OpenBSD Project Will Release OpenCVS 287
thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.
Re:We need a new one? (Score:3, Interesting)
You obviously are unfamiliar with the CVS dungpile, err.. codebase. For instance, there is no access provider mechanism - they copied and pasted the code from the filesystem tree to make the pserver tree, then nobody thought "hey, maybe this will be a maintainability problem later?"
There is also no application-level interface to CVS. CVS tools typically use regexp or other parsing techniques to invoke the CVS command-line and parse its contents.
If this causes a slower transition to Subversion, it will be because people don't need to run away from the existing CVS implementation screaming anymore. A good implementation of CVS will put the emphasis of subversion right where it should be - adding compelling features which will convince people to move to it.
As far as 'less interoperability between operating systems' is concerned, I do not see why this would be restricted to BSD systems, any more than openssh was.
Re:subversion? (Score:3, Interesting)
Re:What is wrong with subversion? (Score:3, Interesting)
Damn, where to start? In no particular order:
The list goes on and on and on, but I'm not interested in continuing it just now. Subversion hasn't managed yet to be the worst version control system I've ever seen: that title is still held by PVCS on Windows 3.1, circa 1995. It's getting to be a close race, though.
Lots of reasons... (Score:3, Interesting)
I am not a fanatic about BSD vs. GPL, but let me count the ways...
OpenBSD has been slowly stripping/replacing GPL software wherever they can. Recent fatalities include gzip and gawk. It's their distribution, and they can do what they want.
But I for one am glad for OpenBSD. It fits me like a glove. I just wish that Microsoft couldn't copy so much of it.
Re:Development has stagnated? (Score:4, Interesting)
More power to them... (Score:3, Interesting)
That said, I (and many others) consider Subversion to be the logical successor to CVS, and it seems to me that any effort spent on revision control would be better spent contributing to Subversion (or Arch maybe) instead of writing yet another version of something that's essentially obsolete.
OTOH, if they have major disagreements with the fundamental architecture of Subversion (and I understand that some people do) then maybe it would be better to just start from scratch, and design their own vision of an ideal revision control system?
Either way, it probably means more quality open source code, and in the long run, everybody ultimately benefits.
Re:We need a new one? (Score:2, Interesting)
You know, this is precissely how OpenBSD was born. Theo de Raadt was contributing to NetBSD until the NetBSD core decided to remove his write privileges from its sources. Theo, upset, decided to fork and start OpenBSD.
Originally, it had nothing to do with security, but rather with "openness" (from Theo's point of view, after he was kicked out). I suppose it would be called SecureBSD had security been the reason Theo started working on it.
You can find out more about this straight from the horse's mouth [theos.com].
So, I suppose, forking established projects due to disagreements such as these is nothing new for the OpenBSD people.
Re:What is wrong with subversion? (Score:4, Interesting)
So what. Disk space is too cheap to develop to edge cases like your laptop.
Subversion is slow
Because it's doing a lot more things than CVS ever did. Those things are useful.
The server-side database is too easily and far too frequently corrupted or left locked
I rarely run into locked databases (on the scale of only 1 or 2 a year) and I have never seen database corruption.
Most Subversion installations are configured to work over HTTP (only).
And how is it Subversion's fault that admins don't set the installation up to use a more secure transport. We use subversion over https with a self-signed certificate. The weak point in that chain is not with subversion, it's with the local machine, and if the local machine is compromised, both subversion/https and cvs/ssh are both equally vulnerable.
The list goes on and on and on, but I'm not interested in continuing it just now
In other words, I can't think of anything other than "it won't fit on my 9GB disk", and "some people don't set it up securely".
Lamer.
Re:What is wrong with subversion? (Score:3, Interesting)
the slowest part - the authentication phase -
is not repeated. Works really really good.