernej Simončič, the developer who has been responsible for building Windows versions of GIMP for some time, has maintained an account on SourceForge to act as a distribution mirror. That is, he had until today, when he discovered he was locked out of the Gimp-Win account, and the project's ownership "byline" had been changed to "sf-editor1"—a SourceForge staff account. Additionally, the site now provided Gimp in an executable installer that has in-installer advertising enabled. Ars tested the downloader and found that it offered during the installation to bundle Norton anti-virus and myPCBackup.com remote backup services with GIMP—before downloading the installer authored by Simončič (his name still appears on the installer's splash screen).
Talk about blowing your credibility - most people now use GitHub but the fact that SourceForge is tampering with the packages is fscked.