OpenBSD Foundation Announced

OpenBDSfan writes "KernelTrap is reporting on the creation of the OpenBSD Foundation, a Canadian not-for-profit corporation intended to support OpenBSD and related projects, including OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. The announcement explains, "the OpenBSD Foundation will initially concentrate on facilitating larger donations of equipment, funds, documentation and resources. Small scale donations should continue to be submitted through the existing mechanisms.""

Re:OpenCVS?

[RAMMS+EIN]

Actually, I believe there was a good reason to create OpenCVS. Lots of sites still use CVS, but development GNU CVS is a mess and has become effectively unmaintained (leaving several vulnerabilities open). OpenCVS is intended for those sites who, for whatever reason, wish to continue using CVS, but also want some degree of security.

Re:OpenCVS?

[Corporate Troll]

simple is easier to audit and thus easier to audit.

Should be: simple is easier to audit and thus easier to secure.

Re:OpenCVS?

[nacturation]

No, you have your negation wrong.... If Complex == Insecure then !Complex = !Insecure, and thus Simple = Secure.

Technically you should say the following, where "->" is the symbol for "implies":

If Complex -> Insecure, then:
!Insecure -> !Complex; and
Secure -> Simple

Otherwise your method of reasoning would go like this:

Square = Four-sided-figure
!Square = !Four-sided-figure

. . . which doesn't make sense because then you could say "and thus, a non-square rectangle isn't a four-sided figure".

Good old Wikipedia has the details [wikipedia.org].
 

Re:OpenCVS?

[zyche]

What people seems to forget is that even if CVS usage is replaced with something else (like for example SVN) it doesn't make all the old CVS repositories go away. So, 20 years into the future (when we have flying cars which runs on water) you sit there (on your levitating chair) and wants to extract some files from an old CVS repo you found in the company's archive. No problem, except that GNU CVS isn't available on SuperDuper Windows Extra Deluxe 2027, due to the fact that code base and build system is such a mess that no one manages to make packages for Cygwin anymore (that and the fact that Microsoft (Operating Systems Division) does not any longer permit that GPLed software is used on its products.

Ok, I'm exaggerating, but the point is that there is no fault in having a clean and maintainable code base for the future - even if it's only used for handling legacy projects.

Besides, who are we to tell these people how to use their spare time? If anyone want to re-implement Unix in Brainf*ck, then let them.

Re:OpenCVS?

[Corporate Troll]

Yes? Which is based on FreeBSD and not OpenBSD. FreeBSD which is also used by many people on the desktop (I did a while ago, but that laptop died, unrelated to FreeBSD of course ;-) ). They are really only related by their name and their license. OpenBSD is a fork of NetBSD, which came from 386BSD which also forked into FreeBSD. [wikimedia.org] Let's say OpenBSD and PC-BSD are something like cousins.

Re:OpenCVS?

[TheRaven64]

OpenBSD has a long history with CVS. It was the first open source project to run a public CVS server; previously all open source projects had run a private CVS server that only a few people could access, and published snapshots as tarballs.

They have a lot of revision history in their CVS repository, and feel it's important to maintain this due to the way in which their auditing process works. They might switch to something else at some point, but for now CVS is the best way they have of ensuring compatibility with CVS.

Currently, they use GNU CVS, but there have been a number of security problems with it in the recent past. Part of this comes from the fact that, when it was written, GNU projects used the private-CVS-public-snapshots development model, so only trusted people got access to the CVS server anyway. After fixing a few security holes in GNU CVS, the team decided that the code was in such a state that doing a full audit and getting it up to the standard required by OpenBSD would be more effort than writing a replacement, so they decided to replace it instead. So far, they have OpenRCS, which is a drop-in replacement for GNU RCS (on which CVS is built). Now they are working on the CVS component, and seem to be making good progress.

It's really not hard to understand. Considering the code quality of the rest of OpenBSD, I'd be more inclined to use their version than the GNU one if I needed CVS. Take a look at the recent BIND vulnerability that affected every platform except OpenBSD for an example.

Re:OpenCVS?

[TheRaven64]

The reason OpenBSD didn't do this is that the CVS-to-SVN migration tool does (did?) not properly migrate all of the history information. I suspect this is a very hard problem, given the semantic differences between CVS and SVN. If it's solved, then there becomes much less of a need for OpenCVS, but until then some people would rather use a maintained and audited version of CVS than an unmaintained insecure one.

Re:Accountable, but...

[Anonymous Coward]

"OpenBSD hardware support is generally very good, with one exception; 3D graphics."

OBSD's focus is not a multimedia desktop. Routers, bridges and wireless access points don't need 3D.