[Haifux] The Heartbeat vulnerability in OpenSSL (and hence ssh/https)

Nadav Har'El nyh at math.technion.ac.il
Sun Apr 27 12:17:45 IDT 2014

On Sun, Apr 27, 2014, Tzafrir Cohen wrote about "Re: [Haifux] The Heartbeat vulnerability in OpenSSL (and hence ssh/https)":
> On Sat, Apr 26, 2014 at 02:20:17PM +0300, Sorana Fraier wrote:
> > There is now a fork by openbsd people for openssl. It's called libressl.
> > 
> > http://www.libressl.org/
> > 
> > They crave for more people to help.
> Not really. If they wanted more people they wouldn't use the OpenBSD
> CVS.

Not everyone has been drinking from the "distributed version-control
system" coolaid. I agree that CVS should be dropped for Subversion which
is more-or-less a superset of CVS, but let's not judge them harshly for
not using Git.

If you look at many projects even with extensive contributions from the
general public, you'll see that many times the general public sends
contributions as *patches*, which are reviewed and committed by only a
handful of "committers". For this sort of development model, you
do not need a distributed version control system, such as git.

Git is much more complex for outsiders to use (see the funny random-
git-manpage-generator page, http://git-man-page-generator.lokaltog.net/,
which pokes fun at git's dozens of weird subcommands). It forces a
casual contributer to "clone" huge repositories instead of just the
latest state.

Yes, git (and other distributed vcs) has a lot of interesting
properties, my favourite being that every developer becomes a full
backup of the project's version control system, but it should not be
considered the only good alternative, and other alternatives (such
as Subversion) should not be automatically considered outdated junk.

Nadav Har'El                        |       Sunday, Apr 27 2014, 27 Nisan 5774
nyh at math.technion.ac.il             |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |A thing is not necessarily true because a
http://nadav.harel.org.il           |man dies for it. - Oscar Wilde

More information about the Haifux mailing list