From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 10:15:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CAB71DFF for ; Tue, 20 Nov 2012 10:15:10 +0000 (UTC) (envelope-from mwm@mired.org) Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by mx1.freebsd.org (Postfix) with ESMTP id 6E2F18FC16 for ; Tue, 20 Nov 2012 10:15:10 +0000 (UTC) Received: by mail-oa0-f54.google.com with SMTP id n9so7342554oag.13 for ; Tue, 20 Nov 2012 02:15:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=user-agent:in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:from:date:to:cc:message-id :x-gm-message-state; bh=PsOx20ZF2cgshgI6vtE8CpGUE4lqpDnsLZHn/15gzqw=; b=Hwj7bMfaphZQc74poN+iU8SQlHig+LcDZ1yOpYXA8Vktx3sFXlQ9F1epxY0XKDpFQo iM/EsDOzbJJm73gQ0zIIZxa5H23Nqn6yGb5PWp+xjynRD9U6ExYlEMdAJcXzABOvyr0R gy0KeTuFiSSqeTc/QGZ11MuV+w825qQsuQ2FdXXxKOPBYHaB2A66HXy/BPOt95iZjCT5 6QnunOb5GOe5VUz/BFNAC/J3QUHn9q99PNV41uE/zwVtEHu3jQ99Lmlr6yJuki0rjv6h su+6rKI/iCRO9ro38JLrt1X8CN8bFJZjrYLoPlrvWDhwripsaXXaOw5a81Y0+Q5Fam9A 3e7Q== Received: by 10.60.14.200 with SMTP id r8mr13203099oec.45.1353406509540; Tue, 20 Nov 2012 02:15:09 -0800 (PST) Received: from android-17cbdb9246b29c31.mired.org (ip72-200-195-210.ok.ok.cox.net. [72.200.195.210]) by mx.google.com with ESMTPS id yn8sm12625408obb.12.2012.11.20.02.15.07 (version=SSLv3 cipher=OTHER); Tue, 20 Nov 2012 02:15:08 -0800 (PST) User-Agent: K-9 Mail for Android In-Reply-To: <20121120030813.GB38037@zjl.local> References: <20121117221143.41c29ba2@nonamehost> <50AA2A6C.8060604@gmail.com> <20121120030813.GB38037@zjl.local> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: FreeBSD needs Git to ensure repo integrity [was: 2012 incident] From: Mike Meyer Date: Tue, 20 Nov 2012 04:15:02 -0600 To: Zach Leslie ,Alexander Yerenkow Message-ID: X-Gm-Message-State: ALoCoQkJL1JXpNUO4biV4H5BgdcopbEaNPKRvJecl0RXgbvjkuLGuYDTD/TpThncTUgKZUqJQ/4q X-Mailman-Approved-At: Tue, 20 Nov 2012 11:47:10 +0000 Cc: "C. P. Ghost" , freebsd-hackers@freebsd.org, Volodymyr Kostyrko , freebsd-security@freebsd.org, Ivan Voras , freebsd-questions@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 10:15:11 -0000 Zach Leslie wrote: >> http://www.fossil-scm.org/ l >> >> I'm not fossil user, but it's BSD licensed in written in C. >Also, this particular tool bails out on the unix philosophy, with its >web >gui, ticket tracker etc. Do one thing. Do it well. I would argue that git bails on that as well, but that's a different discussion. Whether or not fossil does "one thing" depends on which "one thing" you pick. If the one thing is "version control", you're right. However "version control" is just one aspect of a larger task that does't have a common name. But if you look at systems designed for managing projects with source, you'll see they universally provide web uis, issue trackers, and wikis. Due you trash IDE's because they provide tools that are useful for doing "software development" instead of limiting themselves to being "text editors"? That fossil provides all of those things in a single relatively small program is a major win - at least for small projects (which is the fossil target). On the other hand, the fossil project does stay focused on the core task. They will reject a change proposal because it's not part of that task. That said, much as I like fossil (it's my goto VCS) I don't think it would be a good choice for FreeBSD. We're not a small project - we have people who are willing to devote time to things like an external wiki and isse tracker. Nuts, we have (had?) repos in four different VCSs! Those features in fossil are purposely kept simple since they're meant for doing one thing, not as general-purpose tools for lots of things. The issue tracker doesn't support branching issues, which is liable to cause problems in a large project. The FreeBSD wiki's are used for lots of things other than just project documents. The web ui - well, that's probably useable as is. But that one thing isn't a deal maker. -- Sent from my Android tablet with K-9 Mail. Please excuse my swyping.