The second article suggests GitHub has a similar problem and the first says that SourceForge has an opt-in policy. I can obviously understand people wanting to boycott SF but no-one is talking about avoiding GH downloads. Did I miss an element of this story?

I guess the main difference is that it is SF themselves that add some of the crapware in binaries distributed by them. As far as I know, Github have never done that.

That people may upload malware to their github repo is quite different.