Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
BSD Operating Systems

New BSD licensed CVS replacement for OpenBSD 164

Jeferey Bakins writes "In an effort, by Jean-Francois Brousseau (jfb@openbsd.org), to rid the OpenBSD CVS tree of GPL'ed licensed code, OpenCVS is now officially part of the OpenBSD project. For more details, see the OpenCVS homepage; http://www.openbsd.org/opencvs/"
This discussion has been archived. No new comments can be posted.

New BSD licensed CVS replacement for OpenBSD

Comments Filter:
  • While I can understand their desire for a BDS license version of CVS.
    why the heck did they not rather write a CVS replacement/improved
    the CVS braindamage while they were at it ?
    • Re:Why ? (Score:2, Insightful)

      by Anonymous Coward
      One step at a time. Their use of CVS is deeply ingrained at the moment. Rewriting a well-understood tool is one thing. Designing and implementing a new source-control tool is a much larger, riskier task.
    • Re:Why ? (Score:5, Informative)

      by Anonymous Coward on Monday December 06, 2004 @10:06AM (#11007380)
      Read again...

      While CVS have been a functional tool in simple use, it has quite some drawbacks. Everyone who has been in the CVS guts (believe me, I have), knows that it is essentially write-only code.
      It is quite buggy, albeit the bugs are in corner-cases, not seldom noticed by people not using CVS massively. The CVS maintainers have been unwilling to accept bug reports (it may be a matter of opinion: "it's not a bug, it's a feature" has been heard). OpenBSD have had several local changes to cvs over the years.
      However, for the reason stated above (write-only code), we cannot trust the code enough. It has been one of the weakest spots of our system securitywise. CVS is also a network service, as such, it can put systems into potential risk, like
      all network services. We want to be able to put greater trust into this service. The people who thinks this is just license masturbation are wrong. It is nice to be able to free code, but the important thing is to secure it. GCC is not a network service. The GPL is not reason enough for us (yet .-) ) to rewrite it. Also, understandable code makes it easier to find a fix non-security bugs (but we like to look at all bugs, as potentially exploitable ones .-)).

      Niklas Hallqvist (I don't care enough to create a /. account)...
  • Continuing to fuel the fanatical debate that "my software is more free than yours."

    I guess whatever infection the GPL spread onto Linux users to turn them into GPL-evangelists has mutated, and is now infecting other licences.
    • It is not a debate.

      "do what thou wilt" is the OpenBSD creed and the GPL is incompatible with that, what's your problem ?

    • There's no silver bullet for licences either. The OpenBSDers want their system licenced under their rules, and more power to them. They have to remove all GPL code to do this beacuse the GPL is a more or less all or nothing free software licence.
      It's got nothing to do with evangelism, and all to do with practicality. You can't have bits and pieces of code GPLed and some not.

      Other licences are more flexible, but are less precise. I'll still be using the GPL for most of the code I write, because I want as many people as possible to use it, and be fully secure in doing so.
      • by SirGeek ( 120712 ) <sirgeek-slashdot@nOsPAm.mrsucko.org> on Monday December 06, 2004 @09:33AM (#11007152) Homepage
        There's no silver bullet for licences either. The OpenBSDers want their system licenced under their rules, and more power to them. They have to remove all GPL code to do this beacuse the GPL is a more or less all or nothing free software licence.

        Then is Open BSD going to stop using GCC ? I mean, GCC is GPL so it is using GPL software to create their system, right ?

        • by Richard_at_work ( 517087 ) on Monday December 06, 2004 @11:27AM (#11008031)
          OpenBSD will stop using GCC when the Tendra Project [tendra.org] has reached a satisfactory level of maturity. The OpenBSD team work under the premise that GPLed items are 'free enough for them' until a replacement can be found, just like Linus works under the same premise (see Bitkeeper).
          • I don't know where you got that idea.
            • I think they made the assumption that because some of the developers seem to dislike screwing with the GCC to get it to work on some the platforms beyond ix86 and that there had been some talk about TenDRA some 7 or more months back. And therefore that means the whole team is just waiting for TenDRA to be good enough for OpenBSD.

              The whole thing of people wanting tcc has been around longer than I've known of OpenBSD though, since like 1998.

              I was of a mind that if yas wanted a BSD compiler that bad you'd h

              • gcc isn't perfect, but it isn't nearly as annoyingly bad as some of the other stuff we have to use. More importantly, it doesn't have to deal with untrusted network data (like cvs does).

                A BSD licensed cc would be nice, but an absolute crapload of work - especially renovating all those programs and ports that depend on gccisms (some of which are perfectly reasonable)
        • TenDRA is pretty good. Two different versions: http://www.ten15.org/ and http://www.tendra.org/
        • Then is Open BSD going to stop using GCC ?

          Eventually, yes.

          With the generally crappiness of GCC3, quite a few developers have been looking at Tendra. Licensing issues helped, but it's really how slow and buggy GCC3 has become that is driving people away.

          And before I get modded down as a pro-BSD troll, I'd like to say, you can hear the same complaints from plenty of Linux devs as well.
          • by setagllib ( 753300 ) on Monday December 06, 2004 @06:09PM (#11011903)
            Here's where I step in with a favorite URL - http://kerneltrap.org/node/view/4126 [kerneltrap.org] - wherein Linus himself points out that GCC 3.x is a generally worse C compiler, with some advantages in C++ compiling being its only real saving throws.

            While I can't honestly say BSD projects haven't come under the same kind of problems (FreeBSD 5, for instance, which at least right now isn't a pretty sight), the tendancy is not to replace perfectly fine systems (like gcc 2.95's essential core, which was fast and light) with monstrosities (gcc 3.x). If something new is to be implemented, it has to be Right in design and in practice. If a BSD project wrote a compiler, it would be free, light, very UNIXy (functional, not kitschy), and few people would care because it's not GPL and anything non-GPL must be inferior, right? Some people...
      • I'll still be using the GPL for most of the code I write, because I want as many people as possible to use it
        Well you can count out anyone who wants to use it in a closed-source product or environment where stapling the very large GPL to everything isn't practical. GPL just ensures derived code will STAY open forever, it doesn't mean more people will get to use it - less, in fact, unless they flock to it based on license.
      • > You can't have bits and pieces of code GPLed and some not.

        Eh? You definately can, as long as there is an interface separating them. This is both the actual intention of the GPL, and if it hadn't been, there are the legal precedents that licenses don't cross interface boundaries. And the way the BSD projects generally do this is by having different *programs* under different licenses.

        > Other licences are more flexible, but are less precise.

        I am unsure of what you mean by this. The GPL is te

  • Subversion (Score:3, Interesting)

    by Ded Bob ( 67043 ) on Monday December 06, 2004 @09:44AM (#11007242) Homepage
    I was about to ask why they did not use Subversion, but I searched Google and found it uses software licensed under at least the LGPL (neon). Of course, they could have just edited Subversion to use another HTTP library like Curl or fetch (at least on FreeBSD). Maybe this has been in the planning stages for awhile.
  • by eviltypeguy ( 521224 ) on Monday December 06, 2004 @10:31AM (#11007553)
    I think the article summary is somewhat misleading, the front page of the project claims that OpenCVS is a result of the ongoing security vulnerabilities in the existing CVS project, which has grown stagnant:

    The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.

    Of course, I'm not going to be stupid enough to deny that there is a great probablity that another unwritten motivating factor was to use a non-GPL licensed piece of software. But, I think time has proven that while OpenBSD may not be a very useable distribution from a common desktop end-user standpoint, a lot of very good portable, secure code has come out of the project. Since I have to continue to run CVS servers for some of the projects I host I look forward to a secure portable CVS server that I can be more confident in.
    • while OpenBSD may not be a very useable distribution from a common desktop end-user standpoint

      I have no idea why people keep saying this. It's behind FreeBSD in the number of ports, but it still has all the major stuff available. Firefox, KDE, GNOME, etc. It's a bare Unix system, waiting to be made into anything you want it to be. How can it possibly be unusable for the same tasks that other Unix systems are usable for?

      Frankly, I find it to be a bit nicer than FreeBSD, and miles ahead of Linux, in tha

      • There's a small thing holding back Net and OpenBSD (I'm an advocate of both, this isn't trolling, just an observation) which is lack of real kernel preemption in favor of clean, simple code. While you do get the most out of your cycles this way (and it shows on lower spec machines), even on higher end machines even moderate load (in my experience, any compile job, even -j1) can make the user interface very unresponsive.

        My worst experience (possibly made worse by flaky hardware) of this is NetBSD 2 a coupl
        • Hmm, I'm not sure if this is due to the lack of preemption. Years ago, long before FreeBSD had kernel preemption and Linux already had some crude form (maybe 5 years ago), there was already a huge advantage of FreeBSD over Linux w.r.t. responsiveness while under high load (CPU and/or disk). To this day this has remained the case. 5.3 has its problems, but still the scheduling is one of the strong points.
          • Definitely, I found FreeBSD 5.3 to be very responsive (with SCHED_ULE but without the PREEMPTION option, as these two don't seem to rub together well), but it had way too many flake-outs to keep me trusting. Performance aside, things like randomly starting to drop packets on a perfectly fine Realtek 8139 network card until I ifconfig it again (no other system had this problem) really nailed the coffin. In spite of these things it's still a highly usable and functional system, but it doesn't offer enough adv
          • Years ago, long before FreeBSD had kernel preemption and Linux already had some crude form (maybe 5 years ago), there was already a huge advantage of FreeBSD over Linux w.r.t. responsiveness while under high load (CPU and/or disk).

            I attribute this to the algorithms used at the time.

            FreeBSD's algorithms (e.g. for scheduling, virtual memory etc) had extremely good complexity, whereas those of Linux had extremely low constant factors. This meant that FreeBSD worked better under load, whereas Linux worked

      • Probably because of Theo's purist License attitudes that have caused them to decide to do things like stop distributing/supporting newer versions of Apache because of the 1.1 License changes...

        For me personally, it's because it's very user un-friendly.

        While there is a ton of documentation, I shouldn't have to read a ton of documentation to setup a basic working desktop system.

        But on OpenBSD, I have to do just that...

        I've done my own Linux from Scratch system, used Gentoo, used RedHat Enterprise Linux 3
        • I shouldn't have to read a ton of documentation to setup a basic working desktop system. But on OpenBSD, I have to do just that...

          That's incredibly vague. What is it that you have to know about OpenBSD to setup a desktop? The ports system is quite trivial.

          Yes, OpenBSD doesn't come with everything installed as most Linux distros do, but I fail to see how that is a problem. Typing a couple lines doesn't require reading "tons of documentation".
  • by Geekboy(Wizard) ( 87906 ) <spambox@NOSPaM.theapt.org> on Monday December 06, 2004 @11:02AM (#11007786) Homepage Journal
    the point of opencvs isn't to randomly replace GPL'd code, but to provide a different implementation, that is free of bugs and security issues. he's also working on other features to make cvs server better, and more secure.
    • GPL uses "free" the same way Iraq used democracy. You are fee to use the code as long as you do it "our" way.
      Your sig is the most retarded statement I've ever seen. Obviously you are unaware that the GPL is not a EULA. You also seem to be unaware that using the GPL is just like publishing your work under any other copyright license, it doesn't assign your copyright over to some borg-like collective.
  • Umm. No. (Score:5, Insightful)

    by nenolod ( 546272 ) <nenolod@gmail. c o m> on Monday December 06, 2004 @11:12AM (#11007882) Homepage
    In an effort, by Jean-Francois Brousseau (jfb@openbsd.org), to rid the OpenBSD CVS tree of GPL'ed licensed code, OpenCVS is now officially part of the OpenBSD project. For more details, see the OpenCVS homepage; http://www.openbsd.org/opencvs/


    Umm. No. That's not what it's about at all. Lets correct the mistakes now, shall we?


    1) There was no OpenCVS until the OpenBSD project noticed some major security vulnerabilities posted to [seclists.org] bugtraq [seclists.org] in GNU CVS.


    2) The reason why OpenCVS was written was to provide a more secure client/server package than what the [now stagnant] GNU CVS project is currently providing. It has nothing to do with GPL vs BSD, infact the OpenBSD project is all about what RMS calls "free software".


    So basically the Slashdot editors posted a troll to the front page. Beautiful. :)

  • by chrysalis ( 50680 ) on Monday December 06, 2004 @06:07PM (#11011881) Homepage
    I don't see the point.

    CVS was nice. But it has some very lousy limitations. Working with branches is a pain, and global revision numbers are really better than per-file revision numbers.

    Software like Arch or Subversion are not just "alternative". They really solve issues that CVS had and will always have because of its design.

    It doesn't mean that CVS doesn't work. It works. Even very well and even for very large projects.
    But people who tried alternatives usually never switched back to CVS.
  • I see the following on their project goals page:

    "Provide a much better access control on repository files."

    This would be a very welcome addition for myself, and I'm sure for many others. Coupled with security being a higher priority, I'd be more comfortable running a publicly accessible CVS server which hosted both Open Source and commercial projects.

    As it currently stands, I stopped offering any more than a duplicate of our tagged releases onto SourceForge since a few CVS security issues ago when not o
  • Whatever else you might think of the merits of this project, ya gotta admit that it has an amusing logo.

    If you don't get the joke, try this. [clichesite.com]
  • Why did they rewrite cvs code to have it bsd compliant, they could already have used svn, which has been under a bsd license since day 0 of its existence. CVS was nice, but its drawbacks are obvious, it is time to move on.
    • You should try reading the posts made before you, your query was already answered.

      The remade CVS because they already use CVS, they wish to keep their history in tact.

      And Subversion is not, I repeat not, under a BSD license. It is like the Old Apache license, which is not a BSD license.

Garbage In -- Gospel Out.

Working...