Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Project Will Release OpenCVS

Posted by timothy on from the they're-big-on-that-open-thing dept.

thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.

196 of 287 comments (clear)

  1. Ummm.. I had to read that a few times.... by GameGod0 · · Score: 5, Funny

    The OpenCVS CVS repository?

    lol

    1. Re:Ummm.. I had to read that a few times.... by Aneurysm9 · · Score: 1

      Bah! No more confusing than using GCC to compile GCC.

      --
      There was Cowboy Neal at the wheel of a bus to never-ever land.
  2. I'll have to "Check It Out" by lottameez · · Score: 5, Funny

    hahahahahahaha. I kill me.

    --
    Yeah? Well I think you're overrated too.
    1. Re:I'll have to "Check It Out" by DasAlbatross · · Score: 1

      You really need to update your repretoire!

    2. Re:I'll have to "Check It Out" by wowbagger · · Score: 4, Funny

      I think you need to be committed.

      --
      www.eFax.com are spammers
    3. Re:I'll have to "Check It Out" by stratjakt · · Score: 1

      I checked it out but I couldnt commit to it.

      HAHA get it, theres a client but no server.. hee hee..

      --
      I don't need no instructions to know how to rock!!!!
    4. Re:I'll have to "Check It Out" by Jeff+DeMaagd · · Score: 1

      I kill me.

      My guess is that if you don't finish the job, some other slashdotter will.

    5. Re:I'll have to "Check It Out" by aled · · Score: 1

      You update from the repository.

      --

      "I think this line is mostly filler"
  3. This Article is Redundant by Nimrangul · · Score: 2, Insightful
    There was already an article regarding OpenCVS, and it is fairly obvious that it will be getting released, or it would not be given a Open* title and it's own site.

    Not that I mind mind you, I just didn't see why there have been to articles on OpenCVS starting up. At least this one isn't saying it was because OpenBSD hates the GPL and are trying to replace a GPL CVS system.

    --
    I'm sick of following my dreams - I'm just going to ask them where they're going and hook up with them later.
  4. Were we not... by jwthompson2 · · Score: 4, Informative

    already aware of this?

    http://bsd.slashdot.org/article.pl?sid=04/12/06/ 11 54242&tid=8&tid=7

    That was back on December 6th!

    --
    Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
    1. Re:Were we not... by freshman_a · · Score: 1

      The only people aware of this were the people at The Department of Redundancy Department who were the only people already aware of this.

      --
      Slackware
    2. Re:Were we not... by KillerDeathRobot · · Score: 1

      Perhaps /. editors need to set up a CVS repository of articles so they can better coordinate posts?

      --
      Thinkin' Lincoln - a web comic of presidential proportions
    3. Re:Were we not... by ajs · · Score: 1

      Why is there not a moderation option, -1, Use the Freaking URL tag?! Slashdot may still add in its annoying space, but at least the href works.

      For those who still want that link in a usable form, it's http://bsd.slashdot.org/article.pl?sid=04/12/06/11 54242&tid=8&tid=7

    4. Re:Were we not... by jwthompson2 · · Score: 1

      Sorry for your loss, I've never understood the moderators system, too variant and standardless....

      --
      Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
  5. Dupe by jwbrown77 · · Score: 1, Redundant

    Link

    --

    -----
    How can you have any pudding if you don't eat your meat?
    1. Re:Dupe by 3terrabyte · · Score: 1

      Heheh. Shouldn't the actualy story get a -1 Redundant? Not the poster!

      --

      Why are there only 19 people folding@home for slashdot?

  6. A great idea... by holzp · · Score: 2, Funny

    Merge the userfriendlyness of OpenBSD with the userfriendlyness of CVS!

  7. What is wrong with subversion? by Yaa+101 · · Score: 4, Insightful

    What is wrong with subversion?

    1. Re:What is wrong with subversion? by salimma · · Score: 1

      I was about to ask the same question; the Subversion license seems to be BSD-like enough, and Subversion is a joy to use..

      --
      Michel
      Fedora Project Contribut
    2. Re:What is wrong with subversion? by Frymaster · · Score: 1
      What is wrong with subversion?

      nothing. unless, of course, you already have a major project that's been using cvs. then, if you want to switch to subversion you have to retrain your development team and switch over your repository with the cvs2svn.py tool which, according to the subversion site "is still under development... only use it on a copy of your CVS repository and double check your results"

      if you're in a major production environment, that's a no go.

      --

      2 1337 4 u!

    3. Re:What is wrong with subversion? by chroot_james · · Score: 3, Insightful

      This is the OpenBSD team. Not a bunch of louts. They could learn SVN overnight and write an open replacement for it in a week. Remember when they decided they didn't like ipf? They designed and implemented a new packet filter that was _better_ in barely any time at all.

      With their vigilance, they'd clearly go with which ever they thought was better.

      --
      Reality is nothing but a collective hunch.
    4. Re:What is wrong with subversion? by oliverthered · · Score: 1

      What, so when you roll out you don't.
      a: test using a copy.
      b: veryify that everythings gone ok and then....
      switch or roll back.

      Or are you sying that your major project isn't 'still under development...'
      Sounds like good practice to me.

      --
      thank God the internet isn't a human right.
    5. Re:What is wrong with subversion? by Phred+T.+Magnificent · · Score: 3, Interesting

      Damn, where to start? In no particular order:

      • Subversion uses too damn much disk space, particularly on the client (not that it's good on the server, either, but when the client is an older laptop with a 9 GB hard drive, you really notice the problem)
      • Subversion is slow
      • The server-side database is too easily and far too frequently corrupted or left locked by an aborted client request, resulting in ridiculous slowdown on the client side and increased administrative overhead on the server side
      • Most Subversion installations are configured to work over HTTP (only). This provides all kinds of nice anti-benefits, like:
        • Eliminating key-based SSH authentication and replacing it with weak password-based HTTP "basic" authentication
        • Replacing a nice, encrypted SSH transport with plain-text HTTP
        • Making it so that in order to use Subversion over an SSH tunnel, you first have to shut down your local Apache server, modify /etc/hosts and set up the tunnel as root, because, of course, a non-root user can't tunnel port 80

      The list goes on and on and on, but I'm not interested in continuing it just now. Subversion hasn't managed yet to be the worst version control system I've ever seen: that title is still held by PVCS on Windows 3.1, circa 1995. It's getting to be a close race, though.

      --
      Where is the wisdom we have lost in knowledge?
      Where is the knowledge we have lost in information?
    6. Re:What is wrong with subversion? by Jahf · · Score: 2, Insightful

      Not necessarily. Switching off of ipf doesn't affect -every- developer. In fact it likely affected only the developers that went off to work on a replacement.

      Assuming OpenBSD uses CVS today, then moving to a new toolset instead of mirroring the functionality of the existing tool affects -every- person who developes on OpenBSD.

      That is a far far far more acute impact. One that I know I wouldn't want to be in charge of handling. This is the kind of thing that gives IT folks nightmares ... and developers can be some of the most obstinate people to retrain (and I say that with all affection to my father and co-workers).

      Not to mention the hassle/risk of switching the systems over in the first place.

      --
      It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
    7. Re:What is wrong with subversion? by fitz · · Score: 5, Informative

      I've just corrected the project FAQ page to no longer reflect that cvs2svn is still under development. It's now stable, under maintenance and has been used to convert many many CVS projects, including Apache HTTP Server, Mono, and more.

    8. Re:What is wrong with subversion? by TTimo · · Score: 1

      Actually, as much as I love Subversion ( I'm not going back to CVS - open or not ), it hasn't proven much in terms of security. Apache 2 for http/https access is great for your end users, but at the same time, it hasn't been scrutinized a lot for security yet. I guess there's still Subversion over ssh if you want to strengthen things a bit.

    9. Re:What is wrong with subversion? by bill_kress · · Score: 1

      I remember that old PVCS POS. It was what we used on windows 3.0 in '91-2 if I remember correctly.

      But I was wondering if you had used MKS. Obviously there is no comparision to the old PVCS, but I think it is the worst VCS in common usage.

      If I ever want to go find an example of how to make a really bad UI, I can go to MKS.

    10. Re:What is wrong with subversion? by bhima · · Score: 1

      PVCS on Windows 3.1, circa 1995 Thanks, I had put that out of my mind

      --
      Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
    11. Re:What is wrong with subversion? by ftzdomino · · Score: 1

      It works just fine over HTTPS giving you a lot of extra security without a ridiculous ssh tunnel setup needed for any security in CVS.

    12. Re:What is wrong with subversion? by Doomdark · · Score: 1
      if you want to switch to subversion you have to retrain your development team and

      Yeah, that's SUCH a HUGE effort. Instead of 'cvs update', you need to use 'svn update', instead of 'cvs commit' you do 'svn commit'... you get the picture. Subversion was specifically designed to be pretty much just drop-in replacement of CVS; its design (even beyond CLI) is pretty similar to CVS (some consider such 'compatibility' to be a bad thing, as it prevents doing some more radical improvements).

      Really, from command-line perspective it's trivially easy change; the biggest caveat from 'end user' POV are probably IDEs and other more advanced integration points.

      From admin/scm viewpoint there may be more issues, but just using Subversion instead of CVS, that's a breeze.

      --
      I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
    13. Re:What is wrong with subversion? by slipsuss · · Score: 2, Informative

      I think your information is a bit old.

      Point for point:

      * Subversion deliberately uses a lot of working-copy disk space, because it's optimized for network use. (that is, it assumes that network is scarce, and disk is cheap.) It caches pristine copies of files so that lots of commands ("diff", "revert", "status") all work offline. It's a deliberate choice. Someday the developers hope to make this tradeoff configurable.

      * Subversion is slower than CVS, yes, but not unusably slow. And it's faster than CVS at some things, like branching and tagging. The speed tradeoffs are amortized over the overall lifecycle of using the software. For example: it takes longer to checkout a working copy (because more data is being created on disk), but then after that, some common commands are faster than CVS as a result.

      * Subversion has exposed BerkeleyDB's brittleness to end users, which is admittedly a mistake. But the Subversion team is now working closely with Sleepycat to fix these problems. And besides, there's now a whole non-database repository alternative that you can use. You can choose to avoid BDB altogether.

      * You seem to be unaware that Subversion is not only able to use http://, but https:// as well, complete with server and client certificate negotiation. You can also tunnel the custom server protocol over ssh, using svn+ssh:// urls; no apache required at all, if you'd just prefer to use existing ssh accounts.

      Hope this clarifies things.

    14. Re:What is wrong with subversion? by Doomdark · · Score: 2, Informative
      Subversion is slow

      Weird. My experience has been the exact opposite -- Subversion being significantly faster (but apparently partly due to increased disk usage, using local full copies; not requiring network access for doing status etc), and that with actual source code. And with binaries... well, CVS barely even works with binaries (plus big binaries can just bring down the CVS server -- needs at least twice the size of the binary on server side, contiguous memory); whereas Subversion has no trouble whatsoever.

      I can't comment on ssh part, as the repositories I use are (I guess) properly configured so I just use svn+ssh indicator and things work smooth. I'm not sure if it's reasonable to blame scm on people don't configure it properly, however.

      --
      I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
    15. Re:What is wrong with subversion? by Gerald · · Score: 1

      You can add Ethereal to the list. We switched over a few months ago using cvs2svn.

    16. Re:What is wrong with subversion? by Ragica · · Score: 3, Informative
      I'm by no means a subversion expert, or even a daily user (i have use CVS for my daily work; but i keep my personal projects that i rarely get a chance to play with in subversion), but even I can answer most of your points.
      • It isn't the most disk space efficient system; but as you point out, the laptop you are using is rather limited. For the vast majority of cases these days this is not an issue.
      • Slow compared to CVS? I find just the opposite. It's very much faster for most operations. Perhaps we are using it on different types of repositories.
      • The database corruption/locking is a point I will give you. In my fairly casual reading on the subject it seems even the Subversion developers will give you this point. The good news is that the underlying architecture should be portable to other storage types, and this is supposedly going to be coming eventually. On the other hand, while there have been some annoying storage issues with subversion, and I've had to fix and manually unlock the database a few times, i've never lost data.
      • The fact that most "installations" work over http only is not subversion's fault. It has many methods that can be used. Personally I like https via Apache webdav. It's much more flexible for my usage. But one can set things up to use ssh transport (and you don't have to do it via apache as you seem to be).
      I'm just amazed no one more knowledgeable than me has responded to these points yet. Perhaps the more hardcore users weary of answering these constant misconceptions...
    17. Re:What is wrong with subversion? by kirkjobsluder · · Score: 1

      Well, the big problem is that there are hundreds of legacy projects and update mechanisms that currently depend on cvs. (For example, FreeBSD's cvsup.) This means that there is still a need for a secure re-write of cvs.

    18. Re:What is wrong with subversion? by MemoryDragon · · Score: 1

      Which is pretty much the same as the BSD license...

    19. Re:What is wrong with subversion? by MemoryDragon · · Score: 1

      You dont even need apache for svn, you can run a standalone svn server as well, currently svn has three access methods, DAV with Apache, SVN for plain SVN TCPIP access and SVN+SSH for combined svn and ssh access.

    20. Re:What is wrong with subversion? by kjs3 · · Score: 1

      In other words, nothing. I'll have to check it out.

    21. Re:What is wrong with subversion? by kirkjobsluder · · Score: 1

      It's not just devolopers who who would be affected by the changes. Both OpenBSD and FreeBSD use cvsup to distribute updates to users.

    22. Re:What is wrong with subversion? by Mr.Ned · · Score: 1

      OpenCVS isn't trying to improve version control techniques, it's trying to provide an alternate implementation of CVS.

    23. Re:What is wrong with subversion? by dnf · · Score: 1
      Of course, CAN-2004-0179 (and CAN-2004-0398) are neon (webdav library) security flaws, which were both fixed in July 2004. ( http://www.webdav.org/neon/ ) And the fixed (0.24.7) version of neon was required by Subversion 1.0.6... also released last July. ( http://svn.collab.net/repos/svn/trunk/CHANGES )

      So, yes, if you are using a older version (less than 1.0.6), Subversion does have those particular security flaws. But the current version (1.1.1) certainly doesn't. And you should be keeping track of security fixes no matter what product you are using.

    24. Re:What is wrong with subversion? by Anonymous Coward · · Score: 1, Informative

      Or if you read it, you would realize it makes rediculous patent stipulations. A license is a grant of copyrights, apache is trying to make a contract, which is a very untested and likely to be non-binding legal grey area.

    25. Re:What is wrong with subversion? by Phred+T.+Magnificent · · Score: 1

      Yes, I have used MKS, from 1997-2000. I'll grant you the point about the UI. My main complaint with PVCS, though, was its boneheaded workaround for the 8.3 problem, which resulted (frequently, on my particular project) in it blithely overwriting a stored file with data from an entirely different file.

      --
      Where is the wisdom we have lost in knowledge?
      Where is the knowledge we have lost in information?
    26. Re:What is wrong with subversion? by Tenareth · · Score: 1

      And the new PVCS is better how? It's just as bloated, horrific and impossible to use in the latest versions as it was back then.

      --
      This sig is the express property of someone.
    27. Re:What is wrong with subversion? by Phred+T.+Magnificent · · Score: 1

      * Subversion deliberately uses a lot of working-copy disk space, because it's optimized for network use. (that is, it assumes that network is scarce, and disk is cheap.) It caches pristine copies of files so that lots of commands ("diff", "revert", "status") all work offline. It's a deliberate choice. Someday the developers hope to make this tradeoff configurable.

      I am aware that it's a deliberate decision, and I am aware of the reasoning behind it. For most projects I've dealt with recently, the opposite assumptions have been true, though: network is readily available, but disk is (often) scarce.

      * You seem to be unaware that Subversion is not only able to use http://, but https:// as well, complete with server and client certificate negotiation. You can also tunnel the custom server protocol over ssh, using svn+ssh:// urls; no apache required at all, if you'd just prefer to use existing ssh accounts.

      No, I'm not unaware that you can do that. The problem is that most of the Subversion installations I've seen -- including the one at work, unfortunately -- don't. Of course, the repository at work would require an SSH tunnel for access from outside the firewall in any case, since we'd never put it on a publicly visible server even with https, but having to run the tunnel on port 80 is a real pain.

      --
      Where is the wisdom we have lost in knowledge?
      Where is the knowledge we have lost in information?
    28. Re:What is wrong with subversion? by Phred+T.+Magnificent · · Score: 1

      I couldn't tell you; I haven't used it since back then. I certainly hope they've at least fixed the 8.3-related problems, though.

      --
      Where is the wisdom we have lost in knowledge?
      Where is the knowledge we have lost in information?
    29. Re:What is wrong with subversion? by JoeF · · Score: 1
      Huh? Get a clue.
      • You can use whatever authentication Apache uses, including MD5, LDAP, what-have-you.
      • You can use HTTPS. I do. Much easier to set up than CVS with a tunnel.
      I moved my CVS archives over to Subversion when svn hit 1.0 and I never looked back. svn is sooo much better.
    30. Re:What is wrong with subversion? by divec · · Score: 2, Informative
      Making it so that in order to use Subversion over an SSH tunnel, you first have to shut down your local apache server, modify /etc/hosts and set up the tunnel as root, because, of course, a non-root user can't tunnel port 80.

      Not sure if I've understood correctly, but tunnelling as follows works ok for me:
      $ ssh -N me@remotebox -L8080:svn-server:80 &
      $ svn co http://localhost:8080/my-project
      --

      perl -e 'fork||print for split//,"hahahaha"'

    31. Re:What is wrong with subversion? by rudedog · · Score: 3, Interesting

      Subversion uses too damn much disk space

      So what. Disk space is too cheap to develop to edge cases like your laptop.

      Subversion is slow

      Because it's doing a lot more things than CVS ever did. Those things are useful.

      The server-side database is too easily and far too frequently corrupted or left locked

      I rarely run into locked databases (on the scale of only 1 or 2 a year) and I have never seen database corruption.

      Most Subversion installations are configured to work over HTTP (only).

      And how is it Subversion's fault that admins don't set the installation up to use a more secure transport. We use subversion over https with a self-signed certificate. The weak point in that chain is not with subversion, it's with the local machine, and if the local machine is compromised, both subversion/https and cvs/ssh are both equally vulnerable.

      The list goes on and on and on, but I'm not interested in continuing it just now

      In other words, I can't think of anything other than "it won't fit on my 9GB disk", and "some people don't set it up securely".

      Lamer.

    32. Re:What is wrong with subversion? by MemoryDragon · · Score: 1

      Well it is so so regarding network stuff, checking in via subversion over a slow connection is a major pain, but then work is better than with CVS due to the decreased communication and data transfer, so I guess the tradeoff in the beginning pays off very swiftly later.

    33. Re:What is wrong with subversion? by Jason+Hood · · Score: 2, Informative

      You seem to still be complaining about configuration issues within subversion rather than subversion itself.

      I am not sure what environment you live in but in mine we only have 100Mbs and everyone has 120GB HDs. The server has 1TB of raid storage with 4 network adaptors each with its own svnserve bound to it. Our project has 55,000 source files with 120 active developers. No problems here. We moved off a proprietary system that cost 750k a year to this which costs 120k a year (one devs salary). Compared to our old system, this is fast as hell. A checkout of a 4000k module takes about a minute. We even run a change request management system on the same server...

      Webdav is and always will be slow, its just not an efficient protocol. You may have had problems with subversion but this sounds completely specific to the setup you work in. A properly implemented system should run very smooth. I am not jabbing, just showing subversion can be successful with the right setup.

      --
      Are you intolerant of intolerant people?
    34. Re:What is wrong with subversion? by Doktor+Memory · · Score: 1

      The problem is that most of the Subversion installations I've seen -- including the one at work, unfortunately -- don't. Of course, the repository at work would require an SSH tunnel for access from outside the firewall in any case, since we'd never put it on a publicly visible server even with https, but having to run the tunnel on port 80 is a real pain.

      So what you're saying is: Subversion provides a multitude of authentication options, and the fact that your local administrator picked one that you don't like is Subversion's fault.

      Uh HUH.

      --

      News for Nerds. Stuff that Matters? Like hell.

    35. Re:What is wrong with subversion? by Mr.Ned · · Score: 2, Informative

      As to taking up more space than CVS, well, yes it does, but that's because it stores more information that lets the user do basic operations like rename a file - operations that are not present in CVS and are hacked around.

      As to being slow compared to CVS, it is slower on some operations (such as the initial get) because it retrieves more information than the server, but consequently other operations are quicker because it already has the information.

      As to database corruption and an alternate backend, there's been an alternate backend for months now.

    36. Re:What is wrong with subversion? by compass46 · · Score: 1

      Simple, yet possibly one of the few comments that actually understands what OpenCVS is about. OpenBSD will be using CVS for some time, why not have an implamentation that they feel is more secure than the standard?

    37. Re:What is wrong with subversion? by Matt+Perry · · Score: 1
      Except that with HTTPS you have to dick around with creating a certificate, getting it signed, or self signing it, making sure that you don't have duplicate serial numbers (which some programs abort on), etc. Not to mention all the different formats for certificates. Dealing with those certificates is a huge pain in the ass.

      SSH is easy because it'll handle the negotiation of all of that automatically. It's also trivial to create a SSH key with or without a password and put that on the server you want to connect to.

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    38. Re:What is wrong with subversion? by aled · · Score: 1

      In this line of work there is always changes, new products replace old products, new unproven technologies. Otherwise we would not have innovation. That's why we have plans and QA.
      I really don't see the point of redoing CVS. It's time to grow. Better to start planning a migration to something better. CVS has way too many limitations. This isn't a tech problem but a people problem.

      --

      "I think this line is mostly filler"
    39. Re:What is wrong with subversion? by aled · · Score: 1

      I like Subversion but you are command line parameters is the least problem in this kind of migration. There are cultural problems and difference in the work model.
      Take a look at the Mono case study is really an eye opener.

      --

      "I think this line is mostly filler"
    40. Re:What is wrong with subversion? by JoeF · · Score: 1

      This borders at the ridiculous...
      So, all you have against svn is that you need to set up https??? Give me a break...
      This is probably the most stupid excuse I've ever heard.

    41. Re:What is wrong with subversion? by dietz · · Score: 1

      The good news is that the underlying architecture should be portable to other storage types, and this is supposedly going to be coming eventually.

      Actually there's already another storage type in 1.1.

    42. Re:What is wrong with subversion? by mirabilos · · Score: 1

      Try a

      $ du -sk /cvs

      I'm running an OpenBSD fork, and probably have
      less code in my CVS than them, but it's about
      1.55 GB for us right now.

      I don't trust a Berkeley DB this far, and the new
      filesystem backend of svn is... smelly.

      In addition to that, Benny tried to play with
      only the ports tree in a svn repo. Checking it
      out after the import, with no mods yet, required
      already 384 MiB RAM and swap. That's too much.

      Our main CVS server is a Soekris net4801.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    43. Re:What is wrong with subversion? by mirabilos · · Score: 1

      Neither are as large projects as an entire opera-
      ting system with far above 100'000 files in the
      CVS Repository.

      Also, cvsweb won't work (viewcvs would, but it
      uses Python, yuck, and is a worse nightmare to
      patch/maintain), rsync on berkeley DBs is pretty
      much unsupported, the new file storage is untested
      and who-knows-what implications there are on lok-
      king, and the biggest problem is anonCVS which
      would not work any more. And nobody sane would
      trust svn as a network server, or - worse - as
      an Apache(tm) 2 module (henning@openbsd also
      says Apache(tm) 2 is not broken code, but even
      broken design, and that it will never ever run
      on OpenBSD).

      Also, RCS files are well-hung and (in the mean-
      while) pretty documented files. Says someone
      who's hung in there with rcs(1) commands as well
      as $EDITOR countless times in the last 3 years.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    44. Re:What is wrong with subversion? by mirabilos · · Score: 1

      Laptops have usually 10-30 GB disc space and
      128-256 MiB RAM. And WLAN, or worse: ADSL
      access to the repo via Internet (can you say
      768 kbps downstream, 128 kbps up?).

      Open Source projects often have Pentium-class
      systems as servers. Alpha. Vax. SPARCstation.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    45. Re:What is wrong with subversion? by mirabilos · · Score: 2, Interesting

      Try SSH connection multiplexing with CVS, and
      the slowest part - the authentication phase -
      is not repeated. Works really really good.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    46. Re:What is wrong with subversion? by Anonymous Coward · · Score: 1, Informative

      No, he means using CVS with the :ext: protocol which uses ssh to run a CVS process on the server and pipe data between the two.

      This is similar/equivalent to using the svn+ssh:// protocol.

    47. Re:What is wrong with subversion? by Jason+Hood · · Score: 1

      So now you are saying that subversion doesnt work with open source projects but does for closed source? I am getting really confused...

      --
      Are you intolerant of intolerant people?
    48. Re:What is wrong with subversion? by Doomdark · · Score: 1

      Ok thanks. That looks like an interesting article/post, on problems certain kinds of projects can (and probably will) have; bigger ones that make heavy use of more advanced CVS features (and rely heavily on such less-frequently-used-in-general features).

      --
      I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
    49. Re:What is wrong with subversion? by Phred+T.+Magnificent · · Score: 1

      Yes, that does work, most of the time. There are at least two cases where it won't, though:

      1 - You need your checked out copy to work the same whether you're inside the firewall (connecting directly to the subversion server without the SSH tunnel) or outside the firewall (using SSH)
      2 - Whoever set up your repository did something with svn propset svn:externals

      I know, I know, you can easily work around #1 by always using the SSH tunnel whether your're inside or outside the firewall (in fact, that's what you'd have to do with CVS, too, if you were using pserver and tunnelling 2401, unless you wanted to add an entry to /etc/hosts pointing your your.cvs.server to 127.0.0.1 whenever you were outside).

      #2 is probably an unusual case -- at least, I hope so -- but it's a case that I'm stuck having to deal with, and it ends up meaning that I have to use ssh -L 80:svnserver:80 and a hosts file entry, rather than ssh -L 8080:svnserver:80 and localhost.

      --
      Where is the wisdom we have lost in knowledge?
      Where is the knowledge we have lost in information?
    50. Re:What is wrong with subversion? by Matt+Perry · · Score: 1

      I don't have anything against subversion and never said that I did. If you had actually read my comment you would have seen that I was saying that the complexity of managing the required cerificates for HTTPS is beyond that of dealing with SSH and SSH keys.

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    51. Re:What is wrong with subversion? by chaos_echo · · Score: 1

      So now you are saying that subversion doesnt work with open source projects but does for closed source? I am getting really confused...

      I think he's saying that many organizations don't have the resources to make a tool like subversion worthwhile. You may have an environment where memory and disk are plentiful, but some of us don't. It was pointed out that many open source projects fit into the latter category.

      I own 4 workstations and the sum of the parts of all 4 don't match the specs of the machines you work with. Given the similar feature sets of subversion and CVS there is no way that you'll convince me that the cost of the resources necessary to use a subversion repository is justifiable, the ROI just isn't there when I can run a CVS repository easily on an old or low power machine.

      This isn't even considering the benfits of familiarity with CVS and RCS. Subversion is a useful tool, I'm sure it will steadily improve as time goes on, but it's not perfect and certainly doesn't fit every situation.

    52. Re:What is wrong with subversion? by mirabilos · · Score: 1

      (Hi Stephen.)

      In addition, I read many of the svn-related
      links in this article's posts today and found
      the evaluation of GNU Mono's move to svn.

      The svn developers clearly state that their
      tool is not suited for projects as large as
      ours (with way above 130'000 files), and even
      Mono (with IIRC about 50'000 files) has got
      difficulties because the management it totally
      different for large projects.

      So it looks that, how nice svn might be, we're
      not even in the target market. And I didn't check
      how many files or Gibibytes the OpenBSD /cvs is
      right now, but I strongly believe they have at
      least 60-70% more than we.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    53. Re:What is wrong with subversion? by setantae · · Score: 1

      CVSup doesn't really have any ties to CVS - it will distribute any tree you care to give it quite happily.

    54. Re:What is wrong with subversion? by Brandybuck · · Score: 1

      What is wrong with subversion?

      Slashdot posts story about Konqueror and some troll asks "What is wrong with Firefox?"

      Slashdot posts story about Vim and some troll asks "What is wrong with Emacs?"

      Slashdot posts story about SuSE and some troll asks "What is wrong with Fedora?"

      The answer to all of the above is the same: "Nothing. But that isn't the project under discussion. Next time read the story blurb so you know what the topic is."

      --
      Don't blame me, I didn't vote for either of them!
    55. Re:What is wrong with subversion? by 1110110001 · · Score: 1

      ...rsync on berkeley DBs is pretty
      much unsupported, ...

      BDB is just the backend Subversion uses. If you want to transmit your repository or do a backup or whatever it would be much better to use a dumpfile. 'svnadmin dump' creates dumpfiles and 'svnadmin load' imports dumpfiles.

      b4n

    56. Re:What is wrong with subversion? by tepples · · Score: 1

      Disk space is too cheap to develop to edge cases like your laptop [with only 9 GB of hard disk space].

      My laptop has even less, you insensitive clod! How would one find 30 spare hours to flip burgers to earn 100 USD after taxes for a new laptop hard drive? And pardon my ignorance of the proper Google keywords, but are hard drives fully compatible among laptop models, or does one tend to run into BIOS limitations? Or is my world view completely screwed up?

      We use subversion over https with a self-signed certificate.

      Pardon my ignorance, but what's the smoothest way to deploy a self-signed certificate to all users?

  8. humm by whyne · · Score: 1

    http://bsd.slashdot.org/article.pl?sid=04/12/06/11 54242&tid=8&tid=7

  9. Mainstream by Manan+Shah · · Score: 2, Insightful

    What will really put this into a mainstream enviornment is if there are some good GUI clients available for it. If an easy to use, and perhaps more importantly, cross platform GUI client is released, you can bet that the popularity will go up. Visual Source Safe (Microsoft) isn't all that great, but people still use it because CVS doesn't have a robust windows GUI client. Or at least it didn't early on and so the first impressions were not very friendly from companies looking at products where they wouldn't have to train their employees as much. If they can come up with a great GUI right off the bat, Microsoft will really sweat.

    1. Re:Mainstream by stratjakt · · Score: 1

      Microsoft wont sweat, SourceSafe doesn't really compete with anything. It's just part of the Visual Studio package, which will sell for their IDEs and other features (.NET). I guess you can buy it seperately, I don't know who would though. It has nothing to do with Microsoft.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Mainstream by tricops · · Score: 1

      It's not directly tied to the main CVS project, but what about TortoiseCVS? Of course, there's a subversion client of the same as well, TortoiseSVN.

      Of course, even with the clients in a GUI form, it would still be nice to have a GUI tool for setting up and maintaining repositories as well.

      --
      (\(\
      (^v^)
      (")")
      This is the cute vorpal bunny virus, copy to your sig or runaway, runaway in fear!
    3. Re:Mainstream by TheRaven64 · · Score: 1

      The nicest version control GUI I have ever used is SCPlugin, which is a plugin for the OS X finder. It overlays a small icon in the corner of the icon of every file under version control indicating its status, and provides a context menu for performing SCM operations. There are still a few rough edges, but the integration with the finder really makes it a joy to use - SCM operations and standard file operations can be done in exactly the same way.

      --
      I am TheRaven on Soylent News
    4. Re:Mainstream by Xentax · · Score: 1

      MS isn't going to sell only VSS forever, you know...check this out: Visual Studio Team System

      Xentax

      --
      You shouldn't verb words.
    5. Re:Mainstream by samjam · · Score: 1

      With tortoise CVS I have found, the only additional training needed to get fair CVS use from team members is that merging clashes takes time and careful thought and can't be done automatically.

      I highly recommend tortoise cvs - hey I use tortoise cvs under windows on a samba share from my colinux box (one day there will be linux CVS shell integration); and I use eclipse to edit the files.

      Sam

      --
      blog.sam.liddicott.com
    6. Re:Mainstream by Triumph+The+Insult+C · · Score: 1

      tcvs (and i imagine tsvn) does exactly that. i've used tcvs for about 18 months now and it works great

      --
      vodka, straight up, thank you!
    7. Re:Mainstream by Tenareth · · Score: 1

      CVS ties into pretty much any programmers IDE/Editor out there, usually as part of the stock config.

      Oh, you mean it should integrate with Microsoft's tools? Yeah, that'll happen...

      --
      This sig is the express property of someone.
  10. Development has stagnated? by tcopeland · · Score: 4, Informative

    Hm. Well, maybe. There have been a couple releases this year, and the mailing list remains active.

    I kind of feel that the torch is being passed on to Subversion, with no hard feelings between anyone. Lots of folks are converting over and most folks seem pretty happy with it. But CVS is still widely used and there are a bunch of of gurus who hang out on the list and answer questions.

    Oh, and here's a mirror of various CVS releases if anyone needs them.

    --
    The Army reading list
    1. Re:Development has stagnated? by ajs · · Score: 1

      "Stagnant" development is probably as much of a red-herring as "security" in this context. Either problem is addressed with far less work by contributing updates to CVS. No, I suspect that CVS was replaced because of the fact that it is distributed under the GPL, and BSD people find that somehow distasteful.

      Whatever. I'm past license wars, and the OpenBSD people can do whatever they like. Meanwhite, I'm off to learn subversion.

    2. Re:Development has stagnated? by Saeger · · Score: 3, Interesting
      Funny coincidence, but today I recieved a message from the Mambo CMS devs asking for community input on switching from CVS to Subversion:
      Greetings,

      We don't do this often, but it is time for a major decision to be made; and we need your input.

      With the migration of MamboForge to the new server, we have the opportunity to change the source code management back-end from cvs to subversion.

      Which one do you prefer? You can place your vote on the forums at:

      http://forum.mamboserver.com/showthread.php ?t=24861

      Regards,

      The MamboForge Administration Team
      The current poll results favor switching to Subversion by a wide margin.
      --
      Power to the Peaceful
    3. Re:Development has stagnated? by Anonymous Coward · · Score: 2, Insightful

      Look, you posted the exact same shit the last time this was on /. and was told that it's not about licensing, it's about a critical tool (OpenBSD developers rely on CVS to get their job done) that's not secure enough. Do you understand that? If the replacement tool is being done by an OpenBSD developer, it's only natural that the chosen license is BSD.

    4. Re:Development has stagnated? by rwinston · · Score: 1

      I don't think that CVS development has stagnated - in fact, I think there seems to have been quite an amount of activity on CVS development recently. Still, Suvbersion is gaining fast, and looks like it will be the de facto replacement for CVS (Wasn't it developed by some of the original CVS developers?)

      --
      "If we cannot be free, then at least we can be cheap" -- Frank Zappa
    5. Re:Development has stagnated? by ajs · · Score: 1

      you posted the exact same shit the last time

      I did? Could you point to the previous post, please? I don't recall having posted to a previous Slashdot story about CVS.

  11. Two weeks ago by essdodson · · Score: 1

    Welcome to two weeks ago.

    --
    scott
  12. The best part by ZorbaTHut · · Score: 2, Informative

    isn't just the fact that it's a dupe.

    It's that the posted link, to the article that this is a dupe of, is a link into the admin interface. For the curious, right now it's https://slashdot.org/admin.pl?op=edit&sid=04/12/15 /1936218 - I imagine this will be changed once the admins notice . . . well, probably.

    --
    Breaking Into the Industry - A development log about starting a game studio.
  13. They'll get my patronage if... by Old+Wolf · · Score: 1

    ...they enable tag/update/diff/etc. by date on a branch, add a special tag like HEAD but for a given branch, and keep track of when branches have merged so that you can actually keep 2 slightly different versions in sync.

    1. Re:They'll get my patronage if... by jdh28 · · Score: 1
      ..they enable tag/update/diff/etc. by date on a branch, add a special tag like HEAD but for a given branch, and keep track of when branches have merged so that you can actually keep 2 slightly different versions in sync.

      CVSNT is an actively developed, native port of CVS to Windows, but which also runs on Linux, that implements at least the first and third points here. I'm not sure what you mean by the second.

      john

  14. subversion? by Roadmaster · · Score: 1

    I like subversion. why don't they? I found it easy to install the server, and the client is easier to use than cvs.

    1. Re:subversion? by TheRaven64 · · Score: 2, Interesting

      Because a lot of existing infrastructure still uses CVS? In the long term, transitioning this to SVN is a good idea, and I certainly wouldn't recommend that a new project use CVS. In the mean time, however, I think the OpenBSD people feel that it would be nice to have a CVS implementation that was secure and maintainable.

      --
      I am TheRaven on Soylent News
    2. Re:subversion? by upsidedown_duck · · Score: 1

      why don't they?

      I don't care for Subversion because it is immature. I also find their ideas about a whole slew of different database backends will be a source of endless problems (who'd ever thunk that XYZ had endianness issues or that QRS can't talk to ABC). Subversion is certainly very neat, but I'd still consider commercial VC software if my business depended on having really good VC in a project.

      --
      -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
    3. Re:subversion? by Doomdark · · Score: 1
      I don't care for Subversion because it is immature.

      Hmmh? Care to elaborate how is it immature? (it went to 1.0 a while ago; and I haven't seen too many problems being reported).

      a whole slew of different database backends will be a source of endless problems

      Well... designing modular systems make sense, and also allow for more optimal systems for specific needs. Sometimes it's useful to have simple file system based repository (easier to debug, do low-tech integration, etc), DB-based one may be more efficient, or allow more advanced integration etc. etc. And theoretically it could also allow for some level of distribution, at least on backend side, if storage space requirements are huge.

      And if modularity makes sense, it's reasonable to implement 2 different backends, to make sure the interface between components is general enough, to allow for more implementations... this all assuming there are real benefits, and that no single backend is best for most common situations.

      --
      I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
    4. Re:subversion? by dnf · · Score: 1
      CLA-2004:883 was fixed as of Subversion 1.0.8, released on 22-Sep-2004. http://svn.collab.net/repos/svn/trunk/CHANGES

      If you are using a version earlier than 1.0.8, you should certainly upgrade. You should be keeping track of securify fixes for any product you use on a regular basis, of course.

    5. Re:subversion? by upsidedown_duck · · Score: 1

      Care to elaborate how is it immature?

      Subversion is far enough along to be useful to some people, but I'm not sure if I would put a very large amount of money on the line with it. I've seen way to many new fashionable tools get adopted by overly-optimistic people only to have them come back and bite them hard. Additional layers of abstraction obscuring troubleshooting, new cure-all frameworks obscuring troubleshooting, ambitious roadmaps that will probably never be implemented, etc. are all the hallmarks of young tools that are barely out of puberty, yet. Subversion has some of these qualities.

      Also, such tools are a dime a dozen. How many free alternatives to CVS have come out in past few years? At least three. Most are merely academic exercises, some a little bit more than that, none have withstood the test of time, yet. If I set up a Subversion repository, now, will it still be useful in five years? Will there be clear migration paths during upgrades? Will one of the other upstarts eclipse Subversion in the fashion shows next year? Who knows? All Subversion is, right now, is a bandwagon to me.

      --
      -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
    6. Re:subversion? by Zaiff+Urgulbunger · · Score: 1

      You're right to be cautious, but Subversion has been officially stable for a number of years now. If the benefits don't justify making a change right now, then I wouldn't bother, but if you're starting a new project, its worth considering.

      Also, such tools are a dime a dozen. How many free alternatives to CVS have come out in past few years? At least three. Most are merely academic exercises, some a little bit more than that, none have withstood the test of time, yet. If I set up a Subversion repository, now, will it still be useful in five years? Will there be clear migration paths during upgrades? Will one of the other upstarts eclipse Subversion in the fashion shows next year? Who knows? All Subversion is, right now, is a bandwagon to me.

      Who knows. If we're really lucky then yes there will be something even better! But even if there were, you'd still be allowed to stick with your crusty old version of Subversion then, as much as you can stick with CVS (or whatever) now.

      I do take your point though, but there does appear to be a fair bit of genuine support for Subversion right now, as opposed to a lot of hype driven support. Its that constant hum of activity that made me feel comfortable enough to start using SVN -- without that, I'd have played safe and I'd be using CVS now.

    7. Re:subversion? by dnf · · Score: 1
      I agree.

      How do you know the neon library maintainers didn't do just what you suggest, but being human, still managed to make mistakes? Are you arguing against the use of libraries that you yourself don't write? You know OpenOffice uses neon, right? Are you saying that the OpenOffice developers are idiots because they also use neon?

      As long as people write software, no matter how good they are, no matter what OS they write for, there will always be security flaws. To assume otherwise is folly.

      But the original argument was: CLA-2004:883 is a reason not to use Subversion. I just pointed out that it is in fact a very good reason not to use an older version of Subversion... it's not a specific argument against Subversion itself.

      You statement, on the other hand, is a basic ad hominem fallacy ( http://www.datanation.com/fallacies/attack.htm ) , and doesn't really refute anything.

    8. Re:subversion? by aled · · Score: 1

      Subversion is modular, has 2 backend and many client protocols that are all used in different projects because there are needs to each one. With mainly good results, some with projects of many gigabytes. Pointers at http://subversion.tigris.org/propaganda.html.
      The n you prejudice without any concrete evidence, without other knowledge than that is "new" and is somehow obscure because of layers, abstractions and framworks. But again without any concrete evidence.
      If you think I'm wrong please give some real facts, for example: point to the framework that you think is over-abstract.

      --

      "I think this line is mostly filler"
    9. Re:subversion? by mirabilos · · Score: 1

      OpenBSD was going to transition to OpenCM long-term.
      The bad news is that it uses boehm-gc, requires
      6 to 8 GB of RAM and development stalled.

      So, I think, they'll stick to (Open)CVS for
      at least another 10 years. Might be a good thing.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    10. Re:subversion? by Doomdark · · Score: 1
      I agree it's good to be sceptical about new things, and I certainly could do my own ranting about excessive framework oriented mind sets (excessive abstraction is a sign of someone that just barely passed initial bump of learning, but not yet matured to true expert), but it seems to be you are basing your reservations on "this is how these things are in general" as opposed to following up on this specific tool's progress. And if so it's bit unfair to group it generically, without considering it on its OWN merits.

      In case of Subversion, I see it as a rather pragmatic project and tool (after all, it does NOT try to solve all problems for everyone, OR even try some complete different way to solve the basic SCM problems -- it's "only" improving on tried mechanisms). And although there are obviously ambitious goals, none of those are fundamental enough that missing the goal would jeopardize usability or future of the tool.

      For what it's worth, I have started 2 new projects with Subversion, and so far I'm happy with it (neither really business critical -- for those I'd get someone else to do it for me). But I'm not really an SCM power user, so it's just for basic versioning and concurrent development needs, not a culture of its own (like some projects apparently use such tools -- the Mono use case was frightening in this aspect).

      --
      I like paying taxes. With them I buy civilization -- Oliver Wendell Holmes
  15. People are still using CVS? by codepuke · · Score: 1
    Even Linus doesn't use it.

    IMHO there are much better alternatives out there. I use Subversion at home and Perforce (definitely worth the cost) at work and I'll never go back. Source control without atomic commits really isn't much control at all...

    1. Re:People are still using CVS? by LurkerXXX · · Score: 1
      http://www.internet-security.ca/internet-security- news-005/security-flaws-discovered-in-open-source- databases.html

      Subversion isn't a better alternative to OpenBSD folks. It's got security holes in it too.

    2. Re:People are still using CVS? by Zaiff+Urgulbunger · · Score: 1

      As has been mentioned previously, this bug has been fixed. So if you're running an out of date version, then yes it has security flaws. And if your running an up-to-date version, then... well, it certainly has one less security flaw and is to all intents and purposes, as secure as anything else!

    3. Re:People are still using CVS? by Anonymous Coward · · Score: 1, Informative

      "Even Linus doesn't use it?" He never used it.

      On the other hand, large projects such as GCC and all of the *BSDs do use it, have used it for quite a while and it works quite well for them.

  16. Standard Disclaimer by Ann+Elk · · Score: 2, Funny
    This project was mentioned briefly the other day, too.

    Maybe this disclaimer should appear at the end of every article summary...

  17. Great. Just what we need... by doppleganger871 · · Score: 1

    ...another 24-hour pharmacy.

    --
    -- Liberalism is a mental disorder.
  18. Re:We need a new one? by MassacrE · · Score: 3, Interesting

    "Any remaining problems"?

    You obviously are unfamiliar with the CVS dungpile, err.. codebase. For instance, there is no access provider mechanism - they copied and pasted the code from the filesystem tree to make the pserver tree, then nobody thought "hey, maybe this will be a maintainability problem later?"

    There is also no application-level interface to CVS. CVS tools typically use regexp or other parsing techniques to invoke the CVS command-line and parse its contents.

    If this causes a slower transition to Subversion, it will be because people don't need to run away from the existing CVS implementation screaming anymore. A good implementation of CVS will put the emphasis of subversion right where it should be - adding compelling features which will convince people to move to it.

    As far as 'less interoperability between operating systems' is concerned, I do not see why this would be restricted to BSD systems, any more than openssh was.

  19. Finally... by fimbulvetr · · Score: 1

    CVS and subversion are plauged with security vulnerabilities. I was beginning to wonder if it was ever going to stablize like apache 1.3.

    I'm extremely happy to see that the open(bsd) team is doing what it's best at.

    1. Re:Finally... by fimbulvetr · · Score: 2, Insightful

      You do realize you can run subversion under Apache, so that subversion security == Apache security. Right?

      Yes, of course I realize. Additionally, I realize that your statement is blatently incorrect.
      Subversion security != Apache Security

      First, I referenced apache 1.3.x, afaik, subversion only runs under 2.
      Secondly, subversion *CAN* run under apache, but it can also run standalone.

      Subversion is not secure, and running under apache does not make it secure. If anything, it makes apache much more insecure.

  20. OpenNTP problems by andrel · · Score: 1, Troll

    I hope they do a better job with CVS then when they botched implementing NTP

    1. Re:OpenNTP problems by LurkerXXX · · Score: 2, Informative
      And in response:

      http://www.ie.openbsd.org/faq/faq6.html#OpenNTPD

    2. Re:OpenNTP problems by shub · · Score: 1, Offtopic
      Whereas I post with my own slashdot account, and don't try to hide behind an AC.

      I have said that I would remove all comments in my blog which are posted with bogus e-mail addresses, and I have done that. What you haven't seen is the comments in my blog which were favourable to my view, but which were also posted with bogus e-mail addresses, and which were also deleted. I will continue my policy regarding the deletion of comments posted to my blog which have bogus e-mail addresses, and if someone wants to post a rebuttal comment with a valid e-mail address, then I will leave it.

      I have no problem with the creation of a "lightweight" time server, but the problem is that the NTPv3 and NTPv4 protocols are, by their very nature, quite heavy -- you simply cannot escape that fact. If you want something "lightweight", then you have to give up NTPv3 and/or NTPv4, and instead go with SNTP.

      Please note that there is a "lightweight" SNTP server included in the "Reference Implementation" tarball, known as "msntp". This is the same SNTP server as used on m0n0wall. If you want a lightweight SNTP server implementation, you should check it out.


      The real problem is that the PR/marketing campaign by Theo and Henning has been that OpenNTPd is a complete fully functional replacement for the Reference Implementation, which even casual inspection shows to be patently false. Now, if they wanted to change the name of the project to OpenSNTPd and change the PR/marketing to match, I wouldn't have a leg to stand on. I challenge Theo or Henning to do this. At least, they'd be able to make me shut up.

      With regards to my blog on OpenNTPd, I contacted Henning, and had several conversations with him regarding the project and where he saw things going. I tried very, very hard to give them every possible benefit of the doubt. When it became clear that he and Theo considered the project to be essentially finished (at what I would consider the 0.0.1 stage), and they were already looking for other things to work on, that's when I took the material I had been working on for a long time, and did a final "publication" of it.

      I tried very, very hard to be as objective as possible, and to do everything I could to avoid flame wars, while still keeping what I considered to be constructive criticism. Needless to say, I've been underwhelmed by some of the responses, especially from some of the slashdot crowd.


      Meanwhile, if people want to check out "slander" or "libel", try asking yourself why something qualifies under these terms when I say it, but qualifies as "fact" when Dan says the exact same thing. There's someone using a double-standard here, but it's not me.

      --
      Brad Knowles
      http://daily.daemonnews.org/ -- if you're not
    3. Re:OpenNTP problems by Goo.cc · · Score: 1

      The problem with that guy's complaint is that OpenNTP isn't designed to be a fully featured NTP client; it just provides a majority of the features that a majority of users use. For those that need the full functionality of the classic NTP program, they can get the previous version from OpenBSD ports.

    4. Re:OpenNTP problems by LurkerXXX · · Score: 1
      True. However they note under the goals of the project that some folks don't run NTPD at all because it is difficult to set up, uses quite a bit of memory, and their machines are often hugely off correct time because of this. OpenNTP gives those folks an easy way to run it on their system.

      The other big thing is it is easily auditable whereas NTPD isn't. OpenBSD guys seem to be big into auditing code. They've often cleaned up 'dirty' code, and ended up being immune to security holes that were only later identified in those apps run on other OS's. They might figure the possibility of a spoofing problem ( and ending up with time being off because of that ) might be better than a potential unseen security hole letting the bad guys get root access.

  21. Hmm... by which+way+is+up · · Score: 2, Funny

    No thanks, I prefer visual source safe.

    1. Re:Hmm... by stratjakt · · Score: 1

      Funny how you're a troll but everyone making the exact same statement about subversion is +5: insightful!

      I prefer VSS too. It works and I dont have to futz around on a command line.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Hmm... by which+way+is+up · · Score: 1

      I hate to reply to my own post, but others on here have stated their preference for one version of VC over another. Yet I'm modded down? Not sure I understand, Surely I can't be the only one here who uses Visual Source Safe?

    3. Re:Hmm... by Tenareth · · Score: 1

      VSS is fine for small projects, but having a global distributed repository is not exactly it's thing. Which, btw is the whole point of this article.

      --
      This sig is the express property of someone.
    4. Re:Hmm... by Tenareth · · Score: 1

      Because VSS isn't anything like CVS of Subversion, or even PVCS (that hunk of trash) for that matter.

      It's a mid-size project type tool that is not designed for global teams to use. This entire article is about replacing CVS because of it's Security deficits...

      VSS isn't in the same league.

      --
      This sig is the express property of someone.
  22. and Arch, and BitKeeper, Aegis, SVK by noblesse+oblige · · Score: 2, Informative

    And the GNU people have run to Arch with the usual zealot flair. A good comparison can be found here.

    --
    Some will always be above others. Destroy the equality today, and it will appear again tomorrow. --Ralph Waldo Emerson
  23. "Compatible" by upsidedown_duck · · Score: 1


    I guess that means it still sucks compared to 95% of VC systems out there (the remaining 5% being RCS and nightly backups).

    --
    -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
    1. Re:"Compatible" by anarxia · · Score: 1

      Don't forget SourceSafe :)

  24. Berkley db? by oliverthered · · Score: 1

    1: install subversion
    2: upgrabe berkley db
    3: pannic. (or svn recover, or db ... recover)

    I've also had no end of trouble setting the permissions to 660 U:root G:subversion without the database corrupting.

    --
    thank God the internet isn't a human right.
    1. Re:Berkley db? by ishmalius · · Score: 3, Informative

      This is no longer a necessity. There is a filesystem-oriented repository format now. We have been using it for over a month now with no problems.

    2. Re:Berkley db? by oliverthered · · Score: 1

      I'm sorry, you made me laugh uncontrolably.
      Anyhow, thats great news.

      1: How do I convery my existing system? Any chance of a link.

      2:
      It's easy for me to backup, and if I loose a couple of revisions that's ok but 'no longer a necessity' and 'over a month with no problems' gave me a bit of a chuckle...

      what version of subversion, and how long has it been in release?
      I'll switch to it at home so that it get's a bit more testing (so long as it's out of alhpa), then maybe I can recomend it at work at a leter point in time.

      --
      thank God the internet isn't a human right.
    3. Re:Berkley db? by chuck · · Score: 1
      1: How do I convery my existing system? Any chance of a link.

      Read the Subversion Book

      Note the "svn dump" and "svn load" commands. "dump" will serialize your database into a text representation. Then reconfigure your server, and use "load" to incorporate all the data into your new database.

      --
      My Freakin Blog
    4. Re:Berkley db? by flink · · Score: 1

      I've also had no end of trouble setting the permissions to 660 U:root G:subversion without the database corrupting.

      This is actually very simple to fix, although you do have to be careful setting things up. Just make your db directory look like this:

      [svn@lynx ~/ec-svn]$ ls -la repo/db
      total 442800
      drwxrwsr-x 2 svn svn 4096 Dec 15 17:55 .
      drwxrwsr-x 7 svn svn 4096 Feb 27 2004 ..
      -rw-rw-r-- 1 svn svn 8634368 Dec 15 17:55 changes
      -rw-rw-r-- 1 svn svn 1032192 Dec 15 17:55 copies
      -rw-rw-r-- 1 svn svn 8192 Dec 13 15:25 __db.001
      -rw-rw-r-- 1 svn svn 270336 Dec 13 15:25 __db.002
      ...

      Note the SGID bits on the directories. Now all you have to do is follow a few simple rules:

      1. All processes accessing the db must be in the svn group.
      2. All processes accessing the db must be using a umask of 002.
      3. All interactive maintenance must be done via the svn account and not as root.

      I have been running a repo at my company for over a year (since v0.33, 11/03) and the only wedges I've had is when I forgot and broke rules 2 or 3. These were all recoverable by fixing the permissions and running svnadmin recover.

      As for backups, I have my post-commit script do an incremental dump of the committed revision in the background. A cron script does a nightly cumulative dump of the entire repo.

    5. Re:Berkley db? by oliverthered · · Score: 1

      Yep, that's kinda what I've got(now).

      The problem was that the database kept getting trashed.

      --
      thank God the internet isn't a human right.
    6. Re:Berkley db? by egoots · · Score: 1

      what version of subversion, and how long has it been in release?

      The file based backend (termed FSFS) came out in version 1.1.0 which was released on Sep 29, 2004. Since then, a minor bug fix maintenance release V1.1.1 has been released on Oct 22, 2004.

      You can see the complete release history at the following web page: http://subversion.tigris.org/project_status.html

  25. Who needs it? by Macrobat · · Score: 1

    I just use the Open~ project to make backups whenever I edit a file.

    --
    "Hardly used" will not fetch you a better price for your brain.
  26. Re:We need a new one? by ajs · · Score: 1

    So, to cut out the bile and name-calling, your concern is in two parts: the pserver mechanism is unmaintainable and there's no API.

    Now, ask yourself which is harder: writing a new pserver layer and an API or re-writing the entire toolchain? What's more, which one hurts an existing open source project from which OpenBSD has derived untold benefit over many years?

    I'm sorry, I just don't accept your "dungheap" metaphor as a valid reason for abandoning this tool when there are many tools which OpenBSD has contributed to fixing and/or adding features to.

    Something rings hollow.

  27. Re:What a useless piece of... by Nimrangul · · Score: 1

    OpenSSL is in no way related to OpenBSD. They are completely unrelated.

    --
    I'm sick of following my dreams - I'm just going to ask them where they're going and hook up with them later.
  28. Re:In related news... by upsidedown_duck · · Score: 3, Funny


    The OpenBSD folks would re-implement GCC in a heartbeat, if they could afford the man-years to do so.

    --
    -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
  29. There's already a better CVS... by cduffy · · Score: 1

    ...and I'm not just talking SVN (which is quite successful at its "better CVS" goal, though I prefer Arch with its "better revision system" intent): CVSNT

    Why it's so rarely used (with the exception of being packaged with the major CVS client GUIs on Windows), and why so few Linux distributions package it, has always been a mystery to me.

    1. Re:There's already a better CVS... by cduffy · · Score: 1

      Yes, there is a linux port, but it has no benefits over stock CVS.

      Bullshit. CVSNT has a better security model and more features (BranchPoint, SSL support, etc) than stock CVS, on any platform.

  30. Requiem for the FUD by AgainstFUD · · Score: 1
    ... facts are facts. ;)

    FreeBSD:
    FreeBSD, Stealth-Growth Open Source Project (Jun 2004)
    "FreeBSD has dramatically increased its market penetration over the last year."
    Nearly 2.5 Million Active Sites running FreeBSD (Jun 2004)
    "[FreeBSD] has a secured a strong foothold with the hosting community and continues to grow, gaining over a million hostnames and half a million active sites since July 2003."
    What's New in the FreeBSD Network Stack (Sep 2004)
    "FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps."

    NetBSD:
    NetBSD sets Internet2 Land Speed World Record (May 2004)
    NetBSD again sets Internet2 Land Speed World Record (30 Sep 2004)

    OpenBSD:
    OpenBSD Widens Its Scope (Nov 2004)
    Review: OpenBSD 3.6 shows steady improvement (Nov 2004)

    *BSD in general:
    Deep study: The world's safest computing environment (Nov 2004)
    "The world's safest and most secure 24/7 online computing environment - operating system plus applications - is proving to be the Open Source platform of BSD (Berkeley Software Distribution) and the Mac OS X based on Darwin."
    ..and last but not least, we have the cutest mascot as well - undisputedly. ;)

    --
    Being able to read *other people's* source code is a nice thing, not a 'fundamental freedom'.

  31. Lots of reasons... by emil · · Score: 2, Interesting

    I am not a fanatic about BSD vs. GPL, but let me count the ways...

    1. Anything under BSD license is much more free than GPL free software. Hey, it doesn't change my life much, but there are a lot of people who care about this. More BSD free software is good for everybody.
    2. Is it your right to ask OpenBSD developers to GPL their code, when they would prefer to apply a BSD license to it? It certainly isn't mine.
    3. It is unlikely that the current CVS uses strlcpy/strlcat. Would retrofitting this functionality be accepted by the CVS people, especially as the GNU libc people have already rejected it? (Boy, that was a great step forward in security there.)

    OpenBSD has been slowly stripping/replacing GPL software wherever they can. Recent fatalities include gzip and gawk. It's their distribution, and they can do what they want.

    But I for one am glad for OpenBSD. It fits me like a glove. I just wish that Microsoft couldn't copy so much of it.

    1. Re:Lots of reasons... by ajs · · Score: 1

      "I am not a fanatic about BSD vs. GPL"

      You wrote a BSD vs GPL flame in response to a post which mentioned neither. That is pretty much exactly my definition of a BSD vs. GPL fanatic.

      Licenses are fascinating bits of legal hackery, but when it comes to software, one should never be so distracted by such toys that one forgets that the software and the community built around that software is the real value.

    2. Re:Lots of reasons... by Nimrangul · · Score: 1
      That is the most sound reason to leave everything under the BSD or public domain I have ever seen.

      Noone cares though, many people do not want a company to take something they worked on and make money off of it without them getting their piece. Many more just don't want a company making money off their work.

      --
      I'm sick of following my dreams - I'm just going to ask them where they're going and hook up with them later.
    3. Re:Lots of reasons... by Eric+Smith · · Score: 1
      Is it your right to ask OpenBSD developers to GPL their code, when they would prefer to apply a BSD license to it?
      Yes, I do have the right to ask that. Just as the OpenBSD developers have the right to ignore me and release it under whatever license they prefer.
      It certainly isn't mine.
      Maybe you should move to a country where you have the right to free speech?
  32. Borked link by Hel+Toupee · · Score: 1

    The link to the OpenBGPD site is wrong. A simple investigation reveals that the poster posted the site as www.openbDbd.org. "Slashdot editors" seems to be and oxymoron....

    --
    PERL:
    All of the power of Voodoo with most of the understandibility!
    1. Re:Borked link by Ndiin · · Score: 1

      "Slashdot editors" seems to be and oxymoron....

      Hint: Don't make typos when complaining about typos.

  33. Borked Link by Hel+Toupee · · Score: 1

    The link to the OpenBGPD site is wrong. The poster wrote it as www.openbDpd.org. "Slashdot editors" seems to be an oxymoron....

    --
    PERL:
    All of the power of Voodoo with most of the understandibility!
  34. Forget the BSD license by stratjakt · · Score: 1

    When will someone create a GPLed replacement for this OpenCVS thing?

    --
    I don't need no instructions to know how to rock!!!!
  35. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  36. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  37. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  38. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  39. Re:In related news... by bluGill · · Score: 1

    Hmm.... OpenCC is the only one of those that does not exist and fully functional today. LibC is, and always has been a part of OpenBSD. Linux is a kernel that looks a lot like Unix, so is the OpenBSD kernel. There is even a linux compatibility mode for your linux apps.

  40. Re:We need a new one? by Anonymous Coward · · Score: 2, Insightful

    Let me see if I understand this... there were some security problems with CVS as-is, so the OpenBSD folks did the right thing and reviewed the code, discovered any remaining problems and submitted... no, no it seems they instead wrote their own CVS.

    Actually, they did review the code, find the bugs, make patches for them, and submit the patches to the CVS crew. The CVS folks did the same thing Apache did, which was to ignore the patches. The OpenBSD people were in the same boat again. They had improvements to an existing project that the project wasn't accepting. They could've forked the CVS code, which was probably what they were going to do, but the existing CVS code turned out to be so bad that starting from scratch would've been easier than forking. In light of this, most of the rest of your comment is pointless to reply to, because it's based on information you didn't have before you shot off your mouth.

    For those not familiar with the state of the world, this is going to mean a slower/longer transition to subversion (the logical successor to CVS), less interoperability between operating systems for developers and yet another tool that the OpenBSD people (who clearly did not have enough work to do already), to support.

    Subversion isn't the logical successor to CVS. Subversion has a handful of issues that stand in the way of it becoming even a viable competitor to CVS, much less a successor, and that doesn't address the svn design issues.

    OpenCVS is also compatible with CVS, except where CVS has design issues that affect security. For the most part, most people won't ever notice the difference, and the world is better for having OpenCVS around, especially when the original CVS group doesn't want to take security patches.

    Finally, the OpenBSD developers are very experienced. It's likely that OpenCVS already has fewer bugs in it than the original CVS; furthermore, the code is cleaner than CVS's and will be far easier to maintain.

    What happened to OpenBSD? Wasn't it an actual member of the open source community at one point?

    OpenBSD is taking care of OpenBSD. If that methodology results in a better operating system than others, then there's something flawed with the other methodologies. It's not OpenBSD's problem if you don't like them.

    Oh well, as long as no one tries to make me use their mutant CVS, I'll be happy.

    I'll bet that within two years, you'll be using OpenCVS with 95% exclusivity because it's a better, more secure, more stable product. It's not a good thing to rail against software projects in their infancy, because you don't know where your needs will be in time. Nobody will blame you later on for using OpenCVS.

    Lastly, I'm putting an OpenCVSup on my Christmas list. It would be outstanding to not have to choose between installing a binary package and installing a Modula-3 compiler.

  41. You completely ignore security. by emil · · Score: 1

    Face it, the GNU toolchain will never be as secure as OpenBSD. Yes, you have Openwall, PaX, and SELinux floating around, but what major distribution uses them right now? W^X was released in 3.3.

    Theo & Co. have had a number of good security patches rejected by various GPL maintainers (and yes, some have been accepted). However, can you blame them for jumping the gun on a CVS replacement? It's core to the OS.

    OpenBSD is developed for a variety of reasons, some which I agree with entirely, and some that give me pause (I just read criticism of OpenNTPd that makes me want to turn it off). I also wish that certain players in the industry could be bound by the GPL when working with OpenBSD code, but this is not to be.

    OpenBSD is developed and licensed for Theo's reasons. I use it for my reasons. If you don't like it, don't use it. Should people not be free to do what they want with their time?

    Who made you God?

    1. Re:You completely ignore security. by Michael+Wardle · · Score: 1

      Face it, the GNU toolchain will never be as secure as OpenBSD. Yes, you have Openwall, PaX, and SELinux floating around, but what major distribution uses them right now? W^X was released in 3.3.

      Fedora Core has incorporated Exec-Shield and SELinux since its first release. These technologies will also be included in Red Hat's next major enterprise operating system release, Red Hat Enterprise Linux 4, due early in 2005.

    2. Re:You completely ignore security. by ajs · · Score: 1

      Face it, the GNU toolchain will never be as secure as OpenBSD

      That's a very nice bit of speculation / opinion. It, however, has nothing to do with my post in any way whatsoever.

      Please, folks, if you're BSD bigots or Linux bigots or Windows bigots or whatever, go find a post that says, "<your favorite tool/os/language> sucks," and reply with your rant. Meanwhile, take your non-sequitors and file them.

  42. Re:We need a new one? by Geekboy(Wizard) · · Score: 1

    Stop being stupid. OpenCVS is designed to be a drop in replacement. It will always work with GNU cvs, so you can use either the OpenCVS client with the GNU cvs server, or the GNU cvs client with the OpenCVS server.

  43. Re:What a useless piece of... by Simon+Lyngshede · · Score: 1

    No one is forcing you to think that OpenCVS is a good thing, in fact, Im pretty sure that the OpenBSD developers don't care about what you think.

    If they like CVS, but not the GNU implementation, why shouldn't they write a new implementation?

    I can't believe the number of people who think they are suppose to tell the OpenBSD developers what to do. If you don't like what they are doing, that's your problem. The developers can do what ever they want and right now they want OpenCVS, not Subversion, not Arch and not GNUs cvs implementation.

    If you know better, you can do the work yourself.

  44. More power to them... by psykocrime · · Score: 2, Interesting

    I personally think it's something of a waste to write yet another replacement for CVS, but if they feel they need it, then great. It's open-source, it's volunteer, so nobody has any business telling these people *not* to write OpenCVS.

    That said, I (and many others) consider Subversion to be the logical successor to CVS, and it seems to me that any effort spent on revision control would be better spent contributing to Subversion (or Arch maybe) instead of writing yet another version of something that's essentially obsolete.

    OTOH, if they have major disagreements with the fundamental architecture of Subversion (and I understand that some people do) then maybe it would be better to just start from scratch, and design their own vision of an ideal revision control system?

    Either way, it probably means more quality open source code, and in the long run, everybody ultimately benefits.

    --
    // TODO: Insert Cool Sig
    1. Re:More power to them... by kirkjobsluder · · Score: 1

      That said, I (and many others) consider Subversion to be the logical successor to CVS, and it seems to me that any effort spent on revision control would be better spent contributing to Subversion (or Arch maybe) instead of writing yet another version of something that's essentially obsolete.

      I think the core problem is that CVS has become something of a legacy tool like sed, awk, grep and sh. Many of these tools may be "obsolete" but that does not mean that we don't need secure and trustworthy versions of those tools.

      For the forseeable future, there will probably be projects using cvs for the next several years. OpenBSD users use cvsup for patching and updating both the base system and ports tree. I like Subversion and use it for my own stuff, but I don't think it is quite ready yet.

  45. Broken Link for OpenBGPD by Chaos1 · · Score: 1

    The link points to http://www.openbdpd.org/, and should be http://www.openbgpd.org/

    --
    I only need the Preview button when I haven't used the Preview button.
  46. Re:why bother? by Trejkaz · · Score: 1

    Subversion can't access CVS repositories, which is probably important for fools who still use CVS.

    --
    Karma: It's all a bunch of tree-huggin' hippy crap!
  47. IPv6? by isj · · Score: 1

    Does this mean that there is a chance that we will get a CVS implementation that supports IPv6 out-of-the-box? I am getting tired of patching it.

    1. Re:IPv6? by mirabilos · · Score: 2, Informative

      Eh? cvs uses ssh for connecting to the server, or
      operates locally.

      What? You're using pserver/kserver? Don't.

      You can even use anoncvs to make non-anynomous
      read/write accounts for users to access the CVS
      repository by means of cvs server, preventing them
      from directly writing into the repo.
      http://mirbsd.bsdadvocacy.org/cvs.cgi/src/l ibexec/ anoncvssh/

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  48. Re:In related news... by upsidedown_duck · · Score: 1


    Funny mod day, huh? I've actually seen OpenBSD people discuss a real desire to replace GCC (GCC is not under a BSD license). Man-years was not at all an understatement.

    --
    -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
  49. CVSNT anyone? by Anonymous Coward · · Score: 1, Informative

    CVSNT http://cvsnt.org/wiki is actively maintained and has many improvements compared to standard CVS. It is definitely worth having a look at if standard CVS does not give you what you want.

    And before you start complaining: it runs on Linux as well as Windows (don't know about other *nix'es).

    Unfortunately it has got a bizarre release cycle which makes it hard to figure out which versions are stable, but if you use a conservative approach and monitor the development mailinglists it can be acceptable. I have been using it successfully in a production environment for over a year without any serious problems. And we were very happy with the extended functionality, especially the improvements regarding merging between branches.

  50. Re:We need a new one? by Azul · · Score: 2, Interesting

    You know, this is precissely how OpenBSD was born. Theo de Raadt was contributing to NetBSD until the NetBSD core decided to remove his write privileges from its sources. Theo, upset, decided to fork and start OpenBSD.

    Originally, it had nothing to do with security, but rather with "openness" (from Theo's point of view, after he was kicked out). I suppose it would be called SecureBSD had security been the reason Theo started working on it.

    You can find out more about this straight from the horse's mouth.

    So, I suppose, forking established projects due to disagreements such as these is nothing new for the OpenBSD people.

  51. Re:how long till we wait .. by PygmySurfer · · Score: 1

    You mean this abomination?! Please, anything but OpenWindows!

    And people think CDE is bad...

  52. Re:What a useless piece of... by ttfkam · · Score: 1

    1. The conversion from RCS to CVS is not necessarily seamless.
    2. As Subversion whole reason for existence is to "fix CVS once and for all", there are migration tools to switch with.

    The Apache Software Foundation has been steadily moving their revision control to Subversion and they have a *huge* amount of code. No one is suggesting you scrap everything you've got and starting over from scratch.

    --

    - I don't need to go outside, my CRT tan'll do me just fine.
  53. Re:What a useless piece of... by ttfkam · · Score: 1

    And no one is trying to force them into caring what I think. I simply stated my opinion: it's a waste of time to reinvent an obsolete wheel. Take the advice or don't. That has no bearing on me airing my opinion.

    --

    - I don't need to go outside, my CRT tan'll do me just fine.
  54. Scratch OpenSSL from the list... by ttfkam · · Score: 1

    I stand corrected. Thank you.

    --

    - I don't need to go outside, my CRT tan'll do me just fine.
  55. Breaking News by MightyMartian · · Score: 1

    OpenFord has announced it will be releasing Open Model A, the very latest in high tech auto design.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  56. Re:In related news... by uid8472 · · Score: 1

    Laugh all you want, but there was a halfway serious effort at one point to see what it would take to get the Plan9 C toolchain (which is vastly simpler than GCC, although ISTR it doesn't support all of ANSI C) released under a BSD-compatible license. I think the motivation was a combination of GCC's GPL-ness and its size/complexity.

  57. Have you read CVS source? by ^BR · · Score: 1

    Can you honestly say that you understand what is does? I tried and al I got was a headache...

    The sad fact is that it's likely more work to get into CVS than to rewrite one cleanly.

    It is supposed to be a protocol anyway, not just a program, another reimplementation (I don't know if CVSNT is a CVS descendant) will at least give the benefit of better documentation for the protocol...

  58. Nice response, Mr AC by eightball · · Score: 1

    I mostly agree with your assessment, though I am not sure this project will have the success of OpenSSH. But, we can hope.

  59. Re:how long till we wait .. by compwiz312 · · Score: 1

    It already exists...

    ReactOS http://www.reactos.com/

  60. Re:Off topic: PF better than IPFILTER how? by mirabilos · · Score: 1

    Now now. That's definitively FTP's fault, and IMHO
    this pre-1980 protocol deserves to finally die
    anyway.
    What's wrong with using HTTP for fast public down-
    loads, SCP/SFTP for secured file transfers and if
    it really has to be fast, netcat (and ssh to start
    netcat on the remote end)?

    Even Windows®-FTP-Clients do usually support SFTP.

    --
    My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  61. Some actual facts (and two more lines) by AgainstFUD · · Score: 1
    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

    The fact that you complain to me, instead of complaining to the *FUD-spreading* trolls, who should associate the entire GNU/Linux community with, according to your reasoning.

  62. Re:Off topic: PF better than IPFILTER how? by Xenophon+Fenderson, · · Score: 1

    D00d, I would love to see FTP finally die. Unfortunately, FreeBSD's own file distribution mechanisms rely on FTP, e.g. "pkg_add -r", ports, etc. And just about every other piece of modern firewall software can proxy FTP in the kernel (ipfilter, iptables, FireWall-1, etc.). Don't get me wrong: "modulate state" and the scrub options are really cool, but they solve a theoretical problem. I, instead, have a real problem with not being able to easily make FTP through my firewall work. What sucks even more is that I prefer to do egress filtering. With an in-kernel proxy, everything works properly because the proxy will add the necessary ingress and egress rules to make the file transfers work. Not so with ftp-proxy(8). So I have to either do "pass out" in pf.conf or click the "pass all outgoing" option in fwbuilder. This missing feature violates my expectations and it unnecessarily complicates my firewall rules (and weakens them in a theoretical sense).

    (Yes, I am a have-my-cake-and-eat-it-too kind of guy.)

    --
    I'm proud of my Northern Tibetian Heritage
  63. Re:Off topic: PF better than IPFILTER how? by mirabilos · · Score: 1

    a) You can retrieve packages by HTTP.

    b) More insecurity in the kernel?

    c) Rewrite ftp-proxy so that it uses a table
    which is manipulated by ftp-proxy but which
    must be contained in the pf.conf first.
    spamd does this too, I think.

    --
    My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  64. Some actual facts by Aga1nstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=132239&cid =11082989

  65. Some actual facts (Parent is a Troll) by Aga1nstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=132239&cid =11082989

  66. Some actual facts (Other links are trolls) by Aga1nstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=132239&cid =11082989

  67. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  68. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  69. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  70. Re:GCC will be replaced some day by RdsArts · · Score: 1

    IIRC, Tendra was the compiler they were tossing around as a idea of which one to move to a few months back. Or at least some messages were passed around.

    I've always wondered why they hadn't. Sure, it's not a 100% drop-in replacement for GCC, but considering how much GPLed code they've dropped and that it would push them much closer to being a fully-BSDed OS, I don't see how it would have been that much more of a problem.

  71. Some actual facts (other posts are trolls) by Aga1nstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=132867&cid =11094025

  72. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  73. Some actual facts by Aga1nstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=132867&cid =11094025

  74. Some actual facts by Aga1nstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=132867&cid =11094025

  75. Some actual facts (parent is a troll) by Aga1nstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=132867&cid =11094025 It's not "FUD" if it's true.

  76. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  77. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290

  78. Some actual facts by AgainstFUD · · Score: 1

    http://bsd.slashdot.org/comments.pl?sid=131228&cid =10982290