My name is Jono and I started as Director of Community back in November at GitHub. Obviously I am pretty new at GitHub, but I thought I would weigh in.
Firstly, thanks for your feedback. I think it is essential that GitHub always has a good sense of not just what works well for our users, but also where the pain points are. Constructive criticism is an important of doing great work. I appreciate how specific and detailed you were in your feedback. Getting a good sense of specific problems provides a more fruitful beginning to a conversation than "it suxx0rs", so I appreciate that.
I am still figuring out how GitHub fits together as an organization but I am happy to take a look into these issues and ensure they are considered in how future work is planned. We have a growing product team at GitHub that I know is passionate about solving the major pain points that rub up against our users. Obviously I can't make any firm commitments as I am not on the product team, but I can ensure the right eyeballs are on this. I also want to explore with my colleagues how we can be a little clearer about future feature and development plans to see if we can reduce some ambiguity.
As I say, I am pretty new, so I am still getting the lay of the land, but feel free to reach out to me personally if you have any further questions or concerns about this or any other issue. I am at jono@github.com.
An open question is how the community should provide feedback. Trello provides a decent example of how to do it well [1], but GitHub feels like a black box. I've been on GitHub since 2008 and I have been paying every month for years, but other than emailing support I have no idea how to vote for a feature request.
My personal pet peeve is not being able to mark a public repo as 'deprecated'. There are a lot of other people with the same frustration [2], but we have no idea how to get that on GitHub's roadmap.
An open question is how the community should provide feedback.
Perhaps if Github used their own issues system to gather feedback on Github itself, they'd more rapidly improve it. I'm sure they'd feel a lot of these pain points in a far sharper, more visceral way if they were subjected to them daily.
Yes it is fairly bizarre that Github don't dogfood the issues function. I'm sure they have an internal system that they prefer, but even that internal system could have a public interface. Also, if the internal system is superior then its superior features could be added to the public system so that we could all benefit.
Where are you getting that they don't dogfood the issue tracker? It's a private tracker (private repository) but from what I've seen in the Github blog, they do... it wouldn't make much sense if they didn't.
If they're using it, they're doing so in completely different fashion than everyone else. That is, it's not public for viewing, submitting, commenting, etc. Indeed TFA indicates exactly the sorts of pain points that would be missed by those using the tool in such a radically different way than everyone else. If someone at GH had to wade through all the damn +1's then something would have been done about them years ago.
Ditto. Maybe 98%. I think that's a big part of the disconnect I'm seeing here in the comments. Those of us that live in private repos are likely pretty happy with how things currently work especially since we're the ones paying to use the service. If it wasn't working well for our teams, we'd find somewhere else to spend our money. That being said, we're certainly the minority when it comes to users on the platform.
> Privileging the priorities of my private repos over their public dependencies would be shortsighted
I think that’s Github’s call, but I definitely don’t disagree with you and apologize that I came off that way. Open source projects exposed me to Github and greatly benefit the projects I work on in private repos. I really do want those projects to have an effective platform for growth and stability. I don’t want to water down their needs; I just wanted to offer some balance to the discussion.
My point was simply that this probably isn’t something that is as easy for Github to solve as it may appear on the surface. Any changes they make to the issues system can’t upset the low friction way it works for repos with a modest amount of contributors (and +1’s from clients are appreciated). I hope that positive changes come out of this letter.
If Github were to leave Open Source projects high and dry, they’d lose my business.
>That being said, we're certainly the minority when it comes to users on the platform.
But you're the huge majority of people who give GitHub money. It makes sense not to prioritize the pain points of open-source projects when you lose money by hosting them.
We have the diamond level plan from GitHub and have >260 private repos at my company.
We only chose GitHub because we wanted to host our open source repos there. If they don't prioritize the open-source projects then we have no reason to pick them over BitBucket or something else like that.
I only pay Github money to host my private repos because their platform also hosts most of the open source projects I use. If enough of those projects leave for a service that does open source better, I'll be happy to follow them. Otherwise I may as well be using Bitbucket or Gitlab.
We don't pay GitHub precisely because they lack features we can implement in GitLab.
Much of that is due to the OP's requested features that are currently missing. But tbh, it is too late to get us to switch.
> Issues are often filed missing crucial information like reproduction steps or version tested. We’d like issues to gain custom fields, along with a mechanism (such as a mandatory issue template, perhaps powered by a newissue.md in root as a likely-simple solution) for ensuring they are filled out in every issue.
For instance, is something we basically implemented in our local version of GitLab but aren't sharing because our implementation pulls this from internal docs other people can't use. Our CSRs put issues into GitLab but they tend to forget steps while on the phone with a user.
We wouldn't have bothered if we had something like this when I was evaluating GitLab vs. GitHub.
I think a lot of companies forced this because for a while the api permissions weren't granular enough when dealing with private repos on organizations. They added the "Third-party application access policy" sometime in the last year or two. I might be wrong though.
I would guess that private repos have a much smaller user base, in that that they work for companies where they are trained in specific policies to submit issues and work with the repos. With public repos you're at the mercy of widely differing levels of user experience.
> If they're using it, they're doing so in completely different fashion than everyone else. That is, it's not public for viewing, submitting, commenting, etc
Huh? Github isn't opened sourced so how is a different fashion from anyone else using private repos?
Users can use those buttons to +1 or -1, and any comments that contain nothing but an emoji (like `:+1:`) are automatically converted to emoji awards, as we call them.
> My personal pet peeve is not being able to mark a public repo as 'deprecated'.
What I came up to work around this is:
- Create an org named <YOUR-USERNAME>-deprecated
- Move the projects to the organization
- Set the avatar of the organization to your avatar, with desaturated colors (purely cosmetic, optional)
I watch the project and did not see "UNMAINTAINED", cause i scroll automatically on github projects down to the readme.
I search and then i see it in the title.
Better would be an Option in Github to set a project to unmaintained or deprecated, with an optional link to the new project (if some exist).
Github could then change the background color from white to an other color or add a border around the page, so that it is really obvious that this project es EOL.
Have a look at the trending erlang repositories[0]. You will always find, near the top, basho/rebar. However, the subject on this reads:
ATTENTION: Please find the canonical repository here:
The same advice is in the README.
What this tells you is that enough people are not only using this repository, which was last updated in August 2014 with a change to the README directing people at the new source, but people are giving it stars this week such that it shows up as "trending" higher than the correct repository.
> I normally put a big "[DEPRECATED]" notice at the beginning of the README.
Aye. Some folks in the discussion linked to by krschultz complain that "People sometimes don't read the README and -thus- don't notice deprecation warnings.". To them I ask: "What makes you think that those sorts of people will notice anything less than an overlay that prevents them from interacting with the Github UI for that particular repo?".
One concern would be around tools that fetch from github automatically. go get for example would need some sort of structured metadata if it wanted to surface an error to a user that a library is deprecated.
> One concern would be around tools that fetch from github automatically.
Sure. But... like... git doesn't know anything about deprecated repos. AFAIK, that's not a feature of git's repo fetch machinery. Anything Github would do to address this would have to modify the contents of the repo, right?
> ...go get for example would need some sort of structured metadata [to do reasonable repo deprecation warnings]
I mean, the JavaScript development community has -collectively- decided on a huge bundle of ad-hoc standards. I bet that it would be trivial for the signatories of the open letter to decide on a tagging mechanism to use in their README files to indicate repo deprecation. Do you disagree?
Go get does not start with a git clone. If you go get example.org/pkg/foo go fetches https://example.org/pkg/foo?go-get=1. So coordination between go and github could implement something for deprecated repositories without changing anything in git.
Fair enough. (I don't use go, so I'm unaware of pretty much all of its internals.) [0]
> ...coordination between go and github could implement something for deprecated repositories without changing anything in git.
A couple of things:
* This only fixes things for Golang. It doesn't fix it for the couple-thousand other tools that pull things from Github.
* I never suggested changing things in git. That would be freaking nuts. :) EDIT: Or did you mean "without changing anything in the git repo"? If you meant that, then I strike this bullet point and apologise for the noise. :)
* Frankly, having a well-known file in your Git repo that contains meaningful tags seems far more compatible than changing git, or altering the $BUILD_TOOL<->GitHub integration... for one thing, the convention could be trivially adopted by non-git users. :)
I am not your grand parent poster but I fully agree with you and I'd go further than that.
The people who ask for more proprietary features (or should I say anti-features) in Github are encouraging lock-in inside of Github. Github ought to be a hub. I'd like to emphasize on the hub part as it should be one hub out of many. It should not be the center of the software universe any more than AT&T/IBM/Microsoft/Google/Facebook/Uber.
So, I heartily agree that vendor lock-in is bad. [0] However, git doesn't handle mailing lists, or issue trackers, or hands-off repo push access control, or.... So, if you're going to do more than just serving git repos, you're almost certainly going to have to do these things yourself, and you very well might end up doing them in a way that differs from how everyone else is doing them.
I mean, as long as you can get complete exports of the data in the important non-git bits, who cares, right?
Agree. I've had literary thousands of libs/tools/apps dependencies in one of my projects that was built using automatic tools (Bitbake + Yocto). It's simply impractical to go through all these README's manually, so a tool to detect depreciated projects is a must in such situations. Of course, one could implement some tool to scan all README files for keywords ('DEPRECIATED', 'UNMAINTAINABLE' etc.), but that's just a workaround and I'd like a proper, reliable way to do that.
What if the maintainer never marks the library as deprecated? What if they're just hit by a bus?
I feel like if you have so many direct dependencies that you can't keep tabs on them, you simply have too many. Whoever decided it was OK to depend on that library should be able to follow it closely enough to say when it cannot be depended on.
"What if the maintainer never marks the library as deprecated? What if they're just hit by a bus?"
There are a lot of "if's" and many things might go wrong -- there's almost never 100% guarantee, but every mean that makes end product more reliable is a good idea.
"I feel like if you have so many direct dependencies that you can't keep tabs on them, you simply have too many."
Such number of dependencies is common when building custom Kernel/OS + application. Also, I've never mentioned direct dependencies, some are just tools to build tools. It wasn't event that big of a project -- a relatively small (~150 Mb) custom OS with Qt application for an embedded device.
I've had pretty good success with feature requests in Github – but I agree that it at least _feels_ like it depends on who is replying to you (or even what state of mind they're in; copy paste responses has been had).
Anyway, a good example of a successful feature request – shared since it might help others in their quest for success – included me attempting to reduce the problem, scoping it and suggesting a solution. If you can find examples of this problem over multiple open source repositories (in my case nodejs) it seems to contribute to it getting fixed.
As a software engineer, I am reminded of when I go to Home Depot and ask someone for help and they say, "Oh, I do not know. I am new here...". I think it is best to come prepared with the right answers. As you can see from the doc, there are a lot of maintainers who have signed this. Perhaps:
- Note the feedback.
- Bring in the right folks to consult with on your end.
- Write a public response with concrete information (should be first interaction).
- Finally, reach out to the authors of this post. Perhaps, getting them more clarity on your roadmap and your thought process will go a long way in resolving matters like this with high profile maintainers.
My main goal in responding was to acknowledge the issues. This is just the start of the process, and by no means the end.
The next step, as you mention, is to bring the right people in. This is why I want to ensure this is raised with our teams inside GitHub to explore ways to rectify some of these concerns.
I personally prefer someone to at least acknowledge someone now owns the issues than to wait in silence while they gather the right people and formulate a concrete response. That doesn't happen quickly in some cases and the silence can exacerbate the issue, which ironically is why this hit HN in the first place.
I appreciate the prompt response. Face-to-face at Home Depot you know the message was received. Online it's nice to get an immediate read receipt with the real reply coming later.
Promises about the future about Github’s roadmap is understandably difficult to make, besides by a very small number of people at the top. I don’t think this is the expectation. But visibility into past failure to address these concerns and the current status is long overdue. I assume when these maintainers reached out in private channels, they were equally detailed, and have waited years.
At present, I’m not sure how this response is different from the "empty response" that motivated the publication of this document in the first place, except that this response is also public. Comments like "happy to take a look into these issues", "considered in how future work is planned" and "ensure the right eyeballs are on this" uses a lot of words to say nothing. If the community department is not the right place, maybe it’s time to walk over to where the the product group sits and ask. They probably read Hacker New too.
I’ll also highlight a possible theory: the right people at Github have already looked at these requests and decided that is not what Github Issues is for. Perhaps Issues is prioritized for the masses, not the small minority of very popular projects (but not resourceful enough that they have staff). Each of these feature requests do add friction (if only in complexity) and the majority of projects that do not need and should not utilize them. Hopefully someone at Github will quash this theory but it is consistent with events so far.
GitHub has settings for individual repos. People can opt to turn the issue tracker off completely.
Why not have the option to enable issue voting? It could be as easy as stars for issues.
Custom issue instructions would be trivial to tuck away in the settings page or associate with a specially named markdown file. They turn a wiki on by default, but you can't instruct users about the info you expect in their issue on the page where they create the issue. Documentation is very effective when it is inline with the system it is describing.
Custom issue fields with validation is a little more complex. Punt.
One thing I would love to see for my own projects is a way to temporarily completely block off contributions on threads by people who only watched/starred the repository for less than 48 hours or something like this.
When people submit your issue tracker to hackernews/reddit/twitter all hell breaks lose and time gets wasted for nothing.
Interesting idea, but I wonder what the right metric is to determine legacy vs. new users. I certainly haven't starred/watched every package I've ever `npm install`ed.
Respectfully Jono, I think your reply is symptomatic of the issues at the heart of the matter. GitHub is, whether it expected to be or not, whether it wants to be or not, now at the heart of the OSS community. For the "Director of Community" at a company which plays such an important role in the OSS community, which itself plays an enormously important role in the broader software and civic communities and is populated by abnormally high numbers of passionate and talented contributors, to respond to a HN story with such a high profile by:
1) apologizing for being new
2) extending borderline patronizing praise (the OP likely wanted a response to the issues put forth, not your approval)
& 3) a promise, which you can't necessarily keep, to put eyes on the issue instead of speaking to the issues raised directly.
It's not what I would expect from someone in that role at that sort of company. It's, unfortunately, what I would expect from a company that had the sort of issues raised by the OP.
Your response, specifically #3, makes me wonder if you have ever worked in a medium to large business. Forgive me if I read it wrong. I think his response is solid and the best that one could expect from his role. I could not imagine some director from a different department by passing the product team and coming to my development team and saying, "stop what you are doing, and handle my request! I read something on HN! I need a plan of action that directly addresses issues that were raised!". I would, however, expect him to say that he knows or can find out (he is new still) who needs to see this and make sure the discussions happen to ensure that product team has the information required to make an informed discission allowing for a roadmap to be formed that could be shared with the community. He can totally guarantee the right people see it. He can't ensure they do anything about it, but he can champion the issue. I would hope/expect to hear back after all this has happened. What's wrong with saying he is still getting an understanding of how things work at github? And what approval are you dismayed with? His acknowledgment that feedback is important? That was just civility.
I have indeed worked at a very large (both capitalization and payroll wise) company. I've also worked at small and medium sized companies. But, as relates to my experience at the very large one, this guy would have been eaten alive for putting out that response. Perhaps your definition of large is different from mine. However, my point had nothing to do with the size of the company and everything to do with the role the company plays within the OSS movement.
One suggestion is to improve the permissions system. For example, third-party github plugins that interact with the github system (e.g., setting labels, responding to comments) require "write permissions" which gives those systems "push" access to the underlying repo. Simply separating the git repository access control from the github UI / issues / pull requests access control system would be very helpful. I'm sure there are many other examples of where the permissions system needs some finer-grained access.
I've been personally paying for a couple of years, and the SAAS company I work for (~50 engineers) has committed to moving away from Github for some of these (and other) reasons.
Here are some of my fave :+1:-a-thons that help demonstrate when the issue system starts to be less useful, and the Github acknowledgement seems sparse:
Also, you might consider empowering your social media team. I see Github as a pretty cool company. And when I sent this tweet, I was expecting to have a bit of a shared chortle with this tweet as I know I would of had with @SlackHq:
I've witnessed Jono's outstanding work at Canonical/Ubuntu, and as you can see from his comment above he's a great guy. No matter what you think of Github, I think you should appreciate this.
There appears to be a need for some a different class of repository for larger open source software.
Similar to the way twitter provides verified accounts maybe
GitHub should consider a tagging these popular repositories to allow for more advanced control over the collaboration project.
When I first read the letter I was a little bit disappointed, one thing I've enjoyed (to an limited extent) is the low barrier of entry to pull requests. The spring boot team especially are extremely patient and understanding when it comes to pull requests.
Hopefully there's enough community will in this to encourage GitHub to make the change, if it does really come down it not being worth the money it would be a disappointing sign.
Are you THE Jono Bacon of Ubuntu fame? If so, I have the best of hopes for Github.
Best of luck in your new position and I hope we'll get to see many great new features on the platform.
That's why you shouldn't use Google Docs for such an article (even if it comes in the form of a letter). Nobody expects the concept of pages on the web (as in books, not as in web page).
Did you....not read the open letter? Or not realize that the scrollbar for this one goes all the way to the end of the page, and then there's an inline link saying 'see more signatures'?
When I read the letter, I saw that it extended across two printed pages. Were these printed pages not the pages to which pvorb was referring to?
After re-checking the link:
Ah! See, the document that you are looking at is hosted on Github. At the time of my comment (~six hours ago), it was a two-printed-page document hosted on Google Docs. dang comments here: https://news.ycombinator.com/item?id=10907271 (four hours ago) that he changed the link from the Google Docs document to the Github document.
(And now that I know that, the wave of downvoting makes a lot of sense. (even though pvorb explicitly says that he's looking at a document hosted on Google Docs))
@jono Will you be able to answer, if github has any plans in the roadmap to open source the code in 1-2 years and develop in open instead of closed rooms.
Given many open source project adopting it for their code repository its important question to be answered.
Otherwise sourceforge.net story will repeat again, this time with github. Many projects adapted it when it was closed source and then when they open source it slowly and later due to falling revenues just started crumbling.
Problem with them open sourcing their platform is that the platform base is used in enterprise and how the bulk of their revenue is made... Who wants to buy milk when the cow is being given away?
They are getting hosting deals for many of these companies themselves. Why spin up your own github clone when you can just use github?
And gitlab is now 99% feature-compatible with github. If you aren't using the developer ecosystem of github.com, you are not missing much using the free software option already.
My name is Jono and I started as Director of Community back in November at GitHub. Obviously I am pretty new at GitHub, but I thought I would weigh in.
Firstly, thanks for your feedback. I think it is essential that GitHub always has a good sense of not just what works well for our users, but also where the pain points are. Constructive criticism is an important of doing great work. I appreciate how specific and detailed you were in your feedback. Getting a good sense of specific problems provides a more fruitful beginning to a conversation than "it suxx0rs", so I appreciate that.
I am still figuring out how GitHub fits together as an organization but I am happy to take a look into these issues and ensure they are considered in how future work is planned. We have a growing product team at GitHub that I know is passionate about solving the major pain points that rub up against our users. Obviously I can't make any firm commitments as I am not on the product team, but I can ensure the right eyeballs are on this. I also want to explore with my colleagues how we can be a little clearer about future feature and development plans to see if we can reduce some ambiguity.
As I say, I am pretty new, so I am still getting the lay of the land, but feel free to reach out to me personally if you have any further questions or concerns about this or any other issue. I am at jono@github.com.