SourceForge's GitHub Importer

Ship's still in port actually. Over a million users a day. They're on board and we're improving it for them. Bitbucket's cool too, but it's just a different ship.

It's worth pointing out that SourceForge as we knew it back then ceased to exist quite some time ago. SourceForge was sold to DHI Group, Inc. (DICE's parent company) in 2012 and many of the staff were let go as part of the sale. DevShare came into play in 2014 and was originally billed as a way to help open source developers who wanted to sign up earn an income from their open source work. But then it wound up using dark patterns and then it was morphed into something more and started to be added to projects that didn't want it done (in violation of some trademarks and the like). This destroyed the good will that still existed around the brand even though most of the folks who made SourceForge SourceForge were long gone.

SourceForge was then sold again in 2016 to BIZX, LLC who killed the DevShare program and started scanning all downloads for malware and other baddies.

>It may take another 14 years to regain this lost trust and even that may not be enough.

That's absolutely absurd given how often the biggest names in 'tech' make headlines with one egregious act or another, on a seemingly weekly basis, and continue to march on. As if the tech community can sit atop some moral high ground, thumbing its nose at SourceForge. But nah, let's just keep crapping on a company no longer under the same ownership and no longer committing these acts and hasn't for some time.

This diatribe just tells me Websense and you are not informed on the current state of the open source community. We bought SourceForge in 2016 specifically because we hated what happened with DevShare and killed it on day one. You can continue hating us simply because of the previous owners, but you can probably find better stuff to do with your time. Nobody uses WebSense anymore anyway except for high schools trying to stop students from watching porn during art history class.

It's actually worse than that. As an open-source developer deciding where to host a project, I not only need to trust the host, I also need to expect users to also trust the host. If I expect 10% of potential users to bounce when they see that it's hosted on Sourceforge, well, hosting is enough of a commodity that I have no reason to give up on that 10%.

There are still a number of venerable projects hosted on SF; here are a few:

ReactOS https://sourceforge.net/projects/reactos/

FreeDOS https://sourceforge.net/projects/freedos/

hdparm https://sourceforge.net/projects/hdparm/

7-Zip https://sourceforge.net/projects/sevenzip/

They’re under different ownership; the new owners were apologetic about that nonsense and stopped it immediately. I don’t want to punish people for buying and fixing venerable Internet infrastructure, so though I was angry about the compromised downloads, I’ve no problem downloading from SourceForge since then.

To be clear, the new owners did indeed -- not supposedly -- stop that behavior on day-one of their ownership.

Yeah that was in the area of unforgivable as far as I'm concerned.

Do you know we have nothing to do with the people that made the decisions to do that bad stuff? I, like you, didn't like it, so I bought SourceForge to remove the bad stuff. I still get shit for it. Kinda weird because the people giving me shit didn't put their financial wellness or reputation on the line to fix what they didn't like, but still armchair quarterback about it. It's like someone saw it fit to burn down a museum, and then someone stepped in to save it and everything inside of it, but still takes the blame for the person who wanted to burn it down. Very odd...

I still upload and maintain latest binaries for my project there:

https://sourceforge.net/projects/traccar/

I don't maintain code and description basically refers to GitHub for any issues, but there are still some people who use it, so I don't see any good reason for losing free traffic. Number of download has been falling for years though.

PortableApps.com is still hosted on SourceForge. I think we push around 40TB a month through their download servers. We can't afford that bandwidth on our own. Other hosts like Github aren't really designed for projects like ours that have hundreds of different open source apps.

This! I didn't use it enough for the malware thing to anger me much, when it hit, I was already mostly using things from github, and sometimes bitbucket...

The design of sourceforge feels spammy and like early 2k's hotscripts or cnet/downloads.com. I want to click on a project and see the readme and a list of their files so I know what framework/language it's built on from a glance, is it node/php/rails?

I've been playing with gitlab a lot lately for my own projects, I love the way I can easily segment things by groups without doling out cash for my side projects and private repos are nice. You get a lot on their free tier.

Though a lot of my github usage is browsing projects for things I can use in my own code, like admin panels, or integrations of vue/react, vuex/mobx, an auth flavor and x web-framework.

You can do git, mercurial, and svn repositories under SourceForge. You are not required to do any of them, though, so some projects roll their own elsewhere or just post source code in compressed archives.

Yes you can: https://sourceforge.net/p/npppluginmgr/code/

However very few projects choose to. Most just host binaries. And have a github link in the project description.

No adware since 2016

We have nothing to do with the previous owners. In fact, FileZilla from their own official site still has a bundled installer, but we made them remove it from SourceForge. SourceForge FileZilla is cleaner than the official site. Check VirusTotal to verify.

I find it slightly odd that sourceforge is so highly shunned after the malware incidents, while various other large companies [eg. microsoft (dodgy behaviour in skype, etc.), facebook (spying, selling data), lenovo (superfish), etc.] have been caught doing similar dodgy things and yet it feels like the general community has forgiven or at least grudgingly overlooking them.

May or may not be true - that's just the feel I'm getting.

Why would you feel bad for us? We removed the malpractices right away, became profitable, improved the experience for over a million daily users, and are growing at a rate not seen since before the problems. I'd say we have the opposite of a problem. A few random armchair quarterbacks on Hackers News aren't gonna get us down.

They had to know when they bought it. Can't feel that bad for them, they knew.

New owners should have rebranded it to drop the baggage

I feel bad for them because they (naiively?) bought a sinking ship.

> As a consumer of source code, I do not use a graphical web browser to search and download from Sourceforge. A relatively simple http/https client will do.

One caveat: all the file download links end in .../download, so if I throw the URL at wget it will save "download?verylongblahblah=blahblah1234567890". I have to use `wget --content-d` (short for content-disposition) to actually save the name correctly.

It's really annoying, but a behavior that has existed for many years.

GitHub fixed this with everything, from release downloads to raw gist links, by putting the "download" attribute further back in the URL, and having everything after the final slash be the uploaded file's filename.

Now THAT's nice.