Re: [fossil-users] Show time...

[bytevolcano]

On Mon, 4 Jun 2018 03:43:19 +0200
Stephan Beal  wrote:

> On Mon, Jun 4, 2018, 03:33 Richard Hipp  wrote:
> 
> > On 6/3/18, Richard Hipp  wrote:  
> > >
> > > So, if anybody sees any last minute tidying up that we need to do...  
> >
> > For example, on the front page
> > (https://fossil-scm.org/index.html/doc/trunk/www/index.wiki), what if
> > I add some text to item 8 to talk about how Fossil is "Independent and
> > not beholden to venture capitalists".  Too snarky?
> >  
> 
> Murphy's Law suggests that the moment you post that the moment you post
> that, Microsoft, Google, or Oracle will make you an offer you can't refuse
> (and that statement will remain part of the fossilized record).

It is already on the mailing list now, probably already archived by
various list archivers, so good luck with that one.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[bytevolcano]

 - Paleo
 - Jurassic
 - Diatom
 - Trilobyte

Better yet, find a term begining with 'C' so that you can have the
'C Versioning System.'

On Wed, 6 Jun 2018 21:26:22 -0400
Eduard  wrote:

> I might enable public registration 'soon'. Now all I need is a catchy 
> name, like `chiselapp` :p
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Warren Young]

On Jun 6, 2018, at 7:26 PM, Eduard  wrote:
> 
> Now all I need is a catchy name, like `chiselapp` :p

I put my fossils in /museum.  You are free to do the same. :)

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Andy Goth]

On 06/06/18 20:26, Eduard wrote:
I might enable public registration 'soon'. Now all I need is a catchy 
name, like `chiselapp` :p


There are plenty of fossil terms to choose from, for example archaeo.

--
Andy Goth | 
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Eduard]

I finished implementing UID-based segregation. You can view the
resulting code here[1]. In particular, you may find the suid wrapper
at `fossil/hydra_fossil_chroot_wrapper.c` useful for your own
purposes.

I've added a patch for safe Tcl (controlled by configure switch
`--force-tcl-makesafe`). I've however left Tcl disabled altogether for
two main reasons:
- Tcl provides far too large an attack surface.
- The Tcl interpreter needs access to its function library in
  `/usr/share/tcltk/tcl8.6/`, and I don't feel like messing with bind
  mounts right now to make it available.

I might enable public registration 'soon'. Now all I need is a catchy 
name, like `chiselapp` :p


[1] 
https://hydra.ecd.space/f/hydra/info/c34b243efda4fe2775d7c46f1d9b3cd1b2eb7190eb22933e469c7eb08fee5636


Cheers,
Eduard
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Stephan Beal]

On Tue, Jun 5, 2018, 23:19 Stéphane Aulery  wrote:

>
> Barely one day and I have already received this link [1] by Hacker News
> RSS feed.
>
> Maybe you can make your advocacy here.
>
> [1] https://tutswiki.com/github-alternatives/


Which reminds me: i saw an ad on SourceForge (remember them? The first
platform of its kind?) offering git sync from github.

- stephan
Sent from a mobile device, possibly left-handed from bed. Please excuse
brevity, typos, and top-posting.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Stéphane Aulery]

Hello,

Le 05/06/2018 à 04:37, Roy Keene a écrit :

Other things we do at ChiselApp:

On Mon, 4 Jun 2018, Eduard wrote:


I was planning on making a more official announcement, but here goes.

I'm the developer of Hydra, a single-sign-on and manager for fossil 
repositories. https://hydra.ecd.space/f/hydra/wiki/hydra


I think this is relevant as people may be looking to GitHub 
alternatives for multiproject hosting.


Barely one day and I have already received this link [1] by Hacker News 
RSS feed.


Maybe you can make your advocacy here.

[1] https://tutswiki.com/github-alternatives/

Regards,

--
Stéphane Aulery
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Roy Keene]

The other thing to keep in mind is that I want Fossil reposistories from 
the same user to be able to access the user's other repositories, since 
they could be part of a login group.


On Tue, 5 Jun 2018, Eduard wrote:


1. Enable Safe interpreters for Tcl

How did you do that? The flint repository doesn't seem to include the
fossil build script.


2. Enforce that the SSH program cannot be run (by patching popen2()
to return an error)

Are you not using chroot to protect repositories from each other?


3. (Not complete, but started) run each instance of Fossil as a
different UID based on their Flint UID+131072

That's actually the next thing on my TODO list -- I think it's a good
idea!


1. Need to add the domain to the Public Suffix List (otherwise,
you haven't mitigated the issue completely)

I think the only security issue left vis-a-vis untrusted subdomains is
that a malicious repository can insert thousands of junk cookies,
displacing the login cookie on the secure subdomain and thus logging
the user out. I think it's a mild annoyance at most. Feel free to
contradict me on this.


2. Getting a wildcard cert

I also put it off for the longest time. It turned out to be
surprisingly easy to do, and in fact less annoying than http
validation.

Cheers,
Eduard

On 06/04/2018 10:37 PM, Roy Keene wrote:

Other things we do at ChiselApp:
 1. Enable Safe interpreters for Tcl
 2. Enforce that the SSH program cannot be run (by patching
    popen2() to return an error)
 3. (Not complete, but started) run each instance of Fossil as a
    different UID based on their Flint UID+131072

I thought about putting each repo under their own domain, but doing so 
requires a bit more work:

 1. Need to add the domain to the Public Suffix List (otherwise,
    you haven't mitigated the issue completely)
 2. Getting a wildcard cert

On Mon, 4 Jun 2018, Eduard wrote:


I was planning on making a more official announcement, but here goes.

I'm the developer of Hydra, a single-sign-on and manager for fossil 
repositories. https://hydra.ecd.space/f/hydra/wiki/hydra


I think this is relevant as people may be looking to GitHub alternatives 
for multiproject hosting.


I've recently fixed the XSS/CSRF vulnerabilities inherent to hosting 
multiple repositories on the same domain (which also affect chiselapp), 
when setup privilege is given to malicious users (for the repositories 
they create) and they convince other people to visit their malicious 
repository while logged in. I've done this by using a separate subdomain 
for each repository, and by patching Fossil itself to receive the CSRF 
token from Hydra. More details here: 
https://static.ecd.space/x/hydra/doc/build/html/subdomains.html


I've also done some security hardening by dropping each repository in a 
separate chroot (to contain damage from a potential arbitrary code 
execution vulnerability in fossil itself).


(Sorry drh, I accidentally replied only to you instead of the mailing 
list.)


On 06/03/2018 09:28 PM, Richard Hipp wrote:

There is suddenly a big uptick in traffic to fossil-scm.org,
apparently due to the recent GitHub rumor.  Unlike that traditional
"slashdot effect", though, the referrals seem to be coming for a large
variety of sources.

So, if anybody sees any last minute tidying up that we need to do to
the website in anticipation of a huge influx of first-time visitors,
please speak up.  Quickly.



___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Roy Keene]

The patch #1 is not a part of Flint, just ChiselApp -- Flint users supply 
their own Fossil with their specific requirements, which may not include 
safe Tcl.


Attached are the two patches in question.

On Tue, 5 Jun 2018, Eduard wrote:


1. Enable Safe interpreters for Tcl

How did you do that? The flint repository doesn't seem to include the
fossil build script.


2. Enforce that the SSH program cannot be run (by patching popen2()
to return an error)

Are you not using chroot to protect repositories from each other?


3. (Not complete, but started) run each instance of Fossil as a
different UID based on their Flint UID+131072

That's actually the next thing on my TODO list -- I think it's a good
idea!


1. Need to add the domain to the Public Suffix List (otherwise,
you haven't mitigated the issue completely)

I think the only security issue left vis-a-vis untrusted subdomains is
that a malicious repository can insert thousands of junk cookies,
displacing the login cookie on the secure subdomain and thus logging
the user out. I think it's a mild annoyance at most. Feel free to
contradict me on this.


2. Getting a wildcard cert

I also put it off for the longest time. It turned out to be
surprisingly easy to do, and in fact less annoying than http
validation.

Cheers,
Eduard

On 06/04/2018 10:37 PM, Roy Keene wrote:

Other things we do at ChiselApp:
 1. Enable Safe interpreters for Tcl
 2. Enforce that the SSH program cannot be run (by patching
    popen2() to return an error)
 3. (Not complete, but started) run each instance of Fossil as a
    different UID based on their Flint UID+131072

I thought about putting each repo under their own domain, but doing so 
requires a bit more work:

 1. Need to add the domain to the Public Suffix List (otherwise,
    you haven't mitigated the issue completely)
 2. Getting a wildcard cert

On Mon, 4 Jun 2018, Eduard wrote:


I was planning on making a more official announcement, but here goes.

I'm the developer of Hydra, a single-sign-on and manager for fossil 
repositories. https://hydra.ecd.space/f/hydra/wiki/hydra


I think this is relevant as people may be looking to GitHub alternatives 
for multiproject hosting.


I've recently fixed the XSS/CSRF vulnerabilities inherent to hosting 
multiple repositories on the same domain (which also affect chiselapp), 
when setup privilege is given to malicious users (for the repositories 
they create) and they convince other people to visit their malicious 
repository while logged in. I've done this by using a separate subdomain 
for each repository, and by patching Fossil itself to receive the CSRF 
token from Hydra. More details here: 
https://static.ecd.space/x/hydra/doc/build/html/subdomains.html


I've also done some security hardening by dropping each repository in a 
separate chroot (to contain damage from a potential arbitrary code 
execution vulnerability in fossil itself).


(Sorry drh, I accidentally replied only to you instead of the mailing 
list.)


On 06/03/2018 09:28 PM, Richard Hipp wrote:

There is suddenly a big uptick in traffic to fossil-scm.org,
apparently due to the recent GitHub rumor.  Unlike that traditional
"slashdot effect", though, the referrals seem to be coming for a large
variety of sources.

So, if anybody sees any last minute tidying up that we need to do to
the website in anticipation of a huge influx of first-time visitors,
please speak up.  Quickly.



___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
diff -uNr fossil-2.1.orig/src/th_tcl.c fossil-2.1-safeinterp/src/th_tcl.c
--- fossil-2.1.orig/src/th_tcl.c2017-03-10 11:07:08.0 -0600
+++ fossil-2.1-safeinterp/src/th_tcl.c  2017-03-16 10:34:59.922893000 -0500
@@ -148,6 +148,9 @@
 #  ifndef TCL_CREATEINTERP_NAME
 #define TCL_CREATEINTERP_NAME "_Tcl_CreateInterp\0"
 #  endif
+#  ifndef TCL_MAKESAFE_NAME
+#define TCL_MAKESAFE_NAME "_Tcl_MakeSafe\0"
+#  endif
 #  ifndef TCL_DELETEINTERP_NAME
 #define TCL_DELETEINTERP_NAME "_Tcl_DeleteInterp\0"
 #  endif
@@ -180,6 +183,7 @@
 */
 typedef void (tcl_FindExecutableProc) (const char *);
 typedef Tcl_Interp *(tcl_CreateInterpProc) (void);
+typedef int (tcl_MakeSafeProc) (Tcl_Interp *interp);
 typedef void (tcl_DeleteInterpProc) (Tcl_Interp *);
 typedef void (tcl_FinalizeProc) (void);
 
@@ -405,6 +409,7 @@
   void *hLibrary; /* The Tcl library module handle. */
   tcl_FindExecutableProc *xFindExecutable; /* Tcl_FindExecutable() pointer. */
   

Re: [fossil-users] Show time...

[Eduard]

> 1. Enable Safe interpreters for Tcl
How did you do that? The flint repository doesn't seem to include the
fossil build script.

> 2. Enforce that the SSH program cannot be run (by patching popen2()
> to return an error)
Are you not using chroot to protect repositories from each other?

> 3. (Not complete, but started) run each instance of Fossil as a
> different UID based on their Flint UID+131072
That's actually the next thing on my TODO list -- I think it's a good
idea!

> 1. Need to add the domain to the Public Suffix List (otherwise,
> you haven't mitigated the issue completely)
I think the only security issue left vis-a-vis untrusted subdomains is
that a malicious repository can insert thousands of junk cookies,
displacing the login cookie on the secure subdomain and thus logging
the user out. I think it's a mild annoyance at most. Feel free to
contradict me on this.

> 2. Getting a wildcard cert
I also put it off for the longest time. It turned out to be
surprisingly easy to do, and in fact less annoying than http
validation.

Cheers,
Eduard

On 06/04/2018 10:37 PM, Roy Keene wrote:

Other things we do at ChiselApp:
 1. Enable Safe interpreters for Tcl
 2. Enforce that the SSH program cannot be run (by patching
    popen2() to return an error)
 3. (Not complete, but started) run each instance of Fossil as a
    different UID based on their Flint UID+131072

I thought about putting each repo under their own domain, but doing so 
requires a bit more work:

 1. Need to add the domain to the Public Suffix List (otherwise,
    you haven't mitigated the issue completely)
 2. Getting a wildcard cert

On Mon, 4 Jun 2018, Eduard wrote:


I was planning on making a more official announcement, but here goes.

I'm the developer of Hydra, a single-sign-on and manager for fossil 
repositories. https://hydra.ecd.space/f/hydra/wiki/hydra


I think this is relevant as people may be looking to GitHub 
alternatives for multiproject hosting.


I've recently fixed the XSS/CSRF vulnerabilities inherent to hosting 
multiple repositories on the same domain (which also affect 
chiselapp), when setup privilege is given to malicious users (for the 
repositories they create) and they convince other people to visit 
their malicious repository while logged in. I've done this by using a 
separate subdomain for each repository, and by patching Fossil itself 
to receive the CSRF token from Hydra. More details here: 
https://static.ecd.space/x/hydra/doc/build/html/subdomains.html


I've also done some security hardening by dropping each repository in 
a separate chroot (to contain damage from a potential arbitrary code 
execution vulnerability in fossil itself).


(Sorry drh, I accidentally replied only to you instead of the mailing 
list.)


On 06/03/2018 09:28 PM, Richard Hipp wrote:

There is suddenly a big uptick in traffic to fossil-scm.org,
apparently due to the recent GitHub rumor.  Unlike that traditional
"slashdot effect", though, the referrals seem to be coming for a large
variety of sources.

So, if anybody sees any last minute tidying up that we need to do to
the website in anticipation of a huge influx of first-time visitors,
please speak up.  Quickly.



___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Roy Keene]

Other things we do at ChiselApp:
1. Enable Safe interpreters for Tcl
2. Enforce that the SSH program cannot be run (by patching
   popen2() to return an error)
3. (Not complete, but started) run each instance of Fossil as a
   different UID based on their Flint UID+131072

I thought about putting each repo under their own domain, but doing so 
requires a bit more work:

1. Need to add the domain to the Public Suffix List (otherwise,
   you haven't mitigated the issue completely)
2. Getting a wildcard cert

On Mon, 4 Jun 2018, Eduard wrote:


I was planning on making a more official announcement, but here goes.

I'm the developer of Hydra, a single-sign-on and manager for fossil 
repositories. https://hydra.ecd.space/f/hydra/wiki/hydra


I think this is relevant as people may be looking to GitHub alternatives for 
multiproject hosting.


I've recently fixed the XSS/CSRF vulnerabilities inherent to hosting multiple 
repositories on the same domain (which also affect chiselapp), when setup 
privilege is given to malicious users (for the repositories they create) and 
they convince other people to visit their malicious repository while logged 
in. I've done this by using a separate subdomain for each repository, and by 
patching Fossil itself to receive the CSRF token from Hydra. More details 
here: https://static.ecd.space/x/hydra/doc/build/html/subdomains.html


I've also done some security hardening by dropping each repository in a 
separate chroot (to contain damage from a potential arbitrary code execution 
vulnerability in fossil itself).


(Sorry drh, I accidentally replied only to you instead of the mailing list.)

On 06/03/2018 09:28 PM, Richard Hipp wrote:

There is suddenly a big uptick in traffic to fossil-scm.org,
apparently due to the recent GitHub rumor.  Unlike that traditional
"slashdot effect", though, the referrals seem to be coming for a large
variety of sources.

So, if anybody sees any last minute tidying up that we need to do to
the website in anticipation of a huge influx of first-time visitors,
please speak up.  Quickly.



___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Eduard]

I was planning on making a more official announcement, but here goes.

I'm the developer of Hydra, a single-sign-on and manager for fossil 
repositories. https://hydra.ecd.space/f/hydra/wiki/hydra


I think this is relevant as people may be looking to GitHub alternatives 
for multiproject hosting.


I've recently fixed the XSS/CSRF vulnerabilities inherent to hosting 
multiple repositories on the same domain (which also affect chiselapp), 
when setup privilege is given to malicious users (for the repositories 
they create) and they convince other people to visit their malicious 
repository while logged in. I've done this by using a separate subdomain 
for each repository, and by patching Fossil itself to receive the CSRF 
token from Hydra. More details here: 
https://static.ecd.space/x/hydra/doc/build/html/subdomains.html


I've also done some security hardening by dropping each repository in a 
separate chroot (to contain damage from a potential arbitrary code 
execution vulnerability in fossil itself).


(Sorry drh, I accidentally replied only to you instead of the mailing list.)

On 06/03/2018 09:28 PM, Richard Hipp wrote:

There is suddenly a big uptick in traffic to fossil-scm.org,
apparently due to the recent GitHub rumor.  Unlike that traditional
"slashdot effect", though, the referrals seem to be coming for a large
variety of sources.

So, if anybody sees any last minute tidying up that we need to do to
the website in anticipation of a huge influx of first-time visitors,
please speak up.  Quickly.



___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Warren Young]

On Jun 3, 2018, at 7:28 PM, Richard Hipp  wrote:
> 
> So, if anybody sees any last minute tidying up that we need to do to
> the website in anticipation of a huge influx of first-time visitors,
> please speak up.  Quickly.

There are several nits to pick on the Fossil vs. Git page:

http://fossil-scm.org/index.html/doc/trunk/www/fossil-v-git.wiki

I’ve just checked in a few minor fixes to it.


One remaining issue that has been noticed before and is still outstanding is 
that in style.css, the rules for h2 and h3 have their sizes swapped, so that 
the subordinate header is rendered in a larger font.  I believe the simplest 
fix is that this:

.content h2 {
font-size: 1.05em;
font-weight: bold;
}

should be:

.content h3 {
font-size: 1.05em;
}

That is, we’ve got a simple typo here, h2 -> h3.

There is no need to bold the font explicitly, as that’s the default in all 
sensible browsers, but it’s harmless to include it.  If you feel it’s necessary 
to keep it, it should probably be done in h1 as well for consistency.


Another issue, which is much bigger, is that because the section 3 points 
expand on the summary table, it makes much the same points repeatedly.  
Sections 3.3, 3.4, and 3.7 could be merged.

Additionally, I think this document should explicitly ask the question, “Does 
your project look more like that of the Linux kernel, or more like that of 
SQLite?”  The comment about the low-friction path addresses this somewhat, but 
I think the focus should be more on these design decisions’ impact on the 
end-user experience than on the history that lead to the decisions.

I like the summary table, and I like the parallel to it in section 3, so maybe 
the simplest fix is to reorder these points to group them, then make these 
three sections 3.3.1, 3.3.2, and 3.3.3, with the superordinate section 3.3 
covering the common matters.

That in turn would require an h4 level, not something that is currently defined 
in style.css, but the default stylesheets should include not only that, but 
also h5.


Section 3.6 should mention git-worktree as a partial solution to this relative 
weakness of Git, but also discuss its unfortunate consequences and remaining 
weaknesses:

https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg25686.html


Section 4.1 repeats much of what’s in section 3.  I think you could drop the 
explanatory paragraph below the first three bold bullet points, as they now 
need no explanation.


I think timeline.rss is worth its own bullet point in section 4.1.  It’s not 
strictly part of Fossil UI; that would be /timeline.


In section 4.2, you should mention narrow and shallow clones.  Git has them, 
Fossil doesn’t.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Roy Keene]

Is ChiselApp not serious enough for you ?

On Sun, 3 Jun 2018, Joseph R. Justice wrote:


On Sun, Jun 3, 2018, 9:33 PM Richard Hipp  wrote:
  On 6/3/18, Richard Hipp  wrote:
  >
  > So, if anybody sees any last minute tidying up that we need to do...

  For example, on the front page
  (https://fossil-scm.org/index.html/doc/trunk/www/index.wiki), what if
  I add some text to item 8 to talk about how Fossil is "Independent and
  not beholden to venture capitalists".  Too snarky?


Neither is Git.

The Fossil-based competition to GitHub would be, for instance, Chiselapp (IIRC).

I dare say that the greatest beneficiary of this stuff is likely to be Gitlab.  
Is anybody doing any serious for-profit Fossil repository
hosting yet?



Joseph


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Chris Rydalch]

Adding the full-text-search to the header by default could be helpful; it's
nice having repository search close-at-hand in GitHub/GitLab

On Mon, Jun 4, 2018 at 2:23 AM, Gour  wrote:

> On Sun, 3 Jun 2018 20:03:44 -0700
> Jungle Boogie 
> wrote:
>
> > This line:
> > SQLite project gets excellent 73:1 compression.
>
> $ fossil dbstat
> project-name:  Osobne financije
> repository-size:   6,873,088 bytes
> artifact-count:2,578 (stored as 1,394 full text and 1,184 deltas)
> artifact-sizes:3,962,610 average, 13,965,692 max, 10,215,609,449 total
> compression-ratio: 1486:1
> check-ins: 1,507
> ...
>
> :-)
>
>
> Sincerely,
> Gour
>
> --
> You have a right to perform your prescribed duty, but you
> are not entitled to the fruits of action. Never consider
> yourself the cause of the results of your activities,
> and never be attached to not doing your duty.
>
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Gour]

On Sun, 3 Jun 2018 20:03:44 -0700
Jungle Boogie 
wrote:

> This line:
> SQLite project gets excellent 73:1 compression.

$ fossil dbstat
project-name:  Osobne financije
repository-size:   6,873,088 bytes
artifact-count:2,578 (stored as 1,394 full text and 1,184 deltas)
artifact-sizes:3,962,610 average, 13,965,692 max, 10,215,609,449 total
compression-ratio: 1486:1
check-ins: 1,507
...

:-)


Sincerely,
Gour

-- 
You have a right to perform your prescribed duty, but you
are not entitled to the fruits of action. Never consider
yourself the cause of the results of your activities,
and never be attached to not doing your duty.


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Jungle Boogie]

On Sun 03 Jun 2018  9:28 PM, Richard Hipp wrote:
> There is suddenly a big uptick in traffic to fossil-scm.org,
> apparently due to the recent GitHub rumor.  Unlike that traditional
> "slashdot effect", though, the referrals seem to be coming for a large
> variety of sources.
> 
> So, if anybody sees any last minute tidying up that we need to do to
> the website in anticipation of a huge influx of first-time visitors,
> please speak up.  Quickly.

On the homepage:
Maybe a blurb about using sha3 in light of what happened with sha1.

Link to reports and/or stats page: https://www.fossil-scm.org/index.html/reports
This is not to show off how active fossil itself is, but Github projects have
the insights tab easily available.




> 
> -- 
> D. Richard Hipp
> d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Jungle Boogie]

On Sun 03 Jun 2018 11:06 PM, Richard Hipp wrote:
> On 6/3/18, Jungle Boogie  wrote:
> > On Sun 03 Jun 2018 10:47 PM, Richard Hipp wrote:
> >> On 6/3/18, jungle Boogie  wrote:
> >> >
> >> > Since it's linked from the homepage, maybe this can be updated to show
> >> > that
> >> > a) project website is still updated and b) to show fossil is still
> >> > efficient.
> >> >
> >> > http://fossil-scm.org/index.html/doc/trunk/www/stats.wiki
> >> >
> >>
> >> Updated.
> >
> > This line:
> > SQLite project gets excellent 73:1 compression.
> >
> > Chart now shows 80:1! Perhaps just 73:1 or better?
> 
> I got 80:1 on a fresh clone.  You get something different?

No, the text under 'Analysis And Supplemental Data' shows the older 73:1. 

> -- 
> D. Richard Hipp
> d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Richard Hipp]

On 6/3/18, Jungle Boogie  wrote:
> On Sun 03 Jun 2018 10:47 PM, Richard Hipp wrote:
>> On 6/3/18, jungle Boogie  wrote:
>> >
>> > Since it's linked from the homepage, maybe this can be updated to show
>> > that
>> > a) project website is still updated and b) to show fossil is still
>> > efficient.
>> >
>> > http://fossil-scm.org/index.html/doc/trunk/www/stats.wiki
>> >
>>
>> Updated.
>
> This line:
> SQLite project gets excellent 73:1 compression.
>
> Chart now shows 80:1! Perhaps just 73:1 or better?

I got 80:1 on a fresh clone.  You get something different?
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Jungle Boogie]

On Sun 03 Jun 2018 10:47 PM, Richard Hipp wrote:
> On 6/3/18, jungle Boogie  wrote:
> >
> > Since it's linked from the homepage, maybe this can be updated to show that
> > a) project website is still updated and b) to show fossil is still
> > efficient.
> >
> > http://fossil-scm.org/index.html/doc/trunk/www/stats.wiki
> >
> 
> Updated.

This line:
SQLite project gets excellent 73:1 compression.

Chart now shows 80:1! Perhaps just 73:1 or better?

> -- 
> D. Richard Hipp
> d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Jungle Boogie]

On Sun 03 Jun 2018  9:28 PM, Richard Hipp wrote:
> There is suddenly a big uptick in traffic to fossil-scm.org,
> apparently due to the recent GitHub rumor.  Unlike that traditional
> "slashdot effect", though, the referrals seem to be coming for a large
> variety of sources.
> 
> So, if anybody sees any last minute tidying up that we need to do to
> the website in anticipation of a huge influx of first-time visitors,
> please speak up.  Quickly.
> 

Perhaps expand point #2 to talk about themes/skins built into fossil, and a link
to the URL where the user can browse the examples.

You might consider remove or moving the 'Fuel' link down the list. There sadly
hasn't been an update to the repo since Oct 2015.


> -- 
> D. Richard Hipp
> d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Richard Hipp]

On 6/3/18, Joseph R. Justice  wrote:
>
> Neither is Git.
>

The point is that Fossil comes bundled with many of the same features
as GitHub/GitLab.  So the comparison is no so much of Fossil-vs-Git,
but Fossil-vs-Git(Hub|Lab).

-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Richard Hipp]

On 6/3/18, jungle Boogie  wrote:
>
> Since it's linked from the homepage, maybe this can be updated to show that
> a) project website is still updated and b) to show fossil is still
> efficient.
>
> http://fossil-scm.org/index.html/doc/trunk/www/stats.wiki
>

Updated.
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Joseph R. Justice]

On Sun, Jun 3, 2018, 9:33 PM Richard Hipp  wrote:

> On 6/3/18, Richard Hipp  wrote:
> >
> > So, if anybody sees any last minute tidying up that we need to do...
>
> For example, on the front page
> (https://fossil-scm.org/index.html/doc/trunk/www/index.wiki), what if
> I add some text to item 8 to talk about how Fossil is "Independent and
> not beholden to venture capitalists".  Too snarky?
>

Neither is Git.

The Fossil-based competition to GitHub would be, for instance, Chiselapp
(IIRC).

I dare say that the greatest beneficiary of this stuff is likely to be
Gitlab.  Is anybody doing any serious for-profit Fossil repository hosting
yet?



Joseph
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[jungle Boogie]

On 6:28PM, Sun, Jun 3, 2018 Richard Hipp  wrote:
>
> There is suddenly a big uptick in traffic to fossil-scm.org,
> apparently due to the recent GitHub rumor.  Unlike that traditional
> "slashdot effect", though, the referrals seem to be coming for a large
> variety of sources.
>
> So, if anybody sees any last minute tidying up that we need to do to
> the website in anticipation of a huge influx of first-time visitors,
> please speak up.  Quickly.
>

Since it's linked from the homepage, maybe this can be updated to show that
a) project website is still updated and b) to show fossil is still
efficient.

http://fossil-scm.org/index.html/doc/trunk/www/stats.wiki

> --
> D. Richard Hipp
> d...@sqlite.org
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Offray Vladimir Luna Cárdenas]

On 03/06/18 20:28, Richard Hipp wrote:
> There is suddenly a big uptick in traffic to fossil-scm.org,
> apparently due to the recent GitHub rumor.  Unlike that traditional
> "slashdot effect", though, the referrals seem to be coming for a large
> variety of sources.
>
> So, if anybody sees any last minute tidying up that we need to do to
> the website in anticipation of a huge influx of first-time visitors,
> please speak up.  Quickly.
>

I think that would be fine to compile some "Powered by Fossil" projects,
for the upcoming show time. Maybe that could be a growing list. GitHub
is mostly famous by the projects there and their network effect, not
because of the inherent goodness of Git. We, using self hosted
repositories don't have such central place for visibility and FossilSCM
could be that place. Maybe a custom made form (also powered by the
Fossil SQL capabilities) could collect repos info (project name,
important urls, and maybe some extra comments).

This, of course would not be for last minute adds, but to  benefit from
the increased interest on Fossil that will come with the centralization
wave comming from MS+GitHub news.

Cheers,

Offray


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Steve Landers]

Too snarky, IMHO.

State the positive, let the reader figure the negative.

Steve

On 4 Jun 2018, 9:33 AM +0800, Richard Hipp , wrote:
> On 6/3/18, Richard Hipp  wrote:
> >
> > So, if anybody sees any last minute tidying up that we need to do...
>
> For example, on the front page
> (https://fossil-scm.org/index.html/doc/trunk/www/index.wiki), what if
> I add some text to item 8 to talk about how Fossil is "Independent and
> not beholden to venture capitalists". Too snarky?
>
> --
> D. Richard Hipp
> d...@sqlite.org
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

[Richard Hipp]

On 6/3/18, Richard Hipp  wrote:
>
> So, if anybody sees any last minute tidying up that we need to do...

For example, on the front page
(https://fossil-scm.org/index.html/doc/trunk/www/index.wiki), what if
I add some text to item 8 to talk about how Fossil is "Independent and
not beholden to venture capitalists".  Too snarky?

-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users