Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenBSD Project Will Release OpenCVS

timothy posted more than 9 years ago | from the they're-big-on-that-open-thing dept.

Security 287

thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.

cancel ×

287 comments

Sorry! There are no comments related to the filter you selected.

LOL OMG WTF (0, Troll)

GNAA Goat-See (775677) | more than 9 years ago | (#11096124)

GNAA Announces Endorsement of Matroska Container
GNAA Announces Endorsement of Matroska Container

Wenzenbach, Germany - Having found the AVI video format lacking, GNAA decided to search for a hot new container format, for use in releases of all GNAA video, including upcoming subtitled versions of Gayniggers From Outer Space.

GNAA president and A/V wizard timecop immediately turned to the opensource commmunity, the first place anyone would look for high-quality, well-supported software. A few Google searches later, he stumbled across the Matroska container format, and it was love at first sight.

"I've alyways supported open standards, and I was really excited once I found them. [Matroska] It's basically another competing media container format, like AVI, an envelope in which there can be many audio, video and subtitles streams, allowing the user to store a complete movie in one single file. This ensures that the audio and video can be played in most media players. As long as they manage to download the libraries and DirectShow filters needed, compile them, and then you're good to go." said timecop. "Of course, you can't demux all the streams in a .mkv, so it's less than worthless, but I mean, this is a format Gay Niggers can really get behind. There are at least 4 developers working on it, and TENS of users release video in .mkv format."

Upon finding that the sole distribution site for the sources he needed was down, timecop delightedly added "welcome ot openfuckingsource." Upon discovering that the latest version of the source wouldn't work properly under Windows, he congradulated the developers on sticking it to "The Man" [Bill Gates], adding "I assumed people around here had enough sense to give up on dead alternative OS's [Windows] around the time BeOS took a trip down the shitter."

GNAA member godspeed added "ROFL. Matroska is developed by Gay Niggers, how can we, the GNAA, not support it? We've been searching for a container format that has the feature that once you put something into it, you can never ever take it back out except for playback, so Matroska meets our needs perfectly. FRIST POST!!!!1one"

Matroska developers were busy writing a multimedia framework for BeOS and not available for comment.

About Matroska

Matroska [matroska.org] aims to become THE Standard of Multimedia Container Formats. It was derived from a project called MCF, but differentiates from it significantly because it is based on GBML (Gay Binary Meta Language), a binary derivative of XML. GBML contains all the useless features of XML in a obscure and overengineered binary format, impossible to parse without obfuscated binary parser libs, and definitely not "human readable". GBML enables the Matroska Development Team to gain significant advantages in terms of future format extensibility without breaking file support in old parsers and allows them to push the limits of the gay video frontier. Some of the notable video codecs which have been used with Matroska include "RealVideo9" and "XVID".

Stated goals include creating and documenting a modern, flexible, cross-platform compatible Audio/Video container format, in combination with an open codec API, to form a free and open media framework, as well as establishing Matroska as the opensource alternative to existing containers such as AVI, ASF, MOV, RM, MP4, and MPG, however due to limited developer time, all current efforts are focused on getting Matroska running under BeOS. "Who needs to use a format everyone can already use, which is well supported by ALL modern OSes? Our opensource shitfest will soon replace the well-established, useful container formats."


About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [mugshots.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!
  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link [irc] if you are using an irc client such as mIRC.
clicking here.
-->

If you have mod points and would like to support GNAA, please moderate this post up.

.________________________________________________.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us [mailto]
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ | 143 Rolloffle Avenue
| ________"#,___*@`__-N#____`___-!^_____________ | Tarzana, California 91356
| _________#1__________?________________________ |
| _________j1___________________________________ | All other inquiries:
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ | Enid TBD
| ____!4yaa#l___________________________________ | enid_tbd@gnaa.us [mailto]
| ______-"!^____________________________________ | GNAA World Headquarters
` _______________________________________________' 160-0023 Japan Tokyo-to Shinjuku-ku Nishi-Shinjuku 3-20-2

Copyright (c) 2003-2004 GNAA [www.gnaa.us]

Re:LOL OMG WTF (0)

Anonymous Coward | more than 9 years ago | (#11096625)

Hah! This is hilarious if you've ever been required to play a video that's been encapsulated in Matroska. It's similar to the Ogg encapsulation format, but less well supported in practically every player that exists. I had to upgrade mplayer just to handle the .mkv, and there were a handful of extra libraries it needed to do that. All in all, I ended up recompiling the new mplayer three times (this is on LFS) to get it to work.

Netcraft? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11096126)

Has Netcraft confirmed any of this?

how long till we wait .. (0, Redundant)

macaulay805 (823467) | more than 9 years ago | (#11096142)

for OpenWindows?

(its a joke, laugh!)

Ummm.. I had to read that a few times.... (5, Funny)

GameGod0 (680382) | more than 9 years ago | (#11096154)

The OpenCVS CVS repository?

lol

Re:Ummm.. I had to read that a few times.... (1)

Aneurysm9 (723000) | more than 9 years ago | (#11096199)

Bah! No more confusing than using GCC to compile GCC.

That's a paddlin'. (1)

Fecal Troll Matter (445929) | more than 9 years ago | (#11096512)

ST. PAUL, Minn. (AP) -- A 79-year-old retiree who tussled with a man half his age over the man's foul language in a restaurant was sentenced to probation - but outside of that, he's been treated more like a hero than a criminal.

Bill Stevenson said the fracas began in July when he and another retired 3M engineer, 74-year-old Sten Gerfast, were having coffee at a bagel shop. In walked 40-year-old Jesse Tabor, talking on a cell phone and liberally using four-letter words, the men said.

In an interview after the incident, Tabor said he didn't recall cursing. But Stevenson and Gerfast remember it differently.

"There was an argument on the phone," Stevenson said. "The third time he walked by our booth ... Mr. Gerfast said to me, 'Should I do something about it?'"

So Gerfast tapped Tabor on the shoulder and asked him to take his call outside, Stevenson said. But Tabor, who was with his 13-year-old daughter at the time, dismissed him. Stevenson said he got involved when Tabor continued to shout obscenities.

"I've been in lots of different places, but when I heard that kind of stuff coming in my hometown, I thought, 'Somebody's got to do something,'" Stevenson said.

Stevenson grabbed the phone from Tabor and the two men engaged in a few seconds of tug-of-war. Thinking better of it, Stevenson said he let go and Tabor "went sailing across the floor."

Stevenson pleaded guilty to disorderly conduct Tuesday and was given three months of probation. But even the lawyers at Ramsey County District Court were giving him thumbs-up signs as he left the courtroom, he said.

"I've had over 30 calls and letters and e-mails, and I've not had one negative call. They're all on my side," Stevenson said.

Gerfast was acquitted of disorderly conduct charges last month. Tabor failed to appear at a September hearing and a bench warrant was issued for him.

Stevenson claimed Tabor "mocked me about being an old man."

"I just sat there and drank my coffee," Stevenson said. "I thought, 'You can think what you want, mister, but a couple of senior citizens stood up to you, and we ought to get a little bit more respect.'"

© 2004 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Learn more about our Privacy Policy.

I'll have to "Check It Out" (5, Funny)

lottameez (816335) | more than 9 years ago | (#11096160)

hahahahahahaha. I kill me.

Re:I'll have to "Check It Out" (0)

Anonymous Coward | more than 9 years ago | (#11096300)

Please.

*rimshot*

Re:I'll have to "Check It Out" (1)

DasAlbatross (633390) | more than 9 years ago | (#11096468)

You really need to update your repretoire!

Re:I'll have to "Check It Out" (0)

Anonymous Coward | more than 9 years ago | (#11096493)

parent was funny, you're gay.

Re:I'll have to "Check It Out" (4, Funny)

wowbagger (69688) | more than 9 years ago | (#11096529)

I think you need to be committed.

Re:I'll have to "Check It Out" (1)

stratjakt (596332) | more than 9 years ago | (#11096567)

I checked it out but I couldnt commit to it.

HAHA get it, theres a client but no server.. hee hee..

cvs -Y? (-1, Offtopic)

Enry (630) | more than 9 years ago | (#11096164)

Instead of doing that, maybe they can spend time working with X developers to implement and document the SECURITY exension in X11.

This Article is Redundant (2, Insightful)

Nimrangul (599578) | more than 9 years ago | (#11096167)

There was already an article regarding OpenCVS, and it is fairly obvious that it will be getting released, or it would not be given a Open* title and it's own site.

Not that I mind mind you, I just didn't see why there have been to articles on OpenCVS starting up. At least this one isn't saying it was because OpenBSD hates the GPL and are trying to replace a GPL CVS system.

Were we not... (4, Informative)

jwthompson2 (749521) | more than 9 years ago | (#11096170)

already aware of this?

http://bsd.slashdot.org/article.pl?sid=04/12/06/ 11 54242&tid=8&tid=7

That was back on December 6th!

Re:Were we not... (1)

freshman_a (136603) | more than 9 years ago | (#11096222)

The only people aware of this were the people at The Department of Redundancy Department who were the only people already aware of this.

Re:Were we not... (1)

KillerDeathRobot (818062) | more than 9 years ago | (#11096425)

Perhaps /. editors need to set up a CVS repository of articles so they can better coordinate posts?

Re:Were we not... (-1, Offtopic)

Nimrangul (599578) | more than 9 years ago | (#11096546)

Let me get this straight, I post before you and people mark me the Redundant one? Goodness me, I need to change my signature to contain some definitions of various words.

Redundant - repetition of same sense in different words
Flamebait - meant to trigger conflict
Insightful - grasping the inward or hidden nature of things
Informative - providing or disclosing information
Interesting - to arouse the curiosity or hold the attention of

Sorry to go off on an Offtopic tangent on you, that kind of moderating always rubs me wrong, kinda like when people mod jokes in the BSD section Flamebait if they have the keyword dead. They need a guide to moderating properly.

Re:Were we not... (1)

jwthompson2 (749521) | more than 9 years ago | (#11096587)

Sorry for your loss, I've never understood the moderators system, too variant and standardless....

Re:Were we not... (1)

ajs (35943) | more than 9 years ago | (#11096585)

Why is there not a moderation option, -1, Use the Freaking URL tag?! Slashdot may still add in its annoying space, but at least the href works.

For those who still want that link in a usable form, it's http://bsd.slashdot.org/article.pl?sid=04/12/06/11 54242&tid=8&tid=7 [slashdot.org]

Clicky Clicky! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11096176)

Clicky Clicky! [komar.org]

Dupe (1, Redundant)

jwbrown77 (526512) | more than 9 years ago | (#11096177)

Link [slashdot.org]

Re:Dupe (1)

3terrabyte (693824) | more than 9 years ago | (#11096449)

Heheh. Shouldn't the actualy story get a -1 Redundant? Not the poster!

Willy on Wheels! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11096180)

SOLLOG is the biggest troll in Slashdot history! [247news.net]

Send this fuckwit to hell!

A great idea... (3, Funny)

holzp (87423) | more than 9 years ago | (#11096182)

Merge the userfriendlyness of OpenBSD with the userfriendlyness of CVS!

What is wrong with subversion? (4, Insightful)

Yaa 101 (664725) | more than 9 years ago | (#11096185)

What is wrong with subversion [tigris.org] ?

Re:What is wrong with subversion? (0)

Anonymous Coward | more than 9 years ago | (#11096270)

The Apache License.

Re:What is wrong with subversion? (1)

salimma (115327) | more than 9 years ago | (#11096271)

I was about to ask the same question; the Subversion license seems to be BSD-like enough, and Subversion is a joy to use..

Re:What is wrong with subversion? (1)

Frymaster (171343) | more than 9 years ago | (#11096287)

What is wrong with subversion?

nothing. unless, of course, you already have a major project that's been using cvs. then, if you want to switch to subversion you have to retrain your development team and switch over your repository with the cvs2svn.py tool which, according to the subversion site "is still under development... only use it on a copy of your CVS repository and double check your results"

if you're in a major production environment, that's a no go.

Re:What is wrong with subversion? (3, Insightful)

chroot_james (833654) | more than 9 years ago | (#11096328)

This is the OpenBSD team. Not a bunch of louts. They could learn SVN overnight and write an open replacement for it in a week. Remember when they decided they didn't like ipf? They designed and implemented a new packet filter that was _better_ in barely any time at all.

With their vigilance, they'd clearly go with which ever they thought was better.

Re:What is wrong with subversion? (2, Insightful)

Jahf (21968) | more than 9 years ago | (#11096582)

Not necessarily. Switching off of ipf doesn't affect -every- developer. In fact it likely affected only the developers that went off to work on a replacement.

Assuming OpenBSD uses CVS today, then moving to a new toolset instead of mirroring the functionality of the existing tool affects -every- person who developes on OpenBSD.

That is a far far far more acute impact. One that I know I wouldn't want to be in charge of handling. This is the kind of thing that gives IT folks nightmares ... and developers can be some of the most obstinate people to retrain (and I say that with all affection to my father and co-workers).

Not to mention the hassle/risk of switching the systems over in the first place.

Re:What is wrong with subversion? (1)

oliverthered (187439) | more than 9 years ago | (#11096516)

What, so when you roll out you don't.
a: test using a copy.
b: veryify that everythings gone ok and then....
switch or roll back.

Or are you sying that your major project isn't 'still under development...'
Sounds like good practice to me.

Re:What is wrong with subversion? (5, Informative)

fitz (2205) | more than 9 years ago | (#11096644)

I've just corrected the project FAQ page to no longer reflect that cvs2svn is still under development. It's now stable, under maintenance and has been used to convert many many CVS projects, including Apache HTTP Server, Mono, and more.

Re:What is wrong with subversion? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11096330)

The fact that subversion sucks?

Berkley db? (1)

oliverthered (187439) | more than 9 years ago | (#11096477)

1: install subversion
2: upgrabe berkley db
3: pannic. (or svn recover, or db ... recover)

I've also had no end of trouble setting the permissions to 660 U:root G:subversion without the database corrupting.

Re:Berkley db? (3, Informative)

ishmalius (153450) | more than 9 years ago | (#11096637)

This is no longer a necessity. There is a filesystem-oriented repository format now. We have been using it for over a month now with no problems.

Re:What is wrong with subversion? (3, Interesting)

Phred T. Magnificent (213734) | more than 9 years ago | (#11096577)

Damn, where to start? In no particular order:

  • Subversion uses too damn much disk space, particularly on the client (not that it's good on the server, either, but when the client is an older laptop with a 9 GB hard drive, you really notice the problem)
  • Subversion is slow
  • The server-side database is too easily and far too frequently corrupted or left locked by an aborted client request, resulting in ridiculous slowdown on the client side and increased administrative overhead on the server side
  • Most Subversion installations are configured to work over HTTP (only). This provides all kinds of nice anti-benefits, like:
    • Eliminating key-based SSH authentication and replacing it with weak password-based HTTP "basic" authentication
    • Replacing a nice, encrypted SSH transport with plain-text HTTP
    • Making it so that in order to use Subversion over an SSH tunnel, you first have to shut down your local Apache server, modify /etc/hosts and set up the tunnel as root, because, of course, a non-root user can't tunnel port 80

The list goes on and on and on, but I'm not interested in continuing it just now. Subversion hasn't managed yet to be the worst version control system I've ever seen: that title is still held by PVCS on Windows 3.1, circa 1995. It's getting to be a close race, though.

Re:What is wrong with subversion? (0)

Anonymous Coward | more than 9 years ago | (#11096710)

What's wrong with subversion?

Well, specifically CAN-2004-0179, and many
other security flaws.

If you want something done right,
count on the OpenBSD group to make it
secure.

Mainstream (2, Insightful)

Manan Shah (808049) | more than 9 years ago | (#11096195)

What will really put this into a mainstream enviornment is if there are some good GUI clients available for it. If an easy to use, and perhaps more importantly, cross platform GUI client is released, you can bet that the popularity will go up. Visual Source Safe (Microsoft) isn't all that great, but people still use it because CVS doesn't have a robust windows GUI client. Or at least it didn't early on and so the first impressions were not very friendly from companies looking at products where they wouldn't have to train their employees as much. If they can come up with a great GUI right off the bat, Microsoft will really sweat.

Re:Mainstream (1)

stratjakt (596332) | more than 9 years ago | (#11096240)

Microsoft wont sweat, SourceSafe doesn't really compete with anything. It's just part of the Visual Studio package, which will sell for their IDEs and other features (.NET). I guess you can buy it seperately, I don't know who would though. It has nothing to do with Microsoft.

Re:Mainstream (1)

tricops (635353) | more than 9 years ago | (#11096282)

It's not directly tied to the main CVS project, but what about TortoiseCVS [tortoisecvs.org] ? Of course, there's a subversion client of the same as well, TortoiseSVN [tortoisesvn.org] .

Of course, even with the clients in a GUI form, it would still be nice to have a GUI tool for setting up and maintaining repositories as well.

Re:Mainstream (1)

TheRaven64 (641858) | more than 9 years ago | (#11096427)

The nicest version control GUI I have ever used is SCPlugin [tigris.org] , which is a plugin for the OS X finder. It overlays a small icon in the corner of the icon of every file under version control indicating its status, and provides a context menu for performing SCM operations. There are still a few rough edges, but the integration with the finder really makes it a joy to use - SCM operations and standard file operations can be done in exactly the same way.

Re:Mainstream (1)

samjam (256347) | more than 9 years ago | (#11096605)

With tortoise CVS I have found, the only additional training needed to get fair CVS use from team members is that merging clashes takes time and careful thought and can't be done automatically.

I highly recommend tortoise cvs - hey I use tortoise cvs under windows on a samba share from my colinux box (one day there will be linux CVS shell integration); and I use eclipse to edit the files.

Sam

Re:Mainstream (1)

Xentax (201517) | more than 9 years ago | (#11096469)

MS isn't going to sell only VSS forever, you know...check this out: Visual Studio Team System [microsoft.com]

Xentax

Development has stagnated? (4, Informative)

tcopeland (32225) | more than 9 years ago | (#11096207)

Hm. Well, maybe. There have been a couple releases [cvshome.org] this year, and the mailing list remains active.

I kind of feel that the torch is being passed on to Subversion [tigris.org] , with no hard feelings between anyone. Lots of folks are converting over and most folks seem pretty happy with it. But CVS is still widely used and there are a bunch of of gurus who hang out on the list and answer questions.

Oh, and here's a mirror [cougaar.org] of various CVS releases if anyone needs them.

and Arch, and BitKeeper, Aegis, SVK (2, Informative)

noblesse oblige (840634) | more than 9 years ago | (#11096418)

And the GNU people have run to Arch with the usual zealot flair. A good comparison can be found here [gnuarch.org] .

Re:Development has stagnated? (1)

ajs (35943) | more than 9 years ago | (#11096663)

"Stagnant" development is probably as much of a red-herring as "security" in this context. Either problem is addressed with far less work by contributing updates to CVS. No, I suspect that CVS was replaced because of the fact that it is distributed under the GPL, and BSD people find that somehow distasteful.

Whatever. I'm past license wars, and the OpenBSD people can do whatever they like. Meanwhite, I'm off to learn subversion.

Dupe :( (0)

Anonymous Coward | more than 9 years ago | (#11096212)

Again? [slashdot.org]

They must be really big on that open thing...

Two weeks ago (1)

essdodson (466448) | more than 9 years ago | (#11096214)

Welcome to two weeks ago.

We need a new one? (0, Flamebait)

ajs (35943) | more than 9 years ago | (#11096220)

Let me see if I understand this... there were some security problems with CVS as-is, so the OpenBSD folks did the right thing and reviewed the code, discovered any remaining problems and submitted... no, no it seems they instead wrote their own CVS.

Doh.

For those not familiar with the state of the world, this is going to mean a slower/longer transition to subversion (the logical successor to CVS), less interoperability between operating systems for developers and yet another tool that the OpenBSD people (who clearly did not have enough work to do already), to support. It will also mean that while they were clearly an interested party who was deriving benefits from a project and had expertise to contribute, they instead opted out and left the tool that had done so much for them to fend for itself.

What happened to OpenBSD? Wasn't it an actual member of the open source community at one point?

Oh well, as long as no one tries to make me use their mutant CVS, I'll be happy.

Re:We need a new one? (3, Interesting)

MassacrE (763) | more than 9 years ago | (#11096338)

"Any remaining problems"?

You obviously are unfamiliar with the CVS dungpile, err.. codebase. For instance, there is no access provider mechanism - they copied and pasted the code from the filesystem tree to make the pserver tree, then nobody thought "hey, maybe this will be a maintainability problem later?"

There is also no application-level interface to CVS. CVS tools typically use regexp or other parsing techniques to invoke the CVS command-line and parse its contents.

If this causes a slower transition to Subversion, it will be because people don't need to run away from the existing CVS implementation screaming anymore. A good implementation of CVS will put the emphasis of subversion right where it should be - adding compelling features which will convince people to move to it.

As far as 'less interoperability between operating systems' is concerned, I do not see why this would be restricted to BSD systems, any more than openssh was.

Re:We need a new one? (1)

ajs (35943) | more than 9 years ago | (#11096540)

So, to cut out the bile and name-calling, your concern is in two parts: the pserver mechanism is unmaintainable and there's no API.

Now, ask yourself which is harder: writing a new pserver layer and an API or re-writing the entire toolchain? What's more, which one hurts an existing open source project from which OpenBSD has derived untold benefit over many years?

I'm sorry, I just don't accept your "dungheap" metaphor as a valid reason for abandoning this tool when there are many tools which OpenBSD has contributed to fixing and/or adding features to.

Something rings hollow.

Re:We need a new one? (0)

Anonymous Coward | more than 9 years ago | (#11096443)

"It will also mean that while they were clearly an interested party who was deriving benefits from a project and had expertise to contribute, they instead opted out and left the tool that had done so much for them to fend for itself."

Um, but this is -exactly- what the people who wrote subversion did. In fact, a lot of them were core CVS developers. They took a look at it, said it sucks and is going to be too hard to fix right, so let's start fresh. The only difference is subversion completely started fresh, breaking ALL compat, while the open team decided that they like CVS, so let's just rewrite the thing right.

Where's the problem in this?

Lots of reasons... (2, Interesting)

emil (695) | more than 9 years ago | (#11096613)

I am not a fanatic about BSD vs. GPL, but let me count the ways...

  1. Anything under BSD license is much more free than GPL free software. Hey, it doesn't change my life much, but there are a lot of people who care about this. More BSD free software is good for everybody.
  2. Is it your right to ask OpenBSD developers to GPL their code, when they would prefer to apply a BSD license to it? It certainly isn't mine.
  3. It is unlikely that the current CVS uses strlcpy/strlcat. Would retrofitting this functionality be accepted by the CVS people, especially as the GNU libc people have already rejected it? (Boy, that was a great step forward in security there.)

OpenBSD has been slowly stripping/replacing GPL software wherever they can. Recent fatalities include gzip and gawk. It's their distribution, and they can do what they want.

But I for one am glad for OpenBSD. It fits me like a glove. I just wish that Microsoft couldn't copy so much of it.

Re:Lots of reasons... (1)

ajs (35943) | more than 9 years ago | (#11096711)

"I am not a fanatic about BSD vs. GPL"

You wrote a BSD vs GPL flame in response to a post which mentioned neither. That is pretty much exactly my definition of a BSD vs. GPL fanatic.

Licenses are fascinating bits of legal hackery, but when it comes to software, one should never be so distracted by such toys that one forgets that the software and the community built around that software is the real value.

why bother? (0, Flamebait)

vsync64 (155958) | more than 9 years ago | (#11096232)

This is silly. Subversion already exists.

The best part (2, Informative)

ZorbaTHut (126196) | more than 9 years ago | (#11096236)

isn't just the fact that it's a dupe.

It's that the posted link, to the article that this is a dupe of, is a link into the admin interface. For the curious, right now it's https://slashdot.org/admin.pl?op=edit&sid=04/12/15 /1936218 [slashdot.org] - I imagine this will be changed once the admins notice . . . well, probably.

Re:The best part (0)

Anonymous Coward | more than 9 years ago | (#11096457)

Simply explanation: Timothy

In related news... (0)

Anonymous Coward | more than 9 years ago | (#11096242)

Theo has revealed that OpenCC, OpenLibC and OpenLinux are still some way off, OpenHTTPD is making good progress however as a fork of the popular Apache web server. Oh, and DARPA suck!

Re:In related news... (3, Funny)

upsidedown_duck (788782) | more than 9 years ago | (#11096584)


The OpenBSD folks would re-implement GCC in a heartbeat, if they could afford the man-years to do so.

They'll get my patronage if... (1)

Old Wolf (56093) | more than 9 years ago | (#11096244)

...they enable tag/update/diff/etc. by date on a branch, add a special tag like HEAD but for a given branch, and keep track of when branches have merged so that you can actually keep 2 slightly different versions in sync.

Reason for the stagnation (0, Flamebait)

phr1 (211689) | more than 9 years ago | (#11096246)

I can't resist: Netcraft confirms it, CVS is dead.

More seriously, CVS sucks. Efforts spent reimplementing it are better spent replacing it (Subversion, Arch, Darcs, whatever).

subversion? (1)

Roadmaster (96317) | more than 9 years ago | (#11096260)

I like subversion [tigris.org] . why don't they? I found it easy to install the server, and the client is easier to use than cvs.

Re:subversion? (2, Interesting)

TheRaven64 (641858) | more than 9 years ago | (#11096478)

Because a lot of existing infrastructure still uses CVS? In the long term, transitioning this to SVN is a good idea, and I certainly wouldn't recommend that a new project use CVS. In the mean time, however, I think the OpenBSD people feel that it would be nice to have a CVS implementation that was secure and maintainable.

Re:subversion? (1)

upsidedown_duck (788782) | more than 9 years ago | (#11096563)

why don't they?

I don't care for Subversion because it is immature. I also find their ideas about a whole slew of different database backends will be a source of endless problems (who'd ever thunk that XYZ had endianness issues or that QRS can't talk to ABC). Subversion is certainly very neat, but I'd still consider commercial VC software if my business depended on having really good VC in a project.

People are still using CVS? (1)

codepuke (737720) | more than 9 years ago | (#11096268)

Even Linus doesn't use it [cmcrossroads.com] .

IMHO there are much better alternatives out there. I use Subversion [tigris.org] at home and Perforce [perforce.com] (definitely worth the cost) at work and I'll never go back. Source control without atomic commits really isn't much control at all...

a *BSD Carol (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11096294)

"Spirit," said Scrooge, with an interest he had never felt before, "tell me if *BSD will live."

"I see a vacant seat," replied the Ghost, "in the poor chimney-corner, and a crutch without an owner, carefully preserved. If these shadows remain unaltered by the Future, *BSD will die."

"No, no," said Scrooge. "Oh, no, kind Spirit! say it will be spared."

"If these shadows remain unaltered by the Future, none other of my race," returned the Ghost, "will find him here. What then? If it be like to die, it had better do it, and decrease the surplus operating system population."

Scrooge hung his head to hear his own words quoted by the Spirit, and was overcome with penitence and grief. It was sad to see any operating system die, even one so obviously flawed and useless as *BSD.

God bless us, every one.

Standard Disclaimer (2, Funny)

Ann Elk (668880) | more than 9 years ago | (#11096299)

This project was mentioned briefly the other day, too.

Maybe this disclaimer should appear at the end of every article summary...

Great. Just what we need... (1)

doppleganger871 (303020) | more than 9 years ago | (#11096302)

...another 24-hour pharmacy.

In Korea (-1)

duffbeer703 (177751) | more than 9 years ago | (#11096314)

In Korea, only old people use CVS

Re:In Korea (-1)

Anonymous Coward | more than 9 years ago | (#11096509)


In Korea, only old people drink duffbeer703.

Incompatible or Insecure Design (0)

Anonymous Coward | more than 9 years ago | (#11096329)

The Subversion project tries to be a better CVS by redefining some of the concepts that it believes CVS got wrong (e.g. versioning at the file level rather than the repository level)

In doing so, they made it impossible to write a simple "drop-in" replacement to CVS with SVN because it changed fundamental API's.

If CVS is conceptually insecure in its design (rather than just its implementation) it seems the same issues will arise that make OpenCVS either an "insecurely designed drop in implementation" or a "securely designed incompatible replacement".

Why bother? Why not work with addressing the security design problems with Arch or SVN?

Dupe! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11096331)

It is now official. Netcraft confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.

You don't need to be the Amazing Kreskin [amazingkreskin.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save *BSD at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

What a useless piece of... (0, Troll)

ttfkam (37064) | more than 9 years ago | (#11096340)

They take what amounts to a standard set of hacks on top of RCS. Then they make a port of it with a BSD license. Then... we're supposed to believe this is a good thing?

Subversion and arch would be better models wouldn't they? Hell, subversion has an Apache-style license to it. Closer to BSD than GNU CVS's GPL *and* Subversion is better than CVS right now.

I'm more than grateful to the OpenBSD project for their work on free firewall implementations, openssl, openssh, etc. But enough's enough. CVS? Aim a little fucking higher guys!

Re:What a useless piece of... (1)

Nimrangul (599578) | more than 9 years ago | (#11096578)

OpenSSL is in no way related to OpenBSD. They are completely unrelated.

Re:What a useless piece of... (0)

Anonymous Coward | more than 9 years ago | (#11096723)

Maybe you won't use it, but I will. I've been managing my code with RCS for some time now (which is easy because I'm the only coder in this shop right now) and I've been thinking about switching to another system to set things up for the future, when others arrive. However, I'm well aware of the flaws of CVS and that's why I never put much effort into learning it. So I'm very, very happy they're fixing CVS once and for all.
BTW, there's lots of projects out there that still use CVS despite its flaws, because it's easier to say "use something better" than spend all the time converting huge codebases, especially if you want to keep the revision history intact. So kudos to OpenBSD for once again saving the day, when others would just as well say "sorry pal you gotta upgrade, c-ya and wouldn't wanna be ya".

Finally... (1)

fimbulvetr (598306) | more than 9 years ago | (#11096346)

CVS and subversion are plauged with security vulnerabilities. I was beginning to wonder if it was ever going to stablize like apache 1.3.

I'm extremely happy to see that the open(bsd) team is doing what it's best at.

Re:Finally... (0)

Anonymous Coward | more than 9 years ago | (#11096629)

"CVS and subversion are plauged with security vulnerabilities. I was beginning to wonder if it was ever going to stablize like apache 1.3."

Um. You do realize you can run subversion under Apache, so that subversion security == Apache security. Right?

Elegy for *BSD (0)

Anonymous Coward | more than 9 years ago | (#11096365)


Elegy For *BSD


I am a *BSD user
and I try hard to be brave
That is a tall order
*BSD's foot is in the grave.

I tap at my toy keyboard
and whistle a happy tune
but keeping happy's so hard,
*BSD died so soon.

Each day I wake and softly sob
Nightfall finds me crying
Not only am I a zit faced slob
but *BSD is dying.

OpenNTP problems (1, Troll)

andrel (85594) | more than 9 years ago | (#11096383)

I hope they do a better job with CVS then when they botched implementing NTP [typepad.com]

Hmm... (2, Funny)

which way is up (835908) | more than 9 years ago | (#11096403)

No thanks, I prefer visual source safe.

Re:Hmm... (1)

stratjakt (596332) | more than 9 years ago | (#11096534)

Funny how you're a troll but everyone making the exact same statement about subversion is +5: insightful!

I prefer VSS too. It works and I dont have to futz around on a command line.

Re:Hmm... (0)

Anonymous Coward | more than 9 years ago | (#11096608)

why is parent modded troll, because he goes against group think? come on mods. Show some independent thought.

Re:Hmm... (0)

Anonymous Coward | more than 9 years ago | (#11096651)

Independent thought? On Slashdot???? HAHAHAHAHAHA!!!!!

Re:Hmm... (1)

which way is up (835908) | more than 9 years ago | (#11096661)

I hate to reply to my own post, but others on here have stated their preference for one version of VC over another. Yet I'm modded down? Not sure I understand, Surely I can't be the only one here who uses Visual Source Safe?

"Compatible" (1)

upsidedown_duck (788782) | more than 9 years ago | (#11096439)


I guess that means it still sucks compared to 95% of VC systems out there (the remaining 5% being RCS and nightly backups).

It's time for the Daily Puzzler (0)

Anonymous Coward | more than 9 years ago | (#11096464)

Today's Puzzler asks you to discover what the following four items have in common:
  1. Laci Peterson
  2. Lori Hacking
  3. Nicole Simpson
  4. BSD
Submit your response along with a stamped self-addressed envelope.
See contest rules for details. Void where prohibited.

Who needs it? (1)

Macrobat (318224) | more than 9 years ago | (#11096484)

I just use the Open~ project to make backups whenever I edit a file.

Apropos of nothing... (0)

Anonymous Coward | more than 9 years ago | (#11096508)

my phone just rang.

There's already a better CVS... (1)

cduffy (652) | more than 9 years ago | (#11096596)

...and I'm not just talking SVN (which is quite successful at its "better CVS" goal, though I prefer Arch with its "better revision system" intent): CVSNT [cvsnt.org]

Why it's so rarely used (with the exception of being packaged with the major CVS client GUIs on Windows), and why so few Linux distributions package it, has always been a mystery to me.

Requiem for the FUD (1)

AgainstFUD (840252) | more than 9 years ago | (#11096612)

... facts are facts. ;)

FreeBSD:
FreeBSD, Stealth-Growth Open Source Project (Jun 2004) [internetnews.com]
"FreeBSD has dramatically increased its market penetration over the last year."
Nearly 2.5 Million Active Sites running FreeBSD (Jun 2004) [netcraft.com]
"[FreeBSD] has a secured a strong foothold with the hosting community and continues to grow, gaining over a million hostnames and half a million active sites since July 2003."
What's New in the FreeBSD Network Stack (Sep 2004) [slashdot.org]
"FreeBSD can now route 1Mpps on a 2.8GHz Xeon whilst Linux can't do much more than 100kpps."

NetBSD:
NetBSD sets Internet2 Land Speed World Record (May 2004) [slashdot.org]
NetBSD again sets Internet2 Land Speed World Record (30 Sep 2004) [netbsd.org]

OpenBSD:
OpenBSD Widens Its Scope (Nov 2004) [eweek.com]
Review: OpenBSD 3.6 shows steady improvement (Nov 2004) [newsforge.com]

*BSD in general:
Deep study: The world's safest computing environment (Nov 2004) [mi2g.com]
"The world's safest and most secure 24/7 online computing environment - operating system plus applications - is proving to be the Open Source platform of BSD (Berkeley Software Distribution) and the Mac OS X based on Darwin."
..and last but not least, we have the cutest mascot as well - undisputedly. ;) [keltia.net]

--
Being able to read *other people's* source code is a nice thing, not a 'fundamental freedom'.

Borked link (1)

Hel Toupee (738061) | more than 9 years ago | (#11096628)

The link to the OpenBGPD site is wrong. A simple investigation reveals that the poster posted the site as www.openbDbd.org. "Slashdot editors" seems to be and oxymoron....

Excellent news! (0, Flamebait)

Eric Smith (4379) | more than 9 years ago | (#11096642)

Now there's finally a basis for development of proprietary closed-source derivatives of CVS. GPL'd software sucks, because there's no way for Microsoft to lock consumers into proprietary derivatives.

Borked Link (1)

Hel Toupee (738061) | more than 9 years ago | (#11096668)

The link to the OpenBGPD site is wrong. The poster wrote it as www.openbDpd.org. "Slashdot editors" seems to be an oxymoron....

Forget the BSD license (1)

stratjakt (596332) | more than 9 years ago | (#11096678)

When will someone create a GPLed replacement for this OpenCVS thing?

If it's Wednesday, and it is Timothy (0)

Anonymous Coward | more than 9 years ago | (#11096695)

It must be a dupe. Why do I waste my time????
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>