[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cvs-dev] cvs features for gnu savannah
|
From: |
Bob Proulx |
|
Subject: |
Re: [Cvs-dev] cvs features for gnu savannah |
|
Date: |
Wed, 30 Nov 2016 05:59:47 -0700 |
|
User-agent: |
NeoMutt/20161104 (1.7.1) |
Thorsten Glaser wrote:
> I can do that, although I strongly recommend against using pserver
> *at all*.
As you are an expert in this area can you say why?
What do you recommend for anonymous checkouts? Is there an
alternative?
For many years anyone could checkout projects using the pserver
without needing an active ssh account. If that were lost it would be
a great loss and I am sure most would not be happy.
> >We need this feature for savannah, so we will continue to use it,
>
> Is this the only feature not in 1.12.13 you absolutely need?
Yes.
> >But if it was made into an official release it would be much better (IMHO).
>
> I can’t talk official release yet, but I can ensure it will land
> in the next Debian stable. You can take the Debian package once
> it’s uploaded to unstable and recompile it on Trisquel then (I can
> also do that for you if you tell me which CPU architecture binaries
> you need and if you trust binaries from me enough), best in a clean
> minimal chroot (e.g. with cowbuilder or sbuild).
This isn't an emergency. This is simply a hole that has been
discovered while doing the rest of the migration maintenance.
Savannah has been using a locally patched copy of cvs and for the
scheduled timeframe we will need to continue to use a locally patched
copy. Even as things are improved and you push this into a Debian
release immediately as it will take a while for this to trickle down.
This is okay and expected.
However we the Savannah volunteers are not cvs experts and would
prefer not to be maintaining a cvs source fork. At the moment if
Assaf and I were abducted by aliens and then shortly thereafter a
security vulnerability were discovered in cvs the result would be that
the locally patched version wouldn't get the resulting security fix
because no one else would know of the locally patched version. If
these patches were in an official release then we wouldn't need to be
maintaining our own source fork. That way Savannah would get the
benefit of the entire community for security support. Other Savannah
volunteer admins who replace us in the future will benefit from simply
being able to "apt-get upgrade" at that time.
As such we are not expecting to immediately use the result of this
labor to update CVS. It is a benefit that will appear to us later in
time. It is a long term goal. However certainly an update to Debian
would be wonderful as that would then appear in Ubuntu and then from
there would appear in Trisquel. It would definitely accomplish the
long term goal. (Although I would probably jump on it with a Debian
chroot container solution in order to use it sooner.)
> >I am happy to help with bringing CVS up to date, especially with
> >testing on various OSes and configurations, but I'm not the right
>
> Help is appreciated; I cannot do much for Windows and lack VMS
> totally, although I do have a contact for OS/2 who might help
> if asked, as other software of mine (mksh) is extremely well-
> ported, but it does not use the GNU infrastructure for that.
There is a platform-testers AT gnu.org mailing list where one may ask
for testers for project releases. The volunteers there may give a
broad testing to new releases on a variety of systems. There are
about 30 people subsribed to that mailing list at this time.
http://lists.gnu.org/archive/html/platform-testers/
Bob