> I find it quite scary to have someone not very tech smart download software without an ad blocker - you get one proper download link and about 10 ads saying download here linking to malware.
Non-tech smart users? It's hard enough on some sites that your average cybersecurity researcher with a decade of experience is going to have a hard time!
FWIW after Sourceforge was sold around 2016 does not have malware anymore and they added scanning to downloads. Also they do not show any ads if you are logged in (though i do not know if this was done before or after the sale).
Good! Unfortunately for them, the world moved on, negative reputations are hard to shake, and they missed the ball WRT keeping up with the status quo of open source community repos.
The last piece of software I occasionally visited sourceforge to get was WinScp, and actual SSH on windows means I no longer need to do that (I was only ever using because it was the easiest way to do it given no CLI option). 15-20 years ago quite a bit was on there though. It was the proto GitHub which wasn't in any position to respond when GitHub came to prominence.
Non-tech smart users? It's hard enough on some sites that your average cybersecurity researcher with a decade of experience is going to have a hard time!