That's crazy. Google can't tell the difference between legit downloads and "abusive" material? Google Code projects are already tied to a Google user account, what difference does it make if that user puts their abusive material on Google Drive instead of the downloads section of Google Code?
There are tonnes of code hosting sites going back as far as SourceForge and none of them ever came up with something like this.
There's something extremely weird about Google making this kind of developer hostile move. Why would I use Google Code now when there are any number of alternatives that have no problem with hosting downloads? It's like they are trying to drive us away. I hope it doesn't hint at Google Code being on the "sunsetting" list in the future.
The difference is: you pay for Google Drive (including bandwidth).
To give you some perspective: I have a popular open source project hosted on Google Code. I host my binary downloads via S3 and since it's popular, it costs me $200+ a month in bandwidth.
If I used Google Code for hosting those binaries, Google would have to pay for that and why should they?
And that's a grey area example i.e. I would be using the service as it was intended to be used.
I'm pretty sure plenty of smart alecks simply abuse the service by putting and random stuff there to avoid paying for bandwidth.
This is a tragedy of commons: Google offered a free service, people started abusing it via excessive usage and Google chose to no longer offer that free service (as opposed to e.g. spend their resource on never-ending battle of policing abusers).
If it was purely a cost of bandwidth issue they could easily limit the size of downloads. Most projects on Google Code only need to offer downloads of a few MB in size to fulfil the basic need. It's really hard to imagine that being a significant cost to Google, and the convenience of having downloads integrated into the service is huge.
Thanks .... I must have missed that github did this too (been a while since I tried to post a download there, but I have a number of active Google Code projects).
I wonder if it gives them some kind of safe harbour from the copyright industry. Perhaps a Google Code download is a "download from Google" vs a Google Drive download being a "download from that user".
> I wonder if it gives them some kind of safe harbour from the copyright industry.
FWIW, when I search, I see quite a lot of abuse reports for malware; this may have little to nothing to do with the copyright industry (against whom they already have a safe harbor for user-submitted content due to the DMCA.)
I imagine it could still be a kind of "safe harbour" issue.
If a user downloads malware from Google Code, it seems like there's at least some tiny chance they might try to sue Google for it. If they download it from a personal Google Drive account, it will be a lot harder to convince a court that Google had a responsibility for the content.
Actually after GitHub's move, I see many GitHub projects just provided their download link at Google Code. Basically they created a Google Code project just for the download section, even not bother to push the code there.
> There are tonnes of code hosting sites going back as far as SourceForge and none of them ever came up with something like this.
Actually, [github phased out their uploads/downloads features starting last December](https://github.com/blog/1302-goodbye-uploads) too. They didn't mean "abuse" as part of the reasons it was going away, but I wonder if it played a role.
Frankly, I hope they do drive developers away from google code. Every time I run into a project using google code to host they start off in the red in my assessment. Google code is a mess, it's always been a mess, I avoid it as much as I can.
I use Google Code because it has a functioning issue tracker (try setting a priority at GitHub and sorting by it), and because you can have multiple repositories per project. The latter is very helpful as it lets you have one issue tracker, wiki, downloads etc for the project but still have things organised better behind the scenes.
Other services like Github could do the multiple repository thing too. In fact they already all do - having one main repository and a second for the wiki. Github said there is no way they would add this functionality when I asked.
Losing Downloads from Google Code is a big pain. That they never made a paid for private version is also annoying.
They could estimate the frequency of abuse just by taking a random sample of files and manually evaluating them. That's not inconsistent with it being hard to find all of the abusive files.
> They could estimate the frequency of abuse just by taking a random sample of files and manually evaluating them.
That still requires them to be able to tell the difference between abusive and non-abusive files, which ability was what was questioned in the post upthread.
Obviously, this wouldn't be an issue if they could in an efficient (and particularly, automated) manner identify all abusive files before they were exposed to the public.
As a developer of open-source, downloadable software (a video game), the removal of download sections from source hosting websites (GitHub, Google Code) is really frustrating. Instead, I either have to commit my binaries to a repository, or host them myself of S3.
Edit: Yes, I know that many free options exist and I plan on switching to one of them soon. I just wish that I didn't have to use another service for a common task associated with software development.
SourceForge still supports downloads and provides pretty good stats around them too. You can put your OSS file releases on SourceForge and keep other project stuff (code, tickets, etc) elsewhere if you want. Under Admin, Tools, you can pick and choose which SourceForge tools to use or not, and even add external links to project resources on other sites
For that matter, with BTSync I can share my project's git repository with a read-only "secret" (identifier, like a magnet link) and cut out google code/github, etc, all together (now, if only there were a foss version).
I thought that was a service for selling files. How does the pricing work out if they can be free?
Edit: I found some of the old text, it's apparently dual-nature. You can make backups that you/friends download for free. You can also have files for sale that people pay to download. No way to have permanent public hosting.
> You mean to say people using Google Code to share porn,
The abuse reports I find from doing a search seem mostly to be that and malware, yeah.
> when they can actually do so via other more effective means?
I don't think Google really cares if people currently abusing Google Code's download hosting could do the same thing easier elsewhere or not, they care that they are doing on Google Code, and consequently are consuming Google staff resources (and, hence, $$) addressing the resulting abuse reports.
This makes little sense, and seems like Google moving to distance itself from the open source community. Without downloads it's extremely unlikely that the average user will be able to try running an open source application. Especially for the larger and more popular projects with multiple dependencies the prospect of compiling from source can be quite daunting especially for anyone who is not a software developer.
I especially chose code.google.com over github. After the SourceForge troubles I thought, this is a big company, which will not go away soon. I can trust them hosting my repos there. In comparison to github. But unfortunately github turned out to improve their stack constantly in contrast to googlecode, and now it seems they are also turning down downloads, though that would be a feature that is much cheaper for them to support than for github. It's minimum support cost, their bandwidth is free and almost unlimited.
bad bad bad. I start to regret my decision.
Though really, binary downloads for open source projects make not much sense nowadays. Compile from source or leave it to a distro.
So, if windows users cannot deal with open source they should get it from closed source. The binary distros do exist. mingw or cygwin even have graphical UIs. Not a googlecode problem. I hate to provide binary dll's for lazy windows users. windows compilers are free nowadays.
A lot of these aren't Linux/POSIX projects so mingw/cygwin don't solve the problem. It could be as simple as a python project that needs to be bundled in exe form or a .NET project.
"Due to this increasing misuse of the service and a desire to keep our community safe and secure, we are deprecating downloads."
What misuse? Did I miss something? Lots of pedo-porn or something? Or was it simply people using Google code to transfer pirated files?
Any time you serve raw user-supplied files from * .[your site].com you take on some risk.
Older browsers in particular just love to treat everything under the same second level domain as coming from the "same origin". Browsers even have a hardcoded list of country codes and exceptions to prevent "example.co.uk" from setting cookies for all of "*.co.uk".
It's a total security mess and ICANN is not helping the situation by selling new gTLDs.
Err... Google can just use a custom domain (e.g. "googleusercontent.com" that they already use) to serve user-supplied files rather than stopping the service altogether, so I guess this is not the issue here.
We'll see if Bitbucket takes these kind of drastic measures. Anyway, I don't understand one thing: why is it safer to let developers host the download files on their drive? What's the difference, really? Nobody could upload the files anonymously, could they? Perhaps it's just a way to 'encourage' people to use the drive?
> Anyway, I don't understand one thing: why is it safer to let developers host the download files on their drive? What's the difference, really?
Drive's intended use case and sharing model may support dealing with abuse reports more efficient (for instance, it might make it practical to shift a reported file to non-publicly-shared after receiving an abuse report but before confirming that it contains malware.)
I don't really know the numbers of projects hosted on bitbucket and Google Code but it's true that it's often the case that the underdog (say Bitbucket in this case) offers the best value. Apart from the downloads they also offer free private repos.
What were the size limits for hosted downloads (they say some limits exist, but no numbers in the FAQ) ? I could understand if they provided too much space for free that they would want to deprecated that in favor of Google drive.
I don't really have much of an opinion on the news itself, but I'm curious how they decided on January 14th / 15th as the cut-off date. It seems sort of arbitrary.
I love how they always talk about "abuse with a significant increase in incidents recently" and the "desire to keep our community safe and secure". Whether it is about downloads or about disabling XMPP federation.
This may or may not be true, but it is exactly how late USSR and contemporary Russian bureaucrats reason every of their restrictive and reactionary measures.
I mean, what won't you do for the children? For keeping our community safe? What, you don't want this measure? It seems you aren't a team player then.
Google Talk supports XMPP federation and has done so since January 2006. To deal with an onslaught of spam, Google disabled incoming subscription requests for a short time. During this time, all other XMPP federation features continued to work.
Hangouts does not use XMPP, but it's a feature that they didn't implement. It's not something that they disabled.
While Google has not announced an actual EOL of Google Talk, you can no longer download the desktop client and the Android application tries to directly upgrade to Google Hangout.
From a systems perspective, they have basically prevented anyone new from getting on Google Talk. I am expecting an EOL announcement at some point, as they are otherwise making it hard to get into.
Yeah, Google Talk will probably be included on the third spring cleaning list. When Google drops support for XMPP federation, it will be because they are killing an entire product. It will not be because they are disabling a feature.
> This may or may not be true, but it is exactly how late USSR and contemporary Russian bureaucrats reason every of their restrictive and reactionary measures
I would say that whether or not it is in fact true (and the question you don't address even indirectly of whether, if the stated problem is true, the response is proportional) is more important than whether or not bad actors have used somewhat analogous claims when they were false as pretext for restrictive measures.
Every legitimate justification for action has been used, at one point or another, by some bad actor to justify some bad act.
Downloads are hardly a minor feature. Having a downloadable package makes it significantly easier for users to try open source software. The average user is very unlikely to want to compile from source.
> Google Code (and GitHub) aren't for average users. They're developer tools.
Google Code has a number of features -- not just downloads, but also wiki, etc. -- that, while not intended to replace a user-centric site separate from the developer site Google Code is intended to provide, in practice facilitate projects using it that way.
> Downloads are hardly a minor feature. Having a downloadable package makes it significantly easier for users to try open source software.
While it has a set of features which may have made it usable for this use, I don't think Google Code was ever really intended to provide user facing web sites for open source projects, it was designed to provide developer facing project sites.
There are tonnes of code hosting sites going back as far as SourceForge and none of them ever came up with something like this.
There's something extremely weird about Google making this kind of developer hostile move. Why would I use Google Code now when there are any number of alternatives that have no problem with hosting downloads? It's like they are trying to drive us away. I hope it doesn't hint at Google Code being on the "sunsetting" list in the future.