
SourceForge's GitHub Importer - miles
https://sourceforge.net/p/forge/documentation/GitHub%20Importer/
======
itomato
That ship has sailed.

SourceForge has little to offer in their
API:[https://anypoint.mulesoft.com/apiplatform/sourceforge/#/port...](https://anypoint.mulesoft.com/apiplatform/sourceforge/#/portals/organizations/98f11a03-7ec0-4a34-b001-c1ca0e0c45b1/apis/32951/versions/34322/pages/48288)

Bitbucket for comparison:
[https://developer.atlassian.com/bitbucket/api/2/reference/re...](https://developer.atlassian.com/bitbucket/api/2/reference/resource/)

~~~
loganabbott
Ship's still in port actually. Over a million users a day. They're on board
and we're improving it for them. Bitbucket's cool too, but it's just a
different ship.

~~~
exikyut
I was going to reply to
[https://news.ycombinator.com/item?id=17281866](https://news.ycombinator.com/item?id=17281866),
but Arc won't let me. I don't want to throw my reply out (which I typed before
the comment in question became unanswerable), so I'll quote the context here,
and then follow with what I was going to comment with.

>>> _jimrandomh_
([https://news.ycombinator.com/item?id=17281278](https://news.ycombinator.com/item?id=17281278))

>>> _It 's actually worse than that. As an open-source developer deciding
where to host a project, I not only need to trust the host, I also need to
expect users to also trust the host. If I expect 10% of potential users to
bounce when they see that it's hosted on Sourceforge, well, hosting is enough
of a commodity that I have no reason to give up on that 10%._

>> _exikyut_

>> I think you've unpacked why SF is - sadly - not quite dead, but not quite
as alive as it used to be.

> _loganabbott_ [flagged] [dead]

> _I could probably say the same thing about you though_

\---

Wh-- uhh, no. To answer your statement, I've historically been in somewhat bad
shape with various mental/other health issues that I've only begun to
understand and properly remedy very recently. So, _I 'm_ the most alive I've
ever been (and still improving).

Okay, maybe responding that way was a bit tangential. I'm honestly not sure
how to interpret your comment though. (For what it's worth, I wasn't
personally uploading anything to SF when it was in its heyday, kind of because
I wasn't. I did know about and download stuff though, like other developers
and power/ordinary users.)

I began mentally drafting a reply to your other comment
[https://news.ycombinator.com/item?id=17282035](https://news.ycombinator.com/item?id=17282035)
before noticing this one. I think this is the more appropriate comment for me
to reply to {I said this before the comment died}, and I'll fold in the
sentiment I was going to say to the other here.

Reading the other comment, I understand your somewhat frustration. Here's my
perspective as a would-be developer and general intermediate-advanced user
(and particularly as a frequent lurker of HN): all I've (and presumably we've)
got to work with are the dead-chewing-gum armchair opinions and cargo cult
views and reiterations about "yeah someone bought it (nothing seems to have
happened since then though)". That's literally the only noise being made
around here in terms of "news" or "updates" we get about SF. It's as bad as
the lowest-quality commentating on reddit (and I consider that very bad,
considering the bent towards intellectualization and healthy debate on here).

IMO, you need to work on advertising your [new] position. It will probably be
an uphill (even vertical?) slog for longer than likely comfortable (maybe even
financially so - ie, it sounds like some decent, long-term social media
management chops may be needed).

That's a bit of a broad statement, so let me add some more data to
characterize what I mean.

The open source landscape's changed a lot. Or, in less words, "everyone
switched to GitHub"; or at least "all" the developers did - but that means so
did all the users wanting first-hand software updates from the devs who
switched. Of course only power users (or those following scripts) likely
actually clone; it'd be interesting to see what projects[' users] primarily
use Releases or other mechanisms to get their updates. In any case GH is the
core of a lot of operations nowadays (by "operations" I mean different
projects).

I am genuinely interested to learn more about the million users a day you say
visit SF. Let me clarify what I mean by "interested".

Firstly, to be frank, I'm kind of amazed that _a million people a day_ visit
SourceForge and want proof :) because that's truly impressive. I don't
disbelieve you, note; I just kind of want to do a trust-but-verify.

Next, from my own perspective, when I think of GitHub I see it as something
most other developers either understand or, at the very least, vaguely know
about as "the scary place where you have to use the commandline to make it
work" (hopefully this subgroup doesn't get stuck for too long :) ). Generally
in terms of publishing libraries and small programs GH removes about 98% of
friction, for two reasons. First it uses Git, which (once you at least learn
the clone command) Just Works™ with GitHub because GitHub URLs can be pasted
straight to Git, [https://](https://) and all, and it figures it out. Secondly
everyone has at least a vague understanding of Git and GitHub and there are a
billion (approximately) videos and websites so people can easily find 100
things all in their preferred presentational style to get started with.

So from a social networking standpoint GitHub provides a level of
predictability; I as a publisher can partially know what to expect in advance
in terms of userbase and social network. Okay, so you say SourceForge has a
bunch of people on board; as a developer, or an artist, or
$abstract_computer_person_with_arbitrary_agenda, what can I expect in terms of
connections and demographic from SourceForge? The platform itself is a gateway
and an enabler; I'm frankly less interested in SF itself (that it supports
SVN, Git, etc; or that it supports wikis, etc) than who it can connect me
with, and what I can expect of them.

I can opine/surmise a tiny tiny fraction of the kind of thing I'm getting at
when I download random obscure computer-science related things and an eyebrow
goes up when I see "18 downloads/week" and I think "...how?! lol" (I know the
number is valid because my download bumps it up :P). It would be pretty cool
for GitHub to publicize the same kinds of statistics, but it's (sadly)
probably easier to single out a rogue browser than a Git client.

It would be cool to leverage those statistics to connect obscure niche
interest groups - the current approach of "insert email here [_______] (we
Most Definitely© Won't® send you things you won't be interested in™)" doesn't
really scale to hundreds of interests per user, to be honest.

So, that's the demographic question. Here's something potentially trickier.

I can't say I'm a fan of SF's interface. My main problem is that it is very
very heavy. On the 12-year old machine I'm using right now it takes a lot
longer to load a SF page than a GH page. This isn't because of the ads, which
I'll honestly say I have nuked via /etc/hosts, primarily as a sanity measure
(if ads kill browsing on modern machines, try browsing with ads enabled on a
single-core 32-bit Pentium M that takes 45sec to open a new tab :D)... it's
just that the pages are really heavy. Besides system load (which isn't really
a legitimate statistic, I'll accept that), I definitely far prefer GitHub's
much more to-the-point approach. It seems faster and more fluid.

There is one specific area of the UI that bothers me a lot: the "recommended
downloads", which seem to be the same for me, every time I visit, and include
a link to... Apache OpenOffice. Um. This is... dishonest? Everyone knows
LibreOffice is where the development is at.

I realize this last point be a hard one to answer. I'll offer two things.
Firstly, I understand that GitHub was developed as a green-field from-scratch
platform, it got to start again, and it started with a somewhat different,
leaner approach: just offering a Git UI, with nothing else on the webpage. So
there's that. Secondly, I understand that what you bought had a lot of, er,
_state_ in the air that needed to be maintained to keep the ecosystem running
smoothly (and happily).

With the above said, I don't know what arrangements are in place behind the
scenes, but I do think recommending OpenOffice is a _tiny_ bit much from where
I stand.

To sum up, I want to understand what I can get out of SF, I think it would be
nice to clean the pages up (the redesign is nice, but I feel it removed a lot
of info while retaining the "weight" (imposingness?) of the old design), it
would be nice to understand some of the machninations behind SourceForge
today, and it would be cool to better connect users and developers with each
other. If a million people a day are visiting, learning about that hive of
activity will attract me to the platform.

All of this doesn't need a direct reply; I would be very happy to see a
highly-upvoted blog post or similar thing posted to HN sometime :)

(Obviously I can't express interest in the behind-the-scenes aspects of SF I
don't know about. An in-depth exposé on how SF is currently run would probably
be very interesting to some people here.)

~~~
loganabbott
Well I do appreciate the feedback and valid questions. I will be putting some
thought into it.

------
xyrouter
Websense blacklisted Sourceforge after the 2013 DevShare debacle. It has
remained blacklisted since. It is blacklisted in many other web application
firewalls and content gateways too. Sourceforge is inaccessible from many
corporate networks due to this. It will remain inaccessible for many more
years to come.

It's unfortunate how Sourceforge, once a leader in the open source community,
lost the trust and reputation it built over 14 years in a matter of a few
weeks. It may take another 14 years to regain this lost trust and even that
may not be enough.

~~~
Nicksil
>It may take another 14 years to regain this lost trust and even that may not
be enough.

That's absolutely absurd given how often the biggest names in 'tech' make
headlines with one egregious act or another, on a seemingly weekly basis, and
continue to march on. As if the tech community can sit atop some moral high
ground, thumbing its nose at SourceForge. But nah, let's just keep crapping on
a company no longer under the same ownership and no longer committing these
acts and hasn't for some time.

~~~
xyrouter
> let's just keep crapping on a company no longer under the same ownership

I have no intention of crapping on SourceForge. I am merely making an
observation. I think many would agree that users have lost trust in
Sourceforge regardless of the history or current state of ownership.

In fact, I used to appreciate loganabbott's (the new president of Sourceforge)
attempt to amend SourceForge until today when I see the same person posting
insinuating and insulting comments towards potential users.

I have no intention of crapping on SourceForge because SourceForge is largely
irrelevant to me. I host my projects on GitHub these days. If GitHub becomes
untenable for any reason, I might move to Gitea. But I am definitely not
coming back to Sourceforge after seeing these juvenile comments coming off
from the president of Sourceforge in this thread. Don't know about others but
he has definitely managed to piss me off as a user.

Regarding why Sourceforge gets the kind of flak other companies don't, I have
commented about it here:
[https://news.ycombinator.com/item?id=17281519](https://news.ycombinator.com/item?id=17281519)
(again this is merely a conversation, not a passing of judgement).

~~~
loganabbott
Sorry if my comments rubbed you the wrong way, but it's a bit frustrating when
these threads pop up weekly, and people feel like it's open license to attack
me and my company. We really are doing our best to make SourceForge a trusted
destination, but still get the flack as if we were the previous ownership.

------
throwaway2016a
Does anyone still use SourceForge after they started embedding adware with
their download links? I give them credit for being an early innovator and I
know they are under new management as of 2016 and supposedly put that behind
them[1] but they have permanently lost my trust.

[1] [https://arstechnica.com/information-
technology/2016/06/under...](https://arstechnica.com/information-
technology/2016/06/under-new-management-sourceforge-moves-to-put-badness-in-
past/)

~~~
jimrandomh
It's actually worse than that. As an open-source developer deciding where to
host a project, I not only need to trust the host, I also need to expect users
to also trust the host. If I expect 10% of potential users to bounce when they
see that it's hosted on Sourceforge, well, hosting is enough of a commodity
that I have no reason to give up on that 10%.

~~~
tdeck
In addition to the malware issues, when I land on a SourceForge project that
pretty much tells me "this project is dead or on life support" nine times out
of ten.

~~~
dpark
This is true for me as well. SourceForge stopped being the host for anything I
cared about years ago. If I land on SourceForge today because they host
project X that might solve my problem, I generally start looking for project Y
somewhere else.

~~~
loganabbott
That doesn't really make any sense today though.

~~~
dpark
Sure it does. If hosting on SourceForge is predictive of abandoned software,
avoiding SourceForge is a useful heuristic.

I get that this is probably not a story you want to hear about your product
but it’s true.

------
mbfg
Setting aside the malware issue, and the project graveyard smell, and just
looking at it like a new platform, the design just seems all wrong. The big
comic ui elements are ugly and unprofessional, and the code is too hidden, not
the central point of the project.

~~~
gremlinsinc
This! I didn't use it enough for the malware thing to anger me much, when it
hit, I was already mostly using things from github, and sometimes bitbucket...

The design of sourceforge feels spammy and like early 2k's hotscripts or
cnet/downloads.com. I want to click on a project and see the readme and a list
of their files so I know what framework/language it's built on from a glance,
is it node/php/rails?

I've been playing with gitlab a lot lately for my own projects, I love the way
I can easily segment things by groups without doling out cash for my side
projects and private repos are nice. You get a lot on their free tier.

Though a lot of my github usage is browsing projects for things I can use in
my own code, like admin panels, or integrations of vue/react, vuex/mobx, an
auth flavor and x web-framework.

------
chowes
oh i would do anything for love... but i won't do that

------
jonymo
This is a recent incident at SF.net.

SourceForge Hiding Fact that They Have Lost the Latest Revision of SVN
[https://medium.com/@jonykatz/sourceforge-hiding-fact-that-
th...](https://medium.com/@jonykatz/sourceforge-hiding-fact-that-they-have-
lost-the-latest-revision-of-svn-d221f2d68285)

------
apearson
Can you actually host code on SourceForge? I've been searching for 10 mins in
a couple different projects and they only thing I've found is one link to a
private SVN server.

~~~
JohnTHaller
You can do git, mercurial, and svn repositories under SourceForge. You are not
required to do any of them, though, so some projects roll their own elsewhere
or just post source code in compressed archives.

~~~
apearson
That makes sense, thanks for the reply SourceForge was before my time so I
have no idea about any of it.

------
nbar1
We've come full circle. Except this circle has adware.

~~~
loganabbott
No adware since 2016

------
scottydelta
Never trusting SourceForge again. Downloaded FileZilla once and that was it.

~~~
loganabbott
We have nothing to do with the previous owners. In fact, FileZilla from their
own official site still has a bundled installer, but we made them remove it
from SourceForge. SourceForge FileZilla is cleaner than the official site.
Check VirusTotal to verify.

~~~
tazard
That's really interesting. Thanks for pointing this out. You (sourceforge)
have been getting a lot of, imo, unfair flack in this thread and I just wanted
to say thanks. Honestly sourceforge isn't the first place I think of when I
need to host code, but I have downloaded a few projects from there in a past
weeks and it was much nicer than I remember. Ill make a point to check it out
one of these days :)

~~~
loganabbott
Thanks. I appreciate it.

------
giancarlostoro
Gotta feel bad for SourceForge the new owners reversed the malpractices of its
previous owners immediately and yet the damage is permanently done. I'll never
understand why some think distributing spyware / malware for money is even
remotely right in any way, shape, and form. How is any of it legal half the
time...

~~~
swalladge
I find it slightly odd that sourceforge is so highly shunned after the malware
incidents, while various other large companies [eg. microsoft (dodgy behaviour
in skype, etc.), facebook (spying, selling data), lenovo (superfish), etc.]
have been caught doing similar dodgy things and yet it feels like the general
community has forgiven or at least grudgingly overlooking them.

May or may not be true - that's just the feel I'm getting.

~~~
dpark
SourceForge gets shunned first because it’s easy. There are lots of great
alternatives to SourceForge. SourceForge was already on the decline before
their adware bundling fiasco so continuing to not use SourceForge is no burden
for most devs.

Second, what SourceForge did was worse than your examples. They modified
trusted applications to add essentially a malware payload. This is worse than
Facebook collecting too much data and being shady with it. SourceForge was
installing spyware on machines without permission. This betrayed the trust of
both users and publishers and even damaged users’ trust in those publishers.

The only one of your examples that is comparable is Lenovo’s Superfish mess,
and in that case they only betrayed users, not publishers. Not that it
actually makes it better, but it changes the impact to Lenovo.

Disclosure: Microsoft employee.

~~~
JohnTHaller
It's worth noting that SourceForge didn't modify trusted applications. They
switched their download buttons on the site to download an "installer app" by
default that would act as the installer, offer bundleware, and then live
download the actual app installer as part of the install process. Apps like
GIMP etc were never, to my knowledge, modified to bundle GIMP and bundleware
within a single installer.

Source: I was hosted on SourceForge at the time and approached about
participating in DevShare. I researched it extensively and saved copies of the
stub installers for things like GIMP as part of that research.

~~~
loganabbott
My company had nothing to do with it, but it's worth noting you're one of the
few people who actually remembers the actual non-revisionist history.

------
textmode
As a consumer of source code, I do not use a graphical web browser to search
and download from Sourceforge. A relatively simple http/https client will do.
(Occasionally I have used cvs or svn if that is the only access.)

Despite any changes in Sourceforge's ownership/management, I have not
experienced any problems retrieving source code. I have not tried to use a
graphical browser on Sourceforge since the 1990's. No need.

As an end user of source code, I access Github the same way, without graphics.
I do not need to use a web browser or any git executable to fetch a .zip or
.tar.gz archive. Will this sort of easy access continue under the new
management? I guess time will tell.

Sourceforge still hosts a substantial quantity of what I consider
educational/useful software. Of course, Github hosts exponentially more.

Out of curiousity, using archived Github data, I am making a list of Github
users and will be monitoring changes as the acquisition progresses. Will they
lose many users? Where will the users who leave put their code?

I am debating whether to also construct CSV files with repo names and
descriptions for a personal Github database to aid in software discovery. I
expect it might not be as easy to compile such a database in the future. I
could be wrong, but it is impossible to predict what will happen. Time will
tell.

~~~
exikyut
> _As a consumer of source code, I do not use a graphical web browser to
> search and download from Sourceforge. A relatively simple http /https client
> will do._

One caveat: all the file download links end in .../download, so if I throw the
URL at wget it will save "download?verylongblahblah=blahblah1234567890". I
have to use `wget --content-d` (short for content-disposition) to actually
save the name correctly.

It's really annoying, but a behavior that has existed for many years.

GitHub fixed this with everything, from release downloads to raw gist links,
by putting the "download" attribute further back in the URL, and having
everything after the final slash be the uploaded file's filename.

Now THAT's nice.

~~~
textmode
"Now THAT's nice."

Yes it is. There is a certain consistency/uniformity to the url and site
structure with Github that Sourceforge does not have, for whatever reason. Not
to mention the absence of the mirror choosing routine. I really appreciate the
ease and simplicity of Github downloads, which is precisely why I am concerned
about the future.

