[development] FAQ: Why is Drupal still using CVS when X is a much better choice?

Ivan Sergio Borgonovo mail at webthatworks.it
Thu Jul 31 18:31:59 UTC 2008

On Thu, 31 Jul 2008 10:46:33 -0700
Derek Wright <drupal at dwwright.net> wrote:

> On Jul 31, 2008, at 9:40 AM, Angela Byron wrote:
> > 1. Security. pserver authentication is horribly, horribly
> > insecure.
> I think the security problems will be just as bad with SVN given
> the OSUOSL infrastructure.  There's a way to do CVS securely (over
> ssh), which is basically equivalent to what we'd have to do to
> actually make SVN secure (as far as I know), but the OSUOSL side
> of this question has been "won't fixed" because it would involve
> giving (extremely limited) shell access to every CVS account
> holder:

Not that this is going to change any of your previously stated
points but svn works *lovely* over https[*] and that's pretty slick
if you've to deal with firewalls too.
Anyway I didn't know that people could commit over a completely
insecure channel as pserver. Is it?

I'd say that while svn will make *my* life easier and while I do see
advantages in drcs, they aren't as mature as they should be right
now (not just the tools but the adoption etc...) and other than uuuh
well pserver auth, I don't see any reason to move from cvs to * NOW.

I think anyway that a drcs could have a great influence over the
development process and the community IF handled with care and
consciousness. Building up a good plan and understanding how a drcs
may influence development and community requires time so I think it
should be something to keep in mind right now.

[*] actually it works over webdav(s) and once you've webdav you
could think about other interesting applications inside drupal
infrastructure. Other than "modernity" when I had to chose my rcs of
choice ease of installation over a secure protocol and friendliness
to firewall were the top reasons I chose svn over cvs.

Ivan Sergio Borgonovo

More information about the development mailing list