FSF Migrating From Savannah to Gforge

bluestrain writes "It's been almost 4 months since Savannah was hacked. The site is still not completely functional, no new projects have been accepted since December 2003. Now it seems that the FSF is abandoning Savannah in favor of Gforge. RMS himself has confirmed the plans. A few developers are questioning the change. Hopefully the dust will settle and savannah can start accepting projects again."

RMS in hospital?

[slipgun]

I don't have time to discuss this further. I am in the hospital and falling behind on my other work.

He's in hospital? Nothing serious, I hope.

Re:RMS in hospital?

Aparently he had a broken arm last October (Inqurier article too). Related problem? He's only 51. There's no mention of any other event on his personal homepage.

Re:Gforge is very specialized.

[LWATCDR]

Why have the transactions in the PHP layer? Lots of databases now support transactions including MySQL.

Re:gforge slashdotted?

[jared_hanson]

GForge doesn't actually host projects (besides its own). It is simply a software package used to maintain and coordinate development efforts. If/when the FSF switches to GForge, it will be up to them to provide the resources necessary to handle the large amounts of traffic and projects. That responsibility does not fall on GForge.

Re:VA is pimping SourceForge as tool for outsourci

[110010001000]

VA doesn't even call it "outsourcing". They call it "offshoring". So much for supporting the "community".

su(1) manual page

Why GNU su does not support the wheel group (by Richard Stallman)

Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)

However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.

I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.

Re:For Benefit of Lazy Bastards...

[Electrawn]

Sourceforge, also code named Alexandria. Original concept of a public development and collaboration for Open Source Projects. Last code base available was about 2000 before VA took the project Closed source for commercial purposes.

Savannah: Fork of Alexandria code for GNU projects. I evaluated it but it was too kludgy to understand.

GForge: Fork of Alexandria code by former Sourceforge developer. Rips out foundries and is for optimized PHP and Postgresql and Apache. Patches for Oracle in beta, refuses mysql patches.

Novell Forge: Fork of XoopsForge that uses LDAP and Novell directory server. Needs Xoops 2.0 to run.

XoopsForge: Fork of Alexandria that runs as a module in Xoops. Not much Dev activity, most dev in Novell Forge.

MyXoopsForge: Fork of XoopsForge that has some active development. Used for forge.xoops.org

The only thing that may compete in the same space that is somewhat similar is PHPGroupWare.

-Electrawn

The full quote sheds some light

[eldacan]

Thank you for providing a link to the text, which confirmed my impression that we're speaking about different kinds of "security" (and that the way you presented the quotes is misleading).

Here is a more comprehensive quote:

At the AI Lab, Stallman's political activities had a sharper-edged tone. During the 1970s, hackers faced the constant challenge of faculty members and administrators pulling an end-run around ITS and its hacker-friendly design. One of the first attempts came in the mid-1970s, as more and more faculty members began calling for a file security system to protect research data. Most other computer labs had installed such systems during late 1960s, but the AI Lab, through the insistence of Stallman and other hackers, remained a security-free zone.

For Stallman, the opposition to security was both ethical and practical. On the ethical side, Stallman pointed out that the entire art of hacking relied on intellectual openness and trust. On the practical side, he pointed to the internal structure of ITS being built to foster this spirit of openness, and any attempt to reverse that design required a major overhaul.

"The hackers who wrote the Incompatible Timesharing System decided that file protection was usually used by a self-styled system manager to get power over everyone else," Stallman would later explain. "They didn't want anyone to be able to get power over them that way, so they didn't implement that kind of a feature. The result was, that whenever something in the system was broken, you could always fix it."9

Through such vigilance, hackers managed to keep the AI Lab's machines security-free. Over at the nearby MIT Laboratory for Computer Sciences, however, security-minded faculty members won the day. The LCS installed its first password-based system in 1977. Once again, Stallman took it upon himself to correct what he saw as ethical laxity. Gaining access to the software code that controlled the password system, Stallman implanted a software command that sent out a message to any LCS user who attempted to choose a unique password. If a user entered "starfish," for example, the message came back something like:

I see you chose the password "starfish." I suggest that you switch to the password "carriage return." It's much easier to type, and also it stands up to the principle that there should be no passwords.10

Users who did enter "carriage return"-that is, users who simply pressed the Enter or Return button, entering a blank string instead of a unique password-left their accounts accessible to the world at large. As scary as that might have been for some users, it reinforced the hacker notion that Institute computers, and even Institute computer files, belonged to the public, not private individuals. Stallman, speaking in an interview for the 1984 book Hackers, proudly noted that one-fifth of the LCS staff accepted this argument and employed the blank-string password.

Re:Subversion support?

[monac]

Somebody was working on gforge supporting subversion through webdav. His project name was Dforge or something. Can't check it atm. Gforge site seems slashdotted and down now. I remember he made a working alpha or beta version of Dforge when i checked a few days ago.

Subversion is so convenient and I also switched to subversion recently. Supporting subversion or Webdav may have many potential advantages in its flexible architecture. I hope webdav be integrated into Gforge into its next mainstream version.

Re:Subversion support?

[tcopeland]

> His project name was Dforge or something

Yup, it's DForge; Sung Kim is working on it. You can read his post about it here.

Re:There are some pretty big sites running GForge.

[gavinroy]

Of course the ultimate solution to this particular "problem" is to use $_GET, $_POST, or $_REQUEST, instead of relying on register_globals, and in the case of source.php that would be what, a 2 minute fix?

Re:Gforge is very specialized.

[tcopeland]

> And in the Faq that they refuse
> to accept MySql patches

It's not that simple. It'd be a fair bit of work to port GForge to MySQL, and for what gain? PostgreSQL is fast, stable, and open source. And targeting PostgreSQL means we can write stored procedures to make hotspots faster.

I agree that abstraction layers are good, though - we've chatted on the forums a bit about the pros and cons of refactoring towards PEAR.

Re:Mountain? Mole-hill?

[tcopeland]

> what's the GForge license?

GPL.

Re:Clarification

[Brandybuck]

there's no sourceforge.sortaopen.net for BSD-licensed projects, for instance.

That's because the BSD license is 100% Free Software, with the imprimatur of Richard M. Stallman himself, and 100% Open Source Software, certified by the Notorius Public at OSI.

It is not "sortaopen", it is open!

Re:For Benefit of Lazy Bastards...

[Dark+Lord+Seth]

GForge: Fork of Alexandria code by former Sourceforge developer. Rips out foundries and is for optimized PHP and Postgresql and Apache. Patches for Oracle in beta, refuses mysql patches.

Why? No seriously, I wouldn't support a project once I encounter this kind of attitude. People often go "Well, it's their project so they have the final say about it.", which is bullshit. If you're going to start your own OS project and be a complete jackass to people who use it, ( In short, your developers, bugtesters, QA people, support staff AND users all in one. ) then DO NOT START A DAMNED OS PROJECT. Look what's happening to Xfree86 for example; they went anal about licensing and voila, the OS community gave them the collective middle finger and it's highly likely that in a few years time Xfree86 wil be nothing more then an interesting little footnote in computing history. Remember people, don't just open your source, alos open your mind. And for the love of Eris, get rid of that crap "No matter how fucked up/lacking things are, my will be done. Infidel." attitude.

On a slightly different note, doesn't this whole idea about SF, one of the flagships of the OS community, is actually closed source and used to promote offshore outsourcing seem painfully ironic? Especially when one considers Slashdot is actually part of VA Software? Don't you subscribers love to know that your hard-earned money might one day be used to A) buy these people a penis extension on four wheels with an engine and B) fire this guy and replace him with Deeptendu Chakrapani from Bangladesh? At least the spelling will improve, though...