Slashdot Mirror

← Back to Stories (view on slashdot.org)

FSF Migrating From Savannah to Gforge

Posted by ryuzaki0 on from the its-never-easy-for-the-fsf dept.

bluestrain writes "It's been almost 4 months since Savannah was hacked. The site is still not completely functional, no new projects have been accepted since December 2003. Now it seems that the FSF is abandoning Savannah in favor of Gforge. RMS himself has confirmed the plans. A few developers are questioning the change. Hopefully the dust will settle and savannah can start accepting projects again."

26 of 208 comments (clear)

  1. There are some pretty big sites running GForge... by tcopeland · · Score: 4, Interesting

    ...already. Savannah moving over is certainly a big one, though.

    Stuff like this is why we're continuing to optimize GForge's SQL...

    --
    The Army reading list
  2. good news! by larry+bagina · · Score: 5, Interesting
    No offense to the OSDN/Slashdot guys, but sourceforge has started to suck dick lately. Constant downtime, searches that don't work, CVS running a week late, and now PBS-style appeals for money on the front page.

    If you just need a good (and free) public CVS server, what other options are there besides sf and gforge?

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

    1. Re:good news! by FreeLinux · · Score: 5, Interesting

      but sourceforge has started to suck dick lately.

      I hadn't heard about this new feature. It could be rather interesting. But SourceForge has been having too many problems for too long. It seems as though no one is maintaining it, they simply disable a feature when it breaks. Additionally, I have always been concerned about having so many projects and information sites in a single OSDN basket. One never knows what the future holds for OSDN.

    2. Re:good news! by daishin · · Score: 3, Interesting

      Well, why dont you invest lots of money like SourceForge into servers and making it as good as it can be, I mean being over-loaded with people such as you who then complain that its starting to suck, well ofcourse it is and if its a problem you should help those good people out and donate resources to them.

      --
      (\_/)
      (O.o) This is Bunny. Add Bunny to your signature
      (> <) to help him achieve world domination.
    3. Re:good news! by tcopeland · · Score: 3, Interesting

      > it means 20-minute mailing list searches,

      Although SourceForge will be much faster now that PlayFair has moved to Sarovar :-)

      No, but seriously, folks. If the top 10 projects moved off of SourceForge, I bet that'd eliminate 75% of the load. eMule alone gets downloaded a quarter-million times a day...

      --
      The Army reading list
  3. RMSs history on security by Rapid+Home+Offer · · Score: 3, Interesting
    For Stallman, the opposition to security was both ethical and practical. On the ethical side, Stallman pointed out that the entire art of hacking relied on intellectual openness and trust. On the practical side, he pointed to the internal structure of ITS being built to foster this spirit of openness, and any attempt to reverse that design required a major overhaul. -- Free as in Freedom

    The decision to move to GForge was made by Bradley Kuhn and the system adminitrators, according to Richard Stallman. They considered Savane could not be made secure enough. -- Sylvain Beucler, 2004

    Seems like Stallman has lost sight of his roots!
    1. Re:RMSs history on security by JamesKPolk · · Score: 2, Interesting

      Did you read the words you quoted? "The decision.. was made by Bradely Kuhn and the system administrators."

      What do Stallman's roots have to do with it? Do you expect him to wield supreme veto power over anything done by anyone at the FSF?

    2. Re:RMSs history on security by Sunnan · · Score: 2, Interesting
      or he's starting to show signs of being realistic.


      Yes. This is an increasing problem in our community - witness the GFDL debate. The RMS of old was wildly - some would say blindly - utopian. "No passwords", "Everyone can learn how to program", "It's possible to write a free operating system including compiler tools and editor".

      We owe a lot of the results we've seen to that lovely, crazy optimism.

      Sometimes you're wrong, of course, and get bitten - but sometimes you are very right. The success of the free software movement is testament to this.
  4. Subversion support? by jared_hanson · · Score: 3, Interesting

    Anyone know if they can get subversion support in their as long as they are going through the effort to switch? I'd really like to see a free OSS hosting solution using all the latest and greatest tools. That and I'm not to sure about trusting the future of SourceForge, given VA's seemingly complete retraction from the open source community.

    --
    -- Fighting mediocrity one bad post at a time.
    1. Re:Subversion support? by Electrawn · · Score: 2, Interesting

      I don't think Subversion has taking the beating CVS has at Sourceforge and Savanah. If they offered CVS and Subversion concurrently, that would be great, but with the penetration of subversion clients in IDEs and the like, I'd like to see CVS stick around a bit.

      Sourceforge is now a commercial product with commercial bugs. A perfect case study of what not to do with OSS code. No significant alternatives have appeared to challenge SourceForge other than Savannah. Considering the bandwidth costs I doubt any others will step up.

      -Electrawn

      -Electrawn

  5. Gforge is very specialized. by Electrawn · · Score: 5, Interesting

    Gforge may be great for high traffic sites like Savanaah, but for low traffic 1-10 project sites I use Xoops+MyXoopsForge or Novell Forge. I think Savanahh made a good choice here, but they are stuck once they port. Novell Forge is the other choice.

    GForge uses some highly optimized transaction stuff and database functions inside postgres that probably should be in the PHP layer.

    Reminds me to port MyXoopsForge to postnuke to take advantage of ADODB! Compatibility or speed?

    -Electrawn

    1. Re:Gforge is very specialized. by Electrawn · · Score: 2, Interesting

      Why have the transactions in the PHP layer?

      Compatibility vs. Speed. I don't like the fact Gforge is highly optimized for Postgres only. And in the Faq that they refuse to accept MySql patches. Thats pretty arrogant, but it's their project.

      I like abstraction layers like ADODB or php PEAR. Either allows you to migrate from say MySql to Oracle or Postgres to DB2 with 1 or 2 PHP code chages. Moving the data is a different story, but it can be done.

      -Electrawn

  6. VA is pimping SourceForge as tool for outsourcing. by Anonymous Coward · · Score: 5, Interesting



    Go look for yourself. VA is pimping SourceForge off as a tool to help companies ship jobs overseas. They don't even hide the fact.

    Have a look for yourself: VA Software

  7. The diff between GForge, SourceForge and Savannah by Anonymous Coward · · Score: 2, Interesting



    1) Savannah is insecure.
    2) GForce is nice.
    3) VA advertises SourceForge as a tool to help companies ship jobs overseas. Go look at their website for yourself if you don't believe it. They're not even bashful about it. I'm not surprised people are leaving it in droves, if not for sucking, but for the fact they're (the developers) are getting dicked as well.

  8. Re:VA is pimping SourceForge as tool for outsourci by sashako · · Score: 2, Interesting

    What's so wrong with using the techinical tools for outsourcing. If you don't like this trend, I understand you. But the best way to fight IMHO is to promote a law that requires paying the US (or watever country's corporation is outsourcing) minimal wages to the workers in India, Russia, etc. This will not allow them (us) compete only on price.

  9. You're out of context, and way off by Rapid+Home+Offer · · Score: 2, Interesting

    The very next words I quoted said, "according to Richard Stallman". Well, I guess you see that as him throwing his hands up in the air and giving up. You don't know Stallman very well, do you? If you recognized the way RMS works, you'd know that on religious differences like this, he is very pedantic and doesn't stop.

    I mean, read the following made up quote to realize that I'm right: "The decision to move to MS IIS was made by Bradley Kuhn and the system adminitrators, according to Richard Stallman. They considered Apache could not be made secure enough."

    Sure, this comparison isn't exactly valid because GForge is GPL'd and Apache is way more secure than IIS, but Richard "St. Ignucius" Stallman's brain is not wired like most people's, and believe me, he has veto power on all religious issues.

  10. About gna.org by Anonymous Coward · · Score: 5, Interesting

    Many of the previous savannah contributors have already moved to gna.org, which is sometimes referred to as savannah's successor.
    I have already moved all my projects to gna a month ago. Gna is way more stable and way faster than savannah. I love it.

  11. Re:Open Source/Free Software by Smitty825 · · Score: 2, Interesting

    IIRC, back in the day (during the boom), SourceForge was released under the GPL. After the bust, they changed the license of the SF software to proprietary, and tried to sell it to the highest bidder.

    I think that Savannah was forked from the GPL-based Sourceforge...

    --

    Doh!
  12. Slashcode is specialized too by Electrawn · · Score: 2, Interesting

    I could be, but who uses slashcode? If you want blogging software you can use Moveabletype or livejournal.com / greatestjournal.com .

    Oh? Slashdot a news site? Sorry. Xoops for Mission Critical stuff, Php-nuke, Post Nuke and any derivatives, tikiwiki or some other CMS derivative.

    No one cares about Slashcode because no one uses it other than Slashdot.

    -Electrawn

  13. Not exactly. by devphil · · Score: 4, Interesting


    There are two reasons this decision is somewhat controversial for those of us maintaining FSF-related projects:

    1. The decisions are made in a closed environment.
    2. The Savannah admins have not demonstrated sufficient competence nor responsiveness. (Not meant to be a personal attack; I think they only have a few part-time volunteers.)

    For example, GCC is under constant pressure by RMS to move from its own server (that happens to be hosted at Red Hat) and onto Savannah. But this pressure has been resisted for the same reasons, and it will continue to be resisted regardless of what "packaged development environment" Savannah is using.

    With regard to the pair above, (1) the GCC maintainers have never been invited to share their concerns with the Savannah maintainers; when they speak up, they're ignored, and (2) Savannah gets fscked up on a regular basis, and complaints are ignored. For example, Savannah is supposed to be mirroring the GCC CVS repository, but it falls over constantly, leading to even higher load on the GCC servers as users switch over. The Savannah team has a long long way to go if they want to hold themselves up as a reliable open development site.

    --
    You cannot apply a technological solution to a sociological problem. (Edwards' Law)
  14. Re:There are some pretty big sites running GForge. by NightSpots · · Score: 5, Interesting

    It's unfortunate, because the code is insecure as hell.

    For instance, 'source.php' lets you view the source of files, but only if 'sys_view_source' (a global) is set in the config.

    Of course, they don't check to see HOW it is set, but rather, allow you to pass it on the _GET global, which overrides the config, which, of course, lets you view the source of any file:

    Compare:

    http://gforge.org/source.php?file=source.php


    http://gforge.org/source.php?sys_show_source=tru e& file=source.php

    Nice, eh?

    --

    --
    Use Vobbo for Video Blogs
  15. Re:There are some pretty big sites running GForge. by Anonymous Coward · · Score: 1, Interesting

    tperdue has the docroot in his home directory:

    Insecure!

  16. Re:There are some pretty big sites running GForge. by gavinroy · · Score: 5, Interesting

    The PostgreSQL community is also migrating to GForge from GBorg. I'm pretty excited to see the outcome. There are some things I'd like to see in GForge, which can easily happen if enough people take the time to submit patches, such as modular support for revision control systems. Remember GForge is a fork of Sourceforge, maintained by one of the original architects and authors of Sourceforge.

  17. Re:There are some pretty big sites running GForge. by Anonymous Coward · · Score: 1, Interesting

    You can force this into a more secure mode by reading the global variable (from _GET, _POST, etc), unsetting it, and THEN reading the config, which will override the unset global.

    There are secure ways to write PHP code, GForce ignores them.

  18. Re:Free Rider Problem; Tragedy of the Commons by David+Hume · · Score: 3, Interesting

    Yeah, minor issue though - SourceForge is owned by VA Software (LNUX on Nasdaq) who has reaped millions from their IPO. Sourceforge is no more open source than www.microsoft.com is.


    VA Software may be a for profit company, but SourceForge still "provid[es] free hosting to tens of thousands of projects." If that isn't sufficient to create a free rider problem and a bandwidth tragedy of the commons, nothing would.

    And while VA Software may have "reaped millions from their IPO," one may wonder where all of that money is now.

    --
    Only Women Bleed (Sex, Sharia remix)
  19. No it does not aply to all those by Anonymous Coward · · Score: 1, Interesting

    Only point 2 refers to PG specific routines ...

    Since they are accepting patches for Oracle it seems they are willing to support other databases as long as it is just about replacing "PG specific routines" ... and not about recoding functionality they feel should reside in the DB.

    So the solution seems simple ... if you really want them to support MySQL then start contributing to MySQL and get 5.0 to release ASAP.