
A Change to Google Code Download Service - edwintorok
http://google-opensource.blogspot.com/2013/05/a-change-to-google-code-download-service.html
======
zmmmmm
That's crazy. Google can't tell the difference between legit downloads and
"abusive" material? Google Code projects are already tied to a Google user
account, what difference does it make if that user puts their abusive material
on Google Drive instead of the downloads section of Google Code?

There are tonnes of code hosting sites going back as far as SourceForge and
none of them ever came up with something like this.

There's something extremely weird about Google making this kind of developer
hostile move. Why would I use Google Code now when there are any number of
alternatives that have no problem with hosting downloads? It's like they are
_trying_ to drive us away. I hope it doesn't hint at Google Code being on the
"sunsetting" list in the future.

~~~
kkowalczyk
The difference is: you pay for Google Drive (including bandwidth).

To give you some perspective: I have a popular open source project hosted on
Google Code. I host my binary downloads via S3 and since it's popular, it
costs me $200+ a month in bandwidth.

If I used Google Code for hosting those binaries, Google would have to pay for
that and why should they?

And that's a grey area example i.e. I would be using the service as it was
intended to be used.

I'm pretty sure plenty of smart alecks simply abuse the service by putting and
random stuff there to avoid paying for bandwidth.

This is a tragedy of commons: Google offered a free service, people started
abusing it via excessive usage and Google chose to no longer offer that free
service (as opposed to e.g. spend their resource on never-ending battle of
policing abusers).

That is very much their right.

~~~
Jabbles
People download 2TB of binaries from you a month? What do you work on?

~~~
aidenn0
I'm guessing it's Sumatra PDF; author: Krzysztof Kowalczyk, hosted on google
code, and fairly popular.

~~~
barbs
A little off-topic, but thanks Krzystof for Sumatra PDF. Easily the best PDF-
viewer on Windows.

~~~
glitchdout
A little too much yellow. But yeah, I too find it to be the best.

------
conroy
As a developer of open-source, downloadable software (a video game), the
removal of download sections from source hosting websites (GitHub, Google
Code) is really frustrating. Instead, I either have to commit my binaries to a
repository, or host them myself of S3.

Edit: Yes, I know that many free options exist and I plan on switching to one
of them soon. I just wish that I didn't have to use another service for a
common task associated with software development.

~~~
Kerrick
Or dream host's Files Forever. You pay once to put them up, and then they can
be downloaded for free by anyone.

~~~
andfarm
Also gone for unrelated reasons, sorry: <https://files.dreamhost.com/>

~~~
Kerrick
Oh, bummer. Looks like their replacement [1] is a cheaper version of S3, but
they still charge for download bandwidth.

[1]: <http://dreamhost.com/cloud/dreamobjects/>

------
denzil_correa

        abuse with a significant increase in incidents recently
    

You mean to say people using Google Code to share porn, copyright material
etc. when they can actually do so via other more effective means?

~~~
dragonwriter
> You mean to say people using Google Code to share porn,

The abuse reports I find from doing a search seem mostly to be that and
malware, yeah.

> when they can actually do so via other more effective means?

I don't think Google really cares if people currently abusing Google Code's
download hosting _could_ do the same thing easier elsewhere or not, they care
that they _are_ doing on Google Code, and consequently _are_ consuming Google
staff resources (and, hence, $$) addressing the resulting abuse reports.

------
motters
This makes little sense, and seems like Google moving to distance itself from
the open source community. Without downloads it's extremely unlikely that the
average user will be able to try running an open source application.
Especially for the larger and more popular projects with multiple dependencies
the prospect of compiling from source can be quite daunting especially for
anyone who is not a software developer.

------
rurban
I especially chose code.google.com over github. After the SourceForge troubles
I thought, this is a big company, which will not go away soon. I can trust
them hosting my repos there. In comparison to github. But unfortunately github
turned out to improve their stack constantly in contrast to googlecode, and
now it seems they are also turning down downloads, though that would be a
feature that is much cheaper for them to support than for github. It's minimum
support cost, their bandwidth is free and almost unlimited. bad bad bad. I
start to regret my decision. Though really, binary downloads for open source
projects make not much sense nowadays. Compile from source or leave it to a
distro.

~~~
raylu
Binary downloads are often important for Windows projects, though.

~~~
rurban
So, if windows users cannot deal with open source they should get it from
closed source. The binary distros do exist. mingw or cygwin even have
graphical UIs. Not a googlecode problem. I hate to provide binary dll's for
lazy windows users. windows compilers are free nowadays.

~~~
raylu
A lot of these aren't Linux/POSIX projects so mingw/cygwin don't solve the
problem. It could be as simple as a python project that needs to be bundled in
exe form or a .NET project.

------
davidrudder
"Due to this increasing misuse of the service and a desire to keep our
community safe and secure, we are deprecating downloads." What misuse? Did I
miss something? Lots of pedo-porn or something? Or was it simply people using
Google code to transfer pirated files?

~~~
marshray
Any time you serve raw user-supplied files from * .[your site].com you take on
some risk.

Older browsers in particular just love to treat everything under the same
second level domain as coming from the "same origin". Browsers even have a
hardcoded list of country codes and exceptions to prevent "example.co.uk" from
setting cookies for all of "*.co.uk".

It's a total security mess and ICANN is not helping the situation by selling
new gTLDs.

~~~
a3_nm
Err... Google can just use a custom domain (e.g. "googleusercontent.com" that
they already use) to serve user-supplied files rather than stopping the
service altogether, so I guess this is not the issue here.

~~~
marshray
Do you have any idea what it takes to (securely) bring up a new domain at that
scale?

Hint: Take a look at the Subject Alt Names on some of the Google SSL certs
sometime.

------
Siecje
I don't care where you have to host the files. It should be easy for a user to
download your code, plain and simple.

~~~
tiziano88
This is not about the code, just binaries or other kinds of download

------
piokuc
Bitbucket doesn't have this problem.

~~~
c0nfused
Bitbucket will have this problem.

Anyone giving away free file hosting eventually runs into this problem.

Google just happens to also have drive to fall back on.

~~~
piokuc
We'll see if Bitbucket takes these kind of drastic measures. Anyway, I don't
understand one thing: why is it safer to let developers host the download
files on their drive? What's the difference, really? Nobody could upload the
files anonymously, could they? Perhaps it's just a way to 'encourage' people
to use the drive?

~~~
dragonwriter
> Anyway, I don't understand one thing: why is it safer to let developers host
> the download files on their drive? What's the difference, really?

Drive's intended use case and sharing model may support dealing with abuse
reports more efficient (for instance, it might make it practical to shift a
reported file to non-publicly-shared after receiving an abuse report but
before confirming that it contains malware.)

------
Wilya
What were the size limits for hosted downloads (they say some limits exist,
but no numbers in the FAQ) ? I could understand if they provided too much
space for free that they would want to deprecated that in favor of Google
drive.

------
rurounijones
Maybe confirmation bias but it seems every article I see about Google these
days is either:

A) How Google is shutting down / degrading _yet_ _another_ service.

B) Crazy things Schmidt says.

C) Google Glass

Could be doing better on the PR front Google.

------
wfunction
Is it just me who smells BS? Why hasn't this happened to SourceForge?

~~~
dsl
SourceForge doesn't host any of the downloads. They depend on donated mirrors.

<http://sourceforge.net/apps/trac/sourceforge/wiki/Mirrors>

------
rpicard
I don't really have much of an opinion on the news itself, but I'm curious how
they decided on January 14th / 15th as the cut-off date. It seems sort of
arbitrary.

------
rgo
I wonder where they're going to take the Go downloads page to:

<https://code.google.com/p/go/downloads/list>

------
rasterizer
Before someone veers into a misguded USSR analogy (too late:
<https://news.ycombinator.com/item?id=5753890>) note that Github also disabled
downloads months ago: <https://github.com/blog/1302-goodbye-uploads>

Seems like it's a pain point for code hosting services.

------
guard-of-terra
I love how they always talk about "abuse with a significant increase in
incidents recently" and the "desire to keep our community safe and secure".
Whether it is about downloads or about disabling XMPP federation.

This may or may not be true, but it is exactly how late USSR and contemporary
Russian bureaucrats reason every of their restrictive and reactionary
measures.

I mean, what won't you do for the children? For keeping our community safe?
What, you don't want this measure? It seems you aren't a team player then.

~~~
jlarocco
Wow. Your sense of entitlement is astounding.

Google's taking away a minor feature of a completely free "product", and your
response is to compare them to bureaucrats in the USSR?

Feel free to use something else.

~~~
motters
Downloads are hardly a minor feature. Having a downloadable package makes it
significantly easier for users to try open source software. The average user
is very unlikely to want to compile from source.

~~~
jlarocco
Google Code (and GitHub) aren't for average users. They're developer tools.

Download links belong on the project web page.

~~~
dragonwriter
> Google Code (and GitHub) aren't for average users. They're developer tools.

Google Code has a number of features -- not just downloads, but also wiki,
etc. -- that, while not _intended_ to replace a user-centric site separate
from the developer site Google Code is intended to provide, in practice
facilitate projects using it that way.

