Slashdot Mirror
New BSD licensed CVS replacement for OpenBSD
Jeferey Bakins writes "In an effort, by Jean-Francois Brousseau (jfb@openbsd.org), to rid the OpenBSD CVS tree of GPL'ed licensed code, OpenCVS is now officially part of the OpenBSD project.
For more details, see the OpenCVS homepage;
http://www.openbsd.org/opencvs/"
While I can understand their desire for a BDS license version of CVS.
why the heck did they not rather write a CVS replacement/improved
the CVS braindamage while they were at it ?
I'm all for developers choosing their own license, and I'll for making sure that license incompatibilities don't cause problems for software developers.
However, we're talking about a tool you use for development, not something that is traditionally integrated into an application. CVS is a solid piece of software, and Subversion fixes many of the minor issues with CVS, and if those aren't your cup of tea, there are a number of other interesting version management tools (darcs, arch, bitkeeper, etc).
Considering all of that, do we really need a CVS clone, where the only difference is the license?
Especially when development of CVS has essentially ceased, other than bug/security fixes, and there are superior alternatives being developed (even the CVS developers will readily admit that CVS has architectural deficiencies that can really only be solved by a design, which is why most of them have moved on to other versioning tools).
So, I'm left wondering. . . why? Why bother doing this? What exactly does this achieve? I mean, if the guy writing this gets his rocks off on reimplementing somewhat obsolete applications, then more power to him, but I can't help but think that he could find something more rewarding than this.
Topher
Continuing to fuel the fanatical debate that "my software is more free than yours."
I guess whatever infection the GPL spread onto Linux users to turn them into GPL-evangelists has mutated, and is now infecting other licences.
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be the Amazing Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.
FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dying
What a spectaular waste of time. Oh well, I guess you could say the same thing about most of the stuff I do, so what ever floats their boat, I guess. Hopefully, there is at least some entertainment value to the ensuing flame fest.
I'm proud of my Northern Tibetian Heritage
I was about to ask why they did not use Subversion, but I searched Google and found it uses software licensed under at least the LGPL (neon). Of course, they could have just edited Subversion to use another HTTP library like Curl or fetch (at least on FreeBSD). Maybe this has been in the planning stages for awhile.
This crutch and vacant stool have become orphans, not unlike the now dead *BSD. No longer will *BSD hobble about on its cripple's crutch. Like the empty hearth, and the vacant stool, *BSD lies cold and still. *BSD's corpse, lifeless beneath frozen earth and December snows, will see no more Christmas cheer. No, there will be no Christmas ever again for *BSD, for *BSD is dead.
Goodbye, *BSD. The pain of life forever stilled, sleep for all eternity in that long winter's nap. Fade gently into Earth's frozen bosom where in dreams even cripples walk and blind men see, there among the ghosts of Christmas past.
There is a lot more to this than the license, though the license alone would be more than sufficient to justify doing it. While true, CVS is typically a development tool, that is HARDLY the limit of its abilities. What if you want to use a modified CVS to track configuration changes in a non-open source application? Oops! Can't do that with GPL'd CVS.
:). Then there is just plain simple security: nothing stops any person who has CVS access from being able to go in and directly edit the CVS repository files files OUTSIDE the CVS system, leading to untracked changes in the tree.
:-)
CVS development has basicly stalled for quite some time. It has reached "good enough" state -- obviously, considering the number of projects that live off of it -- but there are still issues. Check the OpenBSD CVS Commit logs, search for "cvs sucks" and other such non-positive reviews of CVS's operation.
There are also the relative primativeness of some aspects of CVS and its access rights. If you have access to the CVS repository, you can do anything with it... What if I'm not qualified to work in certain trees? What if I fat-finger an scp operation and upload a huge set of files into the CVS directory (no, I *don't* want to talk about it, but it's not a hypothetical concern!
And that's hardly all the complaints... If you think "license" is the only difference, you obviously didn't read the goals page very carefully (or believed the one line summary
I think the article summary is somewhat misleading, the front page of the project claims that OpenCVS is a result of the ongoing security vulnerabilities in the existing CVS project, which has grown stagnant:
The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.
Of course, I'm not going to be stupid enough to deny that there is a great probablity that another unwritten motivating factor was to use a non-GPL licensed piece of software. But, I think time has proven that while OpenBSD may not be a very useable distribution from a common desktop end-user standpoint, a lot of very good portable, secure code has come out of the project. Since I have to continue to run CVS servers for some of the projects I host I look forward to a secure portable CVS server that I can be more confident in.
the point of opencvs isn't to randomly replace GPL'd code, but to provide a different implementation, that is free of bugs and security issues. he's also working on other features to make cvs server better, and more secure.
Umm. No. That's not what it's about at all. Lets correct the mistakes now, shall we?
1) There was no OpenCVS until the OpenBSD project noticed some major security vulnerabilities posted to bugtraq in GNU CVS.
2) The reason why OpenCVS was written was to provide a more secure client/server package than what the [now stagnant] GNU CVS project is currently providing. It has nothing to do with GPL vs BSD, infact the OpenBSD project is all about what RMS calls "free software".
So basically the Slashdot editors posted a troll to the front page. Beautiful.
as much as I use Subversion and other modern alternatives CVS is not dead.
just take a look at what the previously win32-only CVSNT client/server package can do for you.
it runs perfectly fine on GNU/Linux and also has commercial support if needed.
I don't see the point.
CVS was nice. But it has some very lousy limitations. Working with branches is a pain, and global revision numbers are really better than per-file revision numbers.
Software like Arch or Subversion are not just "alternative". They really solve issues that CVS had and will always have because of its design.
It doesn't mean that CVS doesn't work. It works. Even very well and even for very large projects.
But people who tried alternatives usually never switched back to CVS.
{{.sig}}
What you just said is "CVS is dead. Project forks like CVSNT and OpenCVS are alive and healthy". And more important: solving very, very, very old problems. Oooops. I mean, changing very, very, very old "features".
Hopefully they also create a cvsup utility too. I hate the fact the it only runs on x86.
I see the following on their project goals page:
"Provide a much better access control on repository files."
This would be a very welcome addition for myself, and I'm sure for many others. Coupled with security being a higher priority, I'd be more comfortable running a publicly accessible CVS server which hosted both Open Source and commercial projects.
As it currently stands, I stopped offering any more than a duplicate of our tagged releases onto SourceForge since a few CVS security issues ago when not only was a major hack out in the wild, but the CVS web site was down for several days at the same time, leaving me unable to patch my installation. Not good.
putfwd.com - 1GB Free file storage with a twist
http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290
http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290
http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290
IMHO there's a flaw, because the BSD code remains perpetually free. Only the enhancements can be closed.
[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]
When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.
Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.
FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.
It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.
So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.
Discussion
I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.
From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.
There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.
Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.
Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?
Shouts
To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.
To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It's when
http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290
If the same class of people are doing opencvs then should we assume that the only safe environment to run opencvs will be OpenBSD, until otherwise proven?
The "class of people" responsible for the bug in portable OpenSSH was me and nobody else - so please don't impugne the other OpenBSD developers.
The fact that the 3.7.1 hole was not exploitable on OpenBSD was due to the fact that the bug related to PAM authentication, which OpenBSD doesn't use (for good reason).
BTW, the bug was a logic error that could have been made in any language, so the standard Slashdolt cry of "C is insecure, use XXX" wouldn't have saved you.
1) Poorly-specified - there are several ambuiguities in the spec, some with security implications if you get it wrong.
2) Implementation differences between Linux-PAM, Sun PAM and OpenPAM - as a direct result of (1) above.
3) Useless broken API which is completely blocking (i.e it prompts for an expects to receive the password/response in a single function call) - making is near-useless for a network application without major trickery
4) Broken design that requires loadable modules which are encouraged by the API to pass opaque data behind the back of the calling application
5) Total lack of separation between policy and mechanism - users are expected to configure policy by specifying which loadable modues are loaded using a silly and restrictive grammar.
6) Zero standardisation for modules or their arguments. As a result, everyone implements things a little bit differently.
Those are just the ones off the top of my head.
CVS istelf is also still alife but not feature-enhanced anymore, just critical fixes by Brian Berliner & Co. Think of it like GNU Make maintenance, there won't change much in gmake's features, too.
Whatever else you might think of the merits of this project, ya gotta admit that it has an amusing logo.
If you don't get the joke, try this.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
2nd: Does OpenBSD have too much human resources, so that they start such projects? I see that FreeBSD and NetBSD struggle hard with manpower and cannot imagine that OpenBSD has so much more in this respect. I can only assume that OpenBSD developers are far more motivated.
--
Roman
Visualize and organize information easily
Roman Kennke
"Spirit," said Scrooge, with an interest he had never felt before, "tell me if *BSD will live."
"I see a vacant seat," replied the Ghost, "in the poor chimney-corner, and a crutch without an owner, carefully preserved. If these shadows remain unaltered by the Future, *BSD will die."
"No, no," said Scrooge. "Oh, no, kind Spirit! say it will be spared."
"If these shadows remain unaltered by the Future, none other of my race," returned the Ghost,
"will find him here. What then? If it be like to die, it had better do it, and decrease the surplus operating system population."
Scrooge hung his head to hear his own words quoted by the Spirit, and was overcome with penitence and grief. It was sad to see any operating system die, even one so obviously flawed and useless as *BSD.
God bless us, every one.
http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290
both Smith and Hubbard consistently advocated odd, peripheral priorities for MacOS, such as adding a usermode similar to the one Linux has. No one is sure how the average MacOS user would make use of such a feature.
both developers, Hubbard in particular, were said to behave like serious primadonnas, bothering Steve Jobs with inane technical details and arguing for needless "improvements" while ignoring the projects they were supposed to be working on.
most recently, the two are said to have started an argument in an Apple hallway that degenerated into an out-and-out fistfight, eventually broken up by company security staff. The fight was apparently over differing approaches to SMP support.
There's no word on Smith's whereabouts, but Hubbard is said to have taken a contract job as a Python programmer for a Salinas, CA waste management company.
http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290
http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290
Hey, Dipshits.
Do you actually read the links you post to, or do you just do it to make you look like your informed and know what the hell your talking about?
Personally I don't give a shit which GCC version you use. Couldn't care less, but when you take a qoute out of context and try to twist it so that it makes a person look like they are saying isn't what they are saying.
Linus mearly states that EARLY 3.x series were ass. And they were, but who gives a shit? Kernel version 2.6.0 and 2.6.1 is @ss compared to the stability of 2.4.27, but noboby goes around talking shit about how bloated and slow 2.6.10 is!!
from Linus:
The gcc-3.x series was basically not worth it for plain C until 3.3 or so
So until 3.3 he wouldn't use it. Now he does.
You bunch of fucking trolling morons. Get with the program and stop thinking that your all of a sudden so fucking superior to people who actually produce usefull programs because you can point at qoutes out of context to prove your point and support your who-the-fuck-knows-what personal agenda.
Why did they rewrite cvs code to have it bsd compliant, they could already have used svn, which has been under a bsd license since day 0 of its existence. CVS was nice, but its drawbacks are obvious, it is time to move on.
Tendra is noticably faster than gcc2, nevermind gcc3, at least on all the code I've written.
...that I've read in weeks. Sadly, I used my moderator points somewhere else before I got to this. Hopefully someone else will do the obvious and mod it up.
This is my sig.