The OpenBSD project will soon release OpenCVS, a GNU CVS compatible, BSD licensed alternative. “The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.”
OpenSSH is the best thing since sliced bread. I can only imagine what they can do for CVS
Why not immediatly build something nice around svn?
I bet svn is going to replace cvs as time goes by
Both of the links in this story are missing the leading “http://“ prior to the hostname, so both are broken links that point to non-existent pages on the osnews.com site.
“I can only imagine what they can do for CVS
”
its pretty useless to rely on cvs. svn is much better
I can only imagine what they can do for CVS
Not all too much probably, since they will of course stay compatible to the original CVS.
—————————————————
Also, I did not know that GNU has its own CVS implementation. I know that the version from http://www.cvshome.org is very widespread, but it is not from GNU. Maybe the editor made an error and in fact cvshome.orgs CVS is meant?
Why deal with outdated tech, when there is such a great alternative available (SVN)?
Save for patching existing CVS holes (for those that can’t immediately migrate to SVN), there seems to be little reason to continue developing CVS – especially with the noose of backwards compatibility around it’s neck.
Also, Is OpenBSD part of the GNU? If not, why are they using the GNU name together with the BSD license? Shouldn’t it be GNU and GPL?
What about subversion? How does it differ from CVS and how does its license differ from GPL?
Well, http://www.gnu.org/software/cvs/ refers to https://www.cvshome.org/. It appears cvshome and gnu cvs are one and the same.
Subversion is definitely easier to administer (or administrate? whatever the verb is), but it’s a bit odd at times. For example, if you put a whitespace too much in a config file it crashes and burns.
I suppose that the main reason why the OpenBSD team is sticking with CVS is because they don’t want to migrate their entire repository.
Still, in spite of its quirks I rather like SVN. It’s so much easier to use then CVS.
Also, Is OpenBSD part of the GNU? If not, why are they using the GNU name together with the BSD license? Shouldn’t it be GNU and GPL?
I guess I’m confused as you where you saw GNU and BSD next to each other. They said GNU CVS several times. In other words GNU made a CVS client. It is called GNU CVS (as there are also other CVS clients). It is licensed under the GPL license, but it is also made by GNU (as seen by the address http://www.gnu.org/software/cvs/ ). Their OpenCVS will be made by the OpenBSD team and will be licensed under the BSD license. My guess is you got confused over the two seperate programs, right?
[i]
Well, http://www.gnu.org/software/cvs/ refers to https://www.cvshome.org/. It appears cvshome and gnu cvs are one and the same.
[i]
Yes, I know that the FSF *distributes* the CVS Software. But like the README in the non-gnu directory of the gnu ftp server says, this version is not part of GNU.
ftp://ftp.gnu.org////non-gnu////README
ftp://ftp.gnu.org///non-gnu////cvs/
…but what about CVSNT. It runs on both linux, unix and Windows and is rock solid!
Try it!
http://www.cvsnt.org
CVSNT [is] open source, free software licensed under the GNU General Public License.
Considering they’re probably doing this over license concerns, CVSNT won’t help them.
Mainly because the conversions scripts for moving a CVS repo into a SVN repo are horrible, don’t work, and create super-huge SVN repos. IOW, it’s easier to write a new CVS client that works, than to waste valuable time trying to move the CVS repo into SVN.
Several different people have tried to import the FreeBSD CVS repo into SVN without any success yet.
While personally being all for Subversion, I understand OpenBSD’s decision to clone CVS since the developers are already using it and are up to speed with it (productivity counts people).
All in all, must I live me CVS. I’d much rather do so with a BSD licensed version and with OpenBSD’s level of security.
I’d much rather do so with a BSD licensed version and with OpenBSD’s level of security.
—-
i rather have them patch the current cvs implementation rather than reinventing the wheel
If you want a good ghost story, look at the CVS code some time. It’ll send chills down your spine.
Replacing CVS was only partly out of license concerns. The other reasons are because: CVS development has slowed considerably and patches are not readily integrated; they want the assurance that building their secure OS is not dependent on unreadable and potentially exploitable code (as they recently found out.)
I love OpenBSD and their projects!!!!
YaY!!!
What kind of nonsense is that? This is not about patching a few bugs, this is about fixing a fundamentally flawed security-implementation.
Not to mention that ‘patching’ it would mean GPL-ing the patches, and it’s quite obvious that the OpenBSD team prefers the BSD licence to GPL.
This is a good thing, for all of us. Much like OpenSSH, OpenBGPD and OpenNTPD.
If the old wheel comes with the chains of GPL, some (obviously) rather manufacture a new one.
DISCLAIMER: Before a war breaks out over BSD vs GPL let it be said that all license comes with chains attached with the notable exception of placing your creation in the PD.
This is a good thing, for all of us. Much like OpenSSH, OpenBGPD and OpenNTPD.
OpenBGPd, unlike e.g. OpenNTPd, OpenSSH, PF, is OpenBSD-only as of now. PF got ported to FreeBSD and NetBSD; OpenBGPd not (yet).
Actually, cvshome.org CVS (That one with the subversion ads
on the front page, how poor) is a part of the GNU project,
but not 100% (c) FSF. There have been authors and contribu-
tors in the past not assigning back to FSF, maybe before they
became licence nazis.
Actually I have received back a counter-signed (c) assignment
form from the FSF, stating my name and GNU CVS on it. (So my
patches for (GNU) CVS are now owned by the FSF under US law.)
When did I state that OpenBGPd got ported to other platforms?
I was referring to the fact that they are free implementations brought to us by the OpenBSD team — if you want to port it to your defunct OS, go ahead — as opposed to the encumbered or insecure implementations brought to us by others.
“What kind of nonsense is that? This is not about patching a few bugs, this is about fixing a fundamentally flawed security-implementation. ”
there is no fundamental flaws in gnu cvs. thats a unwarranted claim which you have provided no proof at all. you should ditch code that has served you for a decade just so that you get a bsd implementation
”
Not to mention that ‘patching’ it would mean GPL-ing the patches, and it’s quite obvious that the OpenBSD team prefers the BSD licence to GPL. ”
openbsd team uses many gpl’ed stuff like gcc for a long long time and they obviously have released patches. your claim that they would have to gpl their patches is flawed. they can very well release their patches under the revised bsd license. the linux kernel itself contains several bsd code change sets include OSS sound system (admittedly depreciated with gpl’ed ALSA)
“If the old wheel comes with the chains of GPL, some (obviously) rather manufacture a new one. ”
waste of productivity. try rewriting gcc in bsd code….
Seems a shame to be worrying about the security of the ancient and creaking cvs, when svn is 1.x, does the same thing and easily be secured through apache access etc.
SVN is not a drop-in replacement for CVS, which is the point of OpenCVS. SVN takes a new build process to adapt to it, and most IDEs dont’ have SVN plugins, but typically have CVS plugins. So, you want something API compatible with CVS, that can use existing CVS repositories. SVN might be the next generation, but it’s not an easy upgrade in a project using CVS. It will be a few more years before IDEs have SVN plugins and CVS->SVN migration tools mature. Anyhow, CVS is really just a big HACK, and hopefully OpenCVS will be a much cleaner reimplementation.
“SVN is not a drop-in replacement for CVS, which is the point of OpenCVS”
it is pretty close…
“SVN might be the next generation, but it’s not an easy upgrade in a project using CVS. It will be a few more years before IDEs have SVN plugins and CVS->SVN migration tools mature”
innumerous major protects have converted using svn tools including cvs2svn. you havent closely followed recent developments regarding this I presume. Just take a look at svn projects site and read the faq
” Anyhow, CVS is really just a big HACK, and hopefully OpenCVS will be a much cleaner reimplementation.”
it cannot be while remaining compatible
“When did I state that OpenBGPd got ported to other platforms?
I was referring to the fact that they are free implementations brought to us by the OpenBSD team”
You said “a good thing for all of us”. OpenNTPd is multi-platform, OpenSSH is multi-platform, PF is BSD-only (fair enough), OpenBGPd is OpenBSD-only. Hence the latter is far from ‘good for us all’.
“if you want to port it to your defunct OS, go ahead — as opposed to the encumbered or insecure implementations brought to us by others.”
Right, OpenBSD is the only non-defunct OS. I wouldn’t run that OS given mr. Deraadt has moral values over ‘non-free’ licenses deciding for me that i may not easily install Qmail on an OpenBSD installation using the ports collection all out of license zealotry (“politics free, huh?”). I rather run FreeBSD or NetBSD, who don’t act as dogmatic as the defunctional mr. Deraadt. Even with Debian, its easy to get Qmail installed.
“waste of productivity. try rewriting gcc in bsd code…”
The BSD license zealot will probably name TenDRA now. However, its far from alpha quality…