[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: `viewcvs' (Was: Re: [dbootstrap] `newt' and `boxes.c', `bogl' and `bowl'[, `???' and `boxeX.c'?])

>>>>> "Joey" == Joey Hess <joeyh@debian.org> writes:

    Joey> Karl M. Hegbloom wrote:
    >> I'm goofing with `viewcvs'.  It's a clone of `cvsweb' written in
    >> Python.  I think we should install it on `cvs.debian.org' in place of
    >> `cvsweb', since it can do the annotation feature without needing
    >> writes to "history", etc.
    Joey> How on earth did they manage that?!

 I honestly don't know; I've not tried to read it's code yet at all.
 It's all written in Python, which I've yet to read even a tutorial
 for.  (I hear good things about it - C++ people adore it.)
    >> It's also got a checkin database thing, where every commit is logged
    >> to a MySQL database, and you can query that via a web interface...  I
    >> haven't looked into that much yet.

    Joey> Sounds yicky. Optional, I take it.

 Yes, optional.  It's not very complete, I think, but potentially
 useful.  It could be extended to be made much more so, with language
 parsers and symbol databases, etc.  Try it with:


    >> In order to do the transition from `cvsweb' to `viewcvs' I made some
    >> Apache rewrite rules...  Hmmm.  I guess since it's the home page for
    >> `cvs.debian.org' anyway, there's no big deal changing over.  The two
    >> programs are functionally identical.

    Joey> Yeah, they do seem to be so. 

 They even look the same.  It's a total clone.

    Joey> I may be interested in just phasing out cvsweb from debian entirely, and
    Joey> making viewcvs replace it. I'll have to take a closer look at viewcvs
    Joey> first though. Cvsweb has major code cleanliness issues, which make me
    Joey> not trust its security; if viewcvs has cleaner code, that alone would be
    Joey> worth it, IMHO.

 The code is likely to be cleaner; the README (which I imagine you've
 found by now) cites that as a reason for writing it.  I don't know
 whether it's any more secure; as I said, I don't read Python yet, and
 besides am not a CGI security expert.  (I know basics, but am not a
 CGI script or web guru by any means.  Whew.)

Reply to: