New repo for the Hugo themes site

See GitHub - gohugoio/hugoThemesSiteBuilder: The source for https://themes.gohugo.io

The old Git submodule approach had … its limitations.

The new one currently does not build a demo site (I have added a demosite field to the theme.toml spec), but

• It should be much easier to add and remove themes
• It fully supports adding/removing themes as a PR (previews builds on Netlify in no time)
• It integrates with GitHub and uses the number of stars as part of the sort order
• It has some “auto warnings” in place where it marks themes that does not look maintained. I have some plans for improvements here, suggestions welcome.

Interesting. Getting rid of the demo would certainly reduce the Theme Site overhead.

But I have a number of fundamental objections to the Hugo Themes Directory and I am going to post them here in public.

Don’t you think that showcasing hundreds of Open Source themes by third party authors is too trusting?

What about theme quality? Is Open Source the only criteria?

There are plenty of reductive themes currently on the Showcase.

Also in the old repo the theme demo generation served as a check to see whether a theme complied with a minimum of guidelines.

The theme repo maintainers had to troubleshoot theme submissions and request changes or remove themes that went unmaintained and failed to build with the latest Hugo or themes that did not meet the repo guidelines.

This approach in the end proved to be a big burden for Theme repo maintainers but it was the only way to see if something was not as it was supposed to be.

(Anyway you should have a clear idea why I stopped being involved with the Themes repo last year.)

However moving forward I do think that there should be a complete rethink of the Themes Showcase.

Instead of its present form, it would be more manageable if it listed a few select community themes for specific use cases (eg. blog theme, portfolio etc), that should be created and maintained by the people who are members the Gohugoio GitHub organisation.

Like for example how the Wordpress team publishes official themes typically once per year.

This way these themes would also serve as a guide to templating and project structure practices.

Currently the only theme that sort of fits the above is the Ananke Theme that is used in the Official QuickStart Guide.

P.S. And pardon to all the theme authors I do not mean to alienate anyone but the current situation in the Hugo Themes Showcase is not manageable.

Great improvement! Sorting by number of stars is very helpful. I understand removing demos takes a lot of the overhead off, but the demos were nice to see. It looks like a lot of authors have their own demo sites linked in the readme though.

Great to see the hugoThemeSiteBuilder being used in production so quickly.

What exactly is your threat model? Are you worried that www.themes.gohugo.io could host undesirable content or that Hugo users could blindly choose a theme without checking it’s potentially malicious source code?

I’m in favor of quality over quantity. Some themes became popular and are actively maintained. Those lighthouses are meant to be kept in the gallery. Other themes are less sophisticated in terms of features or design.

Bjørn Erik already has or plans to add features that filter certain themes, e.g. if they have not been updated within the last x days or if they fail to build a simple demo.

I could some kind of spring cleaning to ensure a higher level of quality in the gallery.

That a theme is open source was always a major aspect in order to accept it in the gallery. In previous discussions we’ve refrained from the hosting of commercial themes.

See above

Sounds interesting. You can already browse themes by use cases by looking at the tags on the right side. For each tag the themes could be ordered by their number of starts on GitHub and the last commit in the theme repo. @lkhrs proposed something like this.

For the majority of themes we aimed to make them comply with the hugoBasicExample, a repository providing default content for a theme demo. This way, we had to a certain extend control over the content we are hosting. However, this approach has its (intended) restrictions that sometimes were to limiting for theme authors, because not all kind of themes and their demands towards a demo could be met. In special cases this meant that theme authors were allowed to provide their own content for a theme demo.

Theme authors always had the option to host a demo themselves without any restrictions. This approach gives then maximum flexibility while removing some overhead from the maintainers of the gallery.

There are several themes with unsafe dependencies -as you know- jQuery etc.
There have been instances of authors who served dubious content and at least another who advocated web based crypto mining.

I am most definitely not a security expert -as you know- neither am I a software engineer.

But these days I no longer trust third party themes from people whom I do not know.

Thanks for reminding me but I already knew the above.

That was a band-aid approach implemented by me and its limitations were a given right from the start. But as I mentioned above there were instances of demos with inappropriate content (crypto etc). Granted there were very few instances of demos that served such content.

But there are a lot of themes that use compromised third party libraries.

Someone else brought this up sometime ago and that issue was dismissed because it was deemed that the jQuery XSS vulnerability is not something that the themes repo maintainers should screen.

Now I am no longer involved with the themes repo, neither will I be again.

I simply gave my honest critique and I made a suggestion for a few community themes with advanced features written and maintained by members of the Gohugoio team whom we know that we can trust.

Of course such themes should be displayed front and centre. Their authors should also receive some kind of badge of trust.

But don’t you think that these themes are bit lost in the current endless listing of the Themes Showcase?

I do.

Thanks for those encouraging word, @alexandros – all I can say is: Rome was no built in a Sunday evening.

I agree with you. One is no longer seeing the forest for the trees. IMHO the visibility of themes should be seen from two angles. On one hand Hugo users should be introduced to popular, well-established, high-quality themes. A metric like the star count on GitHub might help in this regard.

On the other hand Hugo users might be interested in new themes (as in creation date of the theme’s repository, not the timestamp of its last commit). In both cases the same content is presented, just in a different order. Having dedicated pages for popular and new themes might be a good compromise.

@bep

I’m sorry, the critique was not meant to dishearten you. Instead it was honest and well-meant. Furthermore I did offer a suggestion that you may consider or not about community themes or as @digitalcraftsman indicated a way to highlight the best themes (perhaps with a trust badge or something, as I mentioned above).

I suppose that after 6 years of being around you know that I do admire your work in Hugo and I have tried to support you as much as I can.

But really the themes showcase in its present form is a bit of a Sishyphean task.

Hiding the demos does make deployment easier but I’m not sure whether it addresses the bigger issues, that I unfortunately indicated.

Anyway you already have a plan -as mentioned above- so whenever there is time I’m confident that it will be applied as you see best.

Thank you for those encouraging words.