OpenBSD Foundation Announced

OpenBDSfan writes "KernelTrap is reporting on the creation of the OpenBSD Foundation, a Canadian not-for-profit corporation intended to support OpenBSD and related projects, including OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. The announcement explains, "the OpenBSD Foundation will initially concentrate on facilitating larger donations of equipment, funds, documentation and resources. Small scale donations should continue to be submitted through the existing mechanisms.""

Accounced?

[Shambhu]

s/check-it-out dept./spell-check-it dept./

Re:OpenCVS?

[RAMMS+EIN]

Actually, I believe there was a good reason to create OpenCVS. Lots of sites still use CVS, but development GNU CVS is a mess and has become effectively unmaintained (leaving several vulnerabilities open). OpenCVS is intended for those sites who, for whatever reason, wish to continue using CVS, but also want some degree of security.

Re:OpenCVS?

[nacturation]

No, you have your negation wrong.... If Complex == Insecure then !Complex = !Insecure, and thus Simple = Secure. Technically you should say the following, where "->" is the symbol for "implies":

If Complex -> Insecure, then:
!Insecure -> !Complex; and
Secure -> Simple

Otherwise your method of reasoning would go like this:

Square = Four-sided-figure
!Square = !Four-sided-figure

. . . which doesn't make sense because then you could say "and thus, a non-square rectangle isn't a four-sided figure".

Good old Wikipedia has the details.

Re:OpenCVS?

[zyche]

What people seems to forget is that even if CVS usage is replaced with something else (like for example SVN) it doesn't make all the old CVS repositories go away. So, 20 years into the future (when we have flying cars which runs on water) you sit there (on your levitating chair) and wants to extract some files from an old CVS repo you found in the company's archive. No problem, except that GNU CVS isn't available on SuperDuper Windows Extra Deluxe 2027, due to the fact that code base and build system is such a mess that no one manages to make packages for Cygwin anymore (that and the fact that Microsoft (Operating Systems Division) does not any longer permit that GPLed software is used on its products.

Ok, I'm exaggerating, but the point is that there is no fault in having a clean and maintainable code base for the future - even if it's only used for handling legacy projects.

Besides, who are we to tell these people how to use their spare time? If anyone want to re-implement Unix in Brainf*ck, then let them.

Re:OpenCVS?

[Noryungi]

the main source of theo thinking SVN isn't secure, is because that control freak didn't write it himself. which is ironic because openssl and openssh are 2 packages responsible for huge security holes over the years, both of which are his babies.

Except, of course, you have no fscking idea what you are talking about, since OpenSSL is not developed, or related to, OpenBSD and Theo de Raadt in any way.

As far as OpenSSH security holes are concerned, please excuse me while I laugh. Most of these vulnerabilities are either denial of service, or someone who messed up with their OpenSSH implementation. A lot of people think they can improve on a perfectly good product by adding security holes in it.

As far as OpenCVS is concerned, they explain their rationale quite clearly:

The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.

Now, let me ask you: what part of "development has been mostly stagnant in the last years and many security issues have popped up" don't you understand?

Allow me to finish by adding this: read up a little bit before you start trolling. But that would be a waste of a perfectly good troll, right? Sheesh. Go back under your bridge, little troll.