Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
* Roberto C. Sanchez: There is a good reason that CVS development has stagnated. CVS is broken and there are better alternatives. Some people say it's its rotten codebase. A rewrite from scratch hasn't got this problem. The RCS-based file format isn't too bad and optimizes for some common (access to recent version) and not-so-commonn (annotate) operations. (Try annotate with cogito..) I welcome a OpenCVS package, subject to two conditions: The description should describe the virtues of the package, and not dismiss GNU CVS as bad. And it should not provide cvs unless permanent comaptibility is a goal, including the command line switches. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
On Thu, Aug 18, 2005 at 07:31:38PM -0400, Roberto C. Sanchez wrote: most popular open source revision control software. And among the most horrible ones. Agreed. Why anyone would bother to reimplement an already existing free tool is beyond me. For several reasons, one being that the BSD folks use CVS extensively, it's part of how the ports system (and upgrades) work. Not only that, but the stated purpose of OpenCVS, AIUI, is to be a reimplementation of CVS under the BSD license. It makes no sense to try and have both in Debian. I also agree with you that there are far better alternatives. It does make sense, there are some features (like CVS syncing, which is useful for remote backups) that OpenCVS *might* (I haven't looked) implement straight out of the box and that the current CVS lacks. Also notice that some of our services (web pages, documentation project) use CVS and will do so for a long time. Having a CVS server available to switch to if a security issue in the current standard CVS server is found is something that would be useful to prevent downtime of those services if the debian admins have to switch them off. I say go for it. Javier signature.asc Description: Digital signature
Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
Le Ven 19 Août 2005 11:36, Javier Fernández-Sanguino Peña a écrit : Also notice that some of our services (web pages, documentation project) use CVS and will do so for a long time. Having a CVS server available to switch to if a security issue in the current standard CVS server is found is something that would be useful to prevent downtime of those services if the debian admins have to switch them off. I say go for it. seconded. moreover, there is a lot of *nix users that uses CVS because they don't want to use anything else (whatever the good or bad reasons are) and that impose to their sysadmin to secure the CVS server ... if we can make that task easier, let's do it. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpLqHblPKhTb.pgp Description: PGP signature
Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
On Fri, 2005-08-19 at 11:41 +0200, martin f krafft wrote: So instead of preparing the package, I suggest investing the time to migrate projects from CVS to SVN or bazaar instead. Beyond the description of the program (from the website), OpenCVS is simply another option at the time of implementing a CVS solution. It puts emphasis in security and lose some features in order to this priority. Maybe this can be useful for some Debian user in particular. Maybe not, it's the user's choice, like GNOME/KDE, vi/emacs, evolution/thunderbird, etc/etc. I really think that OpenCVS must be part of Debian. And I will work in it, unless somebody has a *really_reasonable_objection*. Like always, sorry for my English. -- Luciano Bello [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
Luciano Bello writes: On Fri, 2005-08-19 at 11:41 +0200, martin f krafft wrote: So instead of preparing the package, I suggest investing the time to migrate projects from CVS to SVN or bazaar instead. Beyond the description of the program (from the website), OpenCVS is simply another option at the time of implementing a CVS solution. It puts emphasis in security and lose some features in order to this priority. Maybe this can be useful for some Debian user in particular. Maybe not, it's the user's choice, like GNOME/KDE, vi/emacs, evolution/thunderbird, etc/etc. I really think that OpenCVS must be part of Debian. And I will work in it, unless somebody has a *really_reasonable_objection*. The project page states it will break compatibility with the currently deployed version of CVS as they deem necessary. People in this thread have listed some of the known and severe problems with CVS as compared to real revision control systems. OpenCVS has not yet identified any specific problem (except the GPL) that the project would address. Intentional incompatibility, designed-in misfeatures, and NIHness do not make for useful software. What benefit does it bring Debian's users, or what benefit does it being in Debian bring to the larger free software community? Michael Poole -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
Package: wnpp Severity: wishlist Owner: Luciano Bello [EMAIL PROTECTED] * Package name: opencvs Version : unknown, posible release: 1st Sep Upstream Author : Jean-François Brousseau [EMAIL PROTECTED] * URL : http://www.opencvs.org/ * License : BSD Description : OpenBSD CVS implementation with special emphasis in security OpenCVS is a FREE implementation of the Concurrent Versions System, the most popular open source revision control software. It can be used as both client and server for repositories and provides granular access control over data stored in the repository. It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms. OpenCVS is primarily developed by Jean-François Brousseau as part of the OpenBSD Project. The software is freely usable and re-usable by everyone under a BSD license. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.10-1-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
On Thu, Aug 18, 2005 at 06:50:47PM -0300, Luciano Bello wrote: Package: wnpp Severity: wishlist Owner: Luciano Bello [EMAIL PROTECTED] * Package name: opencvs Version : unknown, posible release: 1st Sep Upstream Author : Jean-Fran?ois Brousseau [EMAIL PROTECTED] * URL : http://www.opencvs.org/ * License : BSD Description : OpenBSD CVS implementation with special emphasis in security OpenCVS is a FREE implementation of the Concurrent Versions System, the most popular open source revision control software. It can be used as both client and server for repositories and provides granular access control over data stored in the repository. It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms. There is a good reason that CVS development has stagnated. CVS is broken and there are better alternatives. Please look into those. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto pgpJf4J7xyW5Q.pgp Description: PGP signature
Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security
On Fri, Aug 19, 2005 at 12:54:45AM +0200, martin f krafft wrote: also sprach Luciano Bello [EMAIL PROTECTED] [2005.08.18.2350 +0200]: OpenCVS is a FREE implementation of the Concurrent Versions System, the What's non-free about the current implementation? I think that the original implementation was not free enough for the OpenBSD folks. most popular open source revision control software. And among the most horrible ones. Agreed. Why anyone would bother to reimplement an already existing free tool is beyond me. I oppose to this ITP for the single reason that CVS should be faded out and its users starved and deprived and forced towards SVN and bazaar! Har har har! Not only that, but the stated purpose of OpenCVS, AIUI, is to be a reimplementation of CVS under the BSD license. It makes no sense to try and have both in Debian. I also agree with you that there are far better alternatives. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto pgpSQtc9mvqYi.pgp Description: PGP signature