Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Project Will Release OpenCVS

Posted by timothy on from the they're-big-on-that-open-thing dept.

thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.

5 of 287 comments (clear)

  1. Re:It's time for the Daily Puzzler by Nimrangul · · Score: 0, Offtopic
    I would like to just submit that I find your post to be highly distasteful. I cannot find there anything funny about the brutal murder of those woman by their husbands.

    Your implied corilation of death is not only of poor taste but suprisingly cold-hearted.

    --
    I'm sick of following my dreams - I'm just going to ask them where they're going and hook up with them later.
  2. Re:Were we not... by Nimrangul · · Score: 0, Offtopic
    No loss involved, I just cannot wrap my head around this system that was constructed for moderation. Leaving it in the hands of random joes has made it less than steller.

    Then again, I also believe in a more structured system in society where only the educated can vote after passing a test to show they know what all the candidates are and what they stand for.

    --
    I'm sick of following my dreams - I'm just going to ask them where they're going and hook up with them later.
  3. Re:I'll have to "Check It Out" by gaj · · Score: 0, Offtopic
    I kill me.
    Hmmm ...

    Apparantly it's not just humor you suck at, then.

  4. Off topic: PF better than IPFILTER how? by Xenophon+Fenderson, · · Score: 0, Offtopic

    The two work about the same, except PF doesn't support an in-kernel FTP proxy (had to hack up my firewall rules big time to make FTP work, and I still have to open up a bazillion ports for the dynamic connections). It has lots of other stuff I will never use, e.g. scrub and modulate state. I only use PF because fwbuilder's rule compiler for PF outputs correct code, as compared to its compiler for IPFILTER which outputs buggy NAT rules, and I really don't feel like wasting my time writing firewall rules manually.

    --
    I'm proud of my Northern Tibetian Heritage
  5. Re:OpenNTP problems by shub · · Score: 1, Offtopic
    Whereas I post with my own slashdot account, and don't try to hide behind an AC.

    I have said that I would remove all comments in my blog which are posted with bogus e-mail addresses, and I have done that. What you haven't seen is the comments in my blog which were favourable to my view, but which were also posted with bogus e-mail addresses, and which were also deleted. I will continue my policy regarding the deletion of comments posted to my blog which have bogus e-mail addresses, and if someone wants to post a rebuttal comment with a valid e-mail address, then I will leave it.

    I have no problem with the creation of a "lightweight" time server, but the problem is that the NTPv3 and NTPv4 protocols are, by their very nature, quite heavy -- you simply cannot escape that fact. If you want something "lightweight", then you have to give up NTPv3 and/or NTPv4, and instead go with SNTP.

    Please note that there is a "lightweight" SNTP server included in the "Reference Implementation" tarball, known as "msntp". This is the same SNTP server as used on m0n0wall. If you want a lightweight SNTP server implementation, you should check it out.


    The real problem is that the PR/marketing campaign by Theo and Henning has been that OpenNTPd is a complete fully functional replacement for the Reference Implementation, which even casual inspection shows to be patently false. Now, if they wanted to change the name of the project to OpenSNTPd and change the PR/marketing to match, I wouldn't have a leg to stand on. I challenge Theo or Henning to do this. At least, they'd be able to make me shut up.

    With regards to my blog on OpenNTPd, I contacted Henning, and had several conversations with him regarding the project and where he saw things going. I tried very, very hard to give them every possible benefit of the doubt. When it became clear that he and Theo considered the project to be essentially finished (at what I would consider the 0.0.1 stage), and they were already looking for other things to work on, that's when I took the material I had been working on for a long time, and did a final "publication" of it.

    I tried very, very hard to be as objective as possible, and to do everything I could to avoid flame wars, while still keeping what I considered to be constructive criticism. Needless to say, I've been underwhelmed by some of the responses, especially from some of the slashdot crowd.


    Meanwhile, if people want to check out "slander" or "libel", try asking yourself why something qualifies under these terms when I say it, but qualifies as "fact" when Dan says the exact same thing. There's someone using a double-standard here, but it's not me.

    --
    Brad Knowles
    http://daily.daemonnews.org/ -- if you're not