OpenBSD Project Will Release OpenCVS
thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.
Let me see if I understand this... there were some security problems with CVS as-is, so the OpenBSD folks did the right thing and reviewed the code, discovered any remaining problems and submitted... no, no it seems they instead wrote their own CVS.
Doh.
For those not familiar with the state of the world, this is going to mean a slower/longer transition to subversion (the logical successor to CVS), less interoperability between operating systems for developers and yet another tool that the OpenBSD people (who clearly did not have enough work to do already), to support. It will also mean that while they were clearly an interested party who was deriving benefits from a project and had expertise to contribute, they instead opted out and left the tool that had done so much for them to fend for itself.
What happened to OpenBSD? Wasn't it an actual member of the open source community at one point?
Oh well, as long as no one tries to make me use their mutant CVS, I'll be happy.
This is silly. Subversion already exists.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
More seriously, CVS sucks. Efforts spent reimplementing it are better spent replacing it (Subversion, Arch, Darcs, whatever).
Now there's finally a basis for development of proprietary closed-source derivatives of CVS. GPL'd software sucks, because there's no way for Microsoft to lock consumers into proprietary derivatives.