Logan, I just went through the process to create an account. The signup page has a few employment related fields that are required to create an account. They probably shouldn't be.
EDIT: There's also this[1] alignment issue in the settings wrt to "City of residence" where the text field is off by ~1 pixel.
EDIT2: On the page where I uploaded my SSH key[2], it says updates occur after a small delay. The linked page in the docs says that this delay is ~30 minutes. In any case, I was able to begin using SSH immediately. If that info is no longer fresh, I suggest removing it, especially since it's probably a turnoff for a lot of users.
EDIT3: When I run sf-help --web at the shell, it prints an error:
[colbyrussell@shell-22009 ~]$ sf-help --web
Use of uninitialized value $user in concatenation (.) or string at /usr/bin/sf-help line 96
I've been on SourceForge a while, and I really like it. It always looked a little outdated, and there was the whole malware incident, but for hosting code with discussion boards and ticket systems, it does the job nicely.
Obviously the malware thing was really bad, but in general I think it gets a bad rap because it wasn't the trendy new thing. I personally liked the old UI, but I'm happy for the new change because it's good for the future of the platform.
I use sourceforge for games, github for other projects, and bitbucket for work. It just happened that I had sourceforge first. For the features I use, they're all pretty much the same... The only "advanced" feature I use is Travis CI integration on github.
Edit: now that I think of it, ive used a githook in bitbucket too.
If anyone from Gitlab is listening: github sync is a really important feature for FOSS projects. Glad that SourceForge implemented it.
(In a large-ish FOSS project, we are trying to move to self-hosted Gitlab, but the lack of sync means that people have to fully buy-in or manually sync their extensions/modules, which is causing major friction)
We have repository mirroring available in GitLab Enterprise Edition Starter, and there exists an issue to move this to CE[0] but it was closed with some explanation as to why[1]. I assume with GitHub Sync you're asking for syncing of more than just the repository, but also issues and merge/pull requests?
The SourceForge sync tool appears to only include release syncing as far as I can tell (the wording is ambiguous and the docs only mention import, not active sync, so I'm not sure what they provide?).
For what it's worth, GitLab does have import tools in CE[2]. You can also use repository mirroring (along with any other Enterprise Edition features) if you're an open source project on GitLab.com.
I would be happy with something that does a regular plain pull of all branches and tags. As a first step, it would make it easier to declare our Gitlab instance as the canonical source for all official contrib code (a bit like Drupal.org and WordPress do).
We could duct tape a solution, or coerce people to do it manually, but we manage a lot of custom scripts already, which we hope to deprecate thanks to Gitlab. It also affects negatively the perception that we are using the right tool for the job. Our community is divided between those who want to use only Github, and those who want to avoid depending on it.
We currently have around 300 active users, and we are projecting around 500 users next year (as we move more and more projects into it). At USD$40/user/year, that would be between $12k to $20k/year? Our project is oriented at non-profits, and everything runs on small margins, lots of volunteers. We can afford some financial support, but not $12k/year. I wrote to Gitlab sales but never received a response.
I'm sorry to hear that sales didn't follow up and will mention this to our Chief Revenue Officer. Right now we don't have a non-profit program. BTW For open source projects GitLab.com Gold is free.
Thank you for your response and followup. I really appreciate Gitlab.com, I participate in some smaller projects that use it. For the main project I work on (CiviCRM.org), however, self-hosting is an important factor.
It's not so much about being a non-profit, but being an open source project. It's difficult to budget with a per-person fee (considering 70% of people might post on our gitlab only once or twice per year). How would it work if Debian or Gnome adopted Gitlab EE?
Not exactly - you can then push all branches and they will be the same but then if the source repo changes you need to manually push for you. True sync would do this for you, along with ideally issues/wiki/etc.
Nice work, I really didn't expect anything despite Logan promising improvements time and time again via twitter. Excited for the GitHub sync (not import).
Also, the awesome SF hosting (SSL and a SQL DB included), much better than GH Pages IMO.
I'm glad you say that, because I have always viewed sourceforge as slightly sketchy, but without any real justification. I just knew that I was supposed to have mixed feelings about it.
So you're stealing binaries from GH and calling it your own? Sort of like what every download site already does. "Every day, SourceForge sees over a million visitors and serves 4.5 million software downloads." So everyday a user on average downloads 4.5 software packages? I highly doubt your numbers. Personally, I've downloaded perhaps 5 within the last year and I am an rabid consumer of OSS. I am not impressed with your performance.
We get over a million users per day looking to download OSS. If you have binaries on SF you can reach these people through our very robust discovery tools and strength of our search results in Google. We also give project admins detailed download statistics.
Are there any plans to push this code back upstream to Apache? My understanding is SF.net abandoned the legacy alexandria (the PHP code from VA Linux) source code, built the current version, and then sent to the Apache Foundation, but I'm not clear if this is a fork, or what sf.net's relation is with it's upstream.
Also, since I'm on the topic, any chance slashdot will go back to an open source code model?
GitHub is much larger by traffic, but that doesn't mean we are going to abandon the million users we get every day and the 430,000 projects hosted at SourceForge. It's not a zero sum game. Some people like using GitHub's suite of tools, while also taking advantage of SourceForge mailing lists, project website hosting, detailed download statistics, and distribution/discovery capability. Our GitHub Sync Tool lets project owners use both with ease.
Has nobody in the design team ever tested this on a screen at less than 4K? At 1366×768 the title is jammed right up against the left edge of the screen.
I applaud the initiative but when I look at what happened to Slashdot, I’m not enthusiastic about Sourceforge succeeding any better under the same ownership (I have no idea whether Slashdot makes money but it’s a horrible community these days, and nothing seems to be done about it.)
I used Slashdot for many years, starting when Rob Malda ran the site. The past year or so has been the worst, in my opinion, even when considering the Beta era of discontent.
The stories used to be primarily about tech (or related subjects), with a minor focus on politics. But lately I think it has been the opposite. There is much more emphasis on general politics, with tech being a minor focus, in my opinion.
While I'm not very interested in politics to begin with, what bothers me the most is how partisan I think things have gotten. The stories have what I consider a rather left-wing bias. The same goes for the modding, where I think it's common to see centrist and right-wing comments often downmodded, even when they express a very reasonable and relevant set of ideas.
I feel that Slashdot has moved from perhaps being an open, varied, quasi-libertarian environment to one that's much less open, much less diverse, and much less enjoyable.
So I stopped visiting it about a month ago, and I don't miss it at all.
> The stories used to be primarily about tech (or related subjects), with a minor focus on politics. But lately I think it has been the opposite. There is much more emphasis on general politics, with tech being a minor focus, in my opinion.
I left for basically the same reason, but quite a while ago. I forget which of the editors it was, but he would interject politics into everything. And even after people asked for a politics section (which could then be turned off), to keep politics out of the tech stuff, he would still put political stuff all over the place.
Sad state of affairs that something like ScourceForge cannot operate as a paid-for service, but only as a "tech-influencer" ad site. quote from here: https://slashdotmedia.com/about-slashdot-media/
Not attacking the Abbotts and their SlashDotMedia and BizX web media influencer conglomerate, 100% legitimate way of doing business, but an overall observation on services that can't be operated as standalone businesses.
Also an illustration how big the tech dependency on advertising is, from Google to this. Remove ads from the web and a shitload of stuff disappears.
It's something we're trying to come up with solutions for, so that we can reduce or eliminate ads on SourceForge. But for now, any user or developer who creates an account on SourceForge will never see ads.
We had built it for another internal project before we acquired SourceForge, so we decided to release it on SourceForge since people seemed to like it.
Nice. A large improvement. Have been waiting for this for a while since it was announced that it was sold.
No idea if anyone working on sourceforge is likely to be here or not but I would love to know if I could get an API of the projects there or even just a list. I would like to add more of souceforge into searchcode.com and would prefer to not scrape the site.
Probably far too late to mention, but I have a bunch of projects on SF, and now I can't scroll through them on the me drop down menu.
It feels.. strange, and more responsive than the old stuff. I guess that's just change.
I never was a fan of github, I always preferred the geodistribution of SF, and of course it was so easy to make binary packages for end users. It's a shame the other people had to ruin a great place with selling the adware space, and Im so glad it's all gone.
I just fear in this environment of hipster flash with no substance, that a well rounded site like SF will never get the hipster VC financing that github does.
I hope you guys don't shutter any time soon, I love SF!
The new design looks pretty good, or at least more modern.
Also I just wanted to emphasize with you that you had to field the same "do you still bundle malware" question...eight times by my count.
Anecdotal. I find Sourceforge has more end-user applications. By this I mean applications you can download, install and have a user interface. A good example is Squirrel SQL[1]. Github seems to be a coders repository. Filled with libraries to incorporate into other programs.
Wasn't it sourceforge that injected malware into downloaded programs? At least that's what pops into my head every time I see a sourceforge link, and why I avoid anything that's hosted on there.
I'm honestly not sure if you wouldn't be better off changing the name of the service to something else at this point. People who just want to download binaries won't care what the name is, and developers who want to use the full spectrum of services will have enough bad associations with the name "SourceForge" at this point that keeping it could end up driving away more users than it attracts. And all the time and energy it'll take to rehabilitate the SourceForge brand could just as easily go towards building up some new brand instead, without all the baggage the old name carries.
(It's possible I'm overestimating how long peoples' memories are here, of course. But when I hear "SourceForge" I still think of all the bad stuff they did in the past, so presumably there are at least a few others out there like me as well.)
I'll second that. To be honest the Sourceforge brand seems like more of a liability than an asset to me.
I don't know if I'm representative of the majority, but if I need to download some software and find that it's hosted on Sourceforge, my first few thoughts are typically:
1) Wait, SourceForge injected adware. I wonder if they still do?
2) This project is probably dead, because it's still on SourceForge.
I'm sure I can be trained out of that, but I'm surprised you guys reckon it's worth the effort, rather than just using a new name.
It's interesting how often you mention they were acquired by someone else but not by whom. It cannot be a secret, but you don't seem to want the parent company known either.
I just spent an hour going down the rabbit hole. Every time I click the "owned by" link, another "owned by" reference appears.
SF per se didn't. Most of the worst decisions were done TO Sourceforge by whomever bought it and the team. Frankly the site was dead to me after the last of the original four founders bailed.
Atrocious. They lock a pointless navigation bar to the top and changed the theme. Can someone explain why I would ever want to use this product. They bundled adware with their software ffs. Inexcusable. They need to just die.
Whoa there: fixed top banner with an actual banner at the top, covering a whopping 20% of my screen height and 80% of width. Didn't see something like this in a long time.
I'm never going to interact through that as a developer on daily basis. Not even considering the poor UI for just every feature in SF.
The only thing SF has for it, currently, is a mailing list for each project. GitHub and GitLab should have this. Interaction and discussion though "issues" is horrible.
If you had been able to read it, you would have seen that removing ads for developers is exactly one of the new parts. That makes them on par with stack overflow, which seems fair.
* Removed bundled adware from projects
* Implemented malware scans for every single project on SourceForge
* Built an HTML5 speed test
* Added multi-factor authentication
* Created an ad reporting tool and team to eliminate bad and/or deceptive ads
* Removed ads for developers (logged in users will not see any ads)
They should change the name too. I still feel repulsive seeing SourceForge link and never download anything from there. Reputation is easy to lose but very hard to fix,so I'm surprised the new owners chose this path.
We have an issue for mailing lists in GitLab here[0] if you want to leave any comments, but it's not a particularly active issue and I'm not sure how likely we'd be to actually build this into the product. I'll update this comment if I find a more active/fleshed-out issue for the same functionality.
- Add a bunch of hooks into GitLab that allow it to "hand-off" at sensible points to a list server such as Mailman
- Mailman has a huge Python API (http://mailmanclient.readthedocs.io/en/latest/). The biggest potential gain is likeliest to come from the people who want this coming up with the integrations themselves, but the roadblock there is lack of knowledge of GitLab's internals
- I'm not sure what the best way would be to handle #2. I wonder how good the community's mental model of GitLab is.
I was gonna come here to complain about the poor UI. I don't think a lot of thought went into the information architecture here. Internet speed test is a top-level nav item?
The download stats are misleading too -- the top 2 projects are MS's truetype fonts and an old (outdated) Notepad++ plugin repo that is encouraging you to go to Github instead.
I can't think of a good reason to use SourceForge for anything.
> GitHub and GitLab should have this. Interaction and discussion though "issues" is horrible.
Agreed. It would be a huge win for GitHub or GitLab to provide this service. There really are no great alternatives beyond hosting a mailman server yourself.
Google Groups works well for this. I use it for my open source projects. You can interact with it via the web, if you want, but it also has a full mailman style interface, which is how I use it.
If you're looking for a discussion forum integrated with GitHub issues (BitBucket and GitLab too), you can check out my little tool I launched quite recently.
For what it's worth, you can respond to GitHub issues via the notification emails you get sent. That's kind of like a mailinglist.
I've never really needed to interact with devs much, so I'm quite naive on mailinglists vs issues. The biggest thing I guess I see missing with modern systems is the lack of threading.
What capabilities/benefits do mailinglists have over modern approaches? What functionality has been lost?
What exactly is "new" besides the brutally awful design and color scheming? I see the same malware laden downloads that can be found anywhere else on the internet, surrounded by ads as was there before. Over 600 separate HTTP requests and counting on a project page? Really? You seriously expect developers to use this?
For what it's worth, they've been bought out since the malware thing happened, and one of the first things they did was cut that shit out.
But holy crap this is terrible. 101 requests while using an adblocker, 116 without. Of those requests I count 62 of them being to download Javascript. More than half?!
It gets a solid D, unsurprisingly. They saw over 200 requests, 43% were javascript calls, and javascript made up more than 52% of the final page content loaded. That's just nuts, considering what the site actually is.
I don't like to pick on websites and developers that much, but holy crap what were they thinking? Did they even consider what the experience is like outside of their dev laptop or using a fast network?
Open up the network debugger (Tools -> Web Developer -> Network in Firefox, View->Developer->Developer Tools -> Network in Chrome), do a forced reload and see what you get.
Even logged in I still get a ridiculous number of things loaded. The biggest culprits look to be the foundation javascript stuff (I'm assuming that's a javascript framework) being loaded from fsdn.com. Every request made, hurts, unless you're lucky to be using HTTP/2.0 (they don't support 2.0), and even then you've got to think about interpreter starting/loading/parsing/executing time. For every script.
They're also passing parameters in the javascript urls (e.g. handlebars.js?1515608140) which really meddles with caching etc.
The latency situation gets even worse if you're anywhere but on a fast connection (so lots of end users in their global target market).
I like the overall look of the new site, but it's a performance nightmare.
the design is a full-frontal reenactment of the cca-2000 web design canon; the newer-looking elements bring memories of early stackoverflow... somehow as if freshmeat back then had a trip. i woudn't write this off right away. let's wait and see.
Yeah we ended that practice as soon as we acquired SourceForge over a year ago, and we have nothing to do with the company that made those decisions in the first place. It's in the blog post. As for ads/design- we know we can't please everyone and still keep the lights on. If you login you won't see any ads.
I wish you every success and am not going to hold pre-acquisition decisions against you. The last thing FL/OSS code hosting needs is a monoculture.
However, if you could publicize -- anywhere -- how you plan to monetize, that would be very useful in building back user trust (just my 2c).
Also, re design - it would be very useful to have something comparable to Github/Bitbucket (and Gitlab I guess), all of which are in a similar space. Perhaps one for the roadmap?
Right now we monetize via display ads, but any logged in user or project admin will not see any ads. We are looking at ways to cut down on the amount of display ads going forward, and have already begun doing that as we get more direct partnerships.
Is a GitHub-like paid account feature in the cards? FWIW, I happily pay GitHub every month, for two separate accounts (one for purely "personal" projects, and one for projects from my startup). I can't help but think there are people / projects that would be happy to pay SourceForge the service you provide.
Thanks for the bug report I'll take a look. My company didn't put ads in the downloads, and we when we took over we stopped that practice. I think most people can discern the difference, but if not it's okay. We're just focused on doing right by the million daily users and 430,000 projects hosted here.
Glad to see they are removing their adware from packages. I believe the damage is already done though and nobody will trust a binary from that place ever again.
EDIT: There's also this[1] alignment issue in the settings wrt to "City of residence" where the text field is off by ~1 pixel.
EDIT2: On the page where I uploaded my SSH key[2], it says updates occur after a small delay. The linked page in the docs says that this delay is ~30 minutes. In any case, I was able to begin using SSH immediately. If that info is no longer fresh, I suggest removing it, especially since it's probably a turnoff for a lot of users.
EDIT3: When I run sf-help --web at the shell, it prints an error:
1. https://imgur.com/a/2d0lr2. https://sourceforge.net/auth/shell_services