[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#323855: ITP: opencvs -- OpenBSD CVS implementation with special emphasis in security

martin f krafft <madduck@debian.org> writes:
> Javier Fernández-Sanguino Peña <jfs@computer.org> writes:

>> Also notice that some of our services (web pages, documentation
>> project) use CVS and will do so for a long time. Having a CVS server
>> available to switch to if a security issue in the current standard CVS
>> server is found is something that would be useful to prevent downtime
>> of those services if the debian admins have to switch them off.

> So instead of preparing the package, I suggest investing the time to
> migrate projects from CVS to SVN or bazaar instead.

We still package RCS, and for good reason.

*If* it's an improved version of CVS, I think it's still a good idea to
package it.  A lot of us still use CVS for various reasons, ranging from
familiarity with CVS on the part of people who don't like change, use of
CVS revision numbers as a cheap versioning system with simple repositories
that don't need good branching and tagging, use of CVS repositories in a
shared file system like AFS (which Subversion does not handle well),
interacting with other open source projects that use CVS, or just out of
pure inertia.

I don't think "it's not a good revision control system" is a good reason
to refuse the package, for exactly the same reason that Debian still
packages a telnet client even though everyone really should be using SSH.
Switching to Subversion requires more than individual action on the part
of one person, and therefore isn't always possible even if it's a good

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Reply to: