When will CVS be replaced by modern version control system?

Mon Nov 12 18:13:25 UTC 2007

Le lundi 12 novembre 2007 à 11:53 -0600, Les Mikesell a écrit :
> Nicolas Mailhot wrote:
> > Le Lun 12 novembre 2007 17:02, Matej Cepl a écrit :
> >>  So instead of just
> >> "download tarball from this URL, unpack and work", it could understand
> >> alos URLs like git://, bzr://, hg:// (or something like that), meaning
> >> "clone/checkout/<whatever is the local name of getting the sources>
> >> from somewhere, and then build over that".
> > 
> > This is an auditing & QA nightmare. Today even if upstream disappears
> > you can easily compare the archive contained in a srpm to the one
> > mirrors picked up, Debian picked up, Mandriva picked up, etc.
> 
> But not as easily as if they were tags in a common SCM.

Read again: "if upstream disappears" you don't have a SCM reference
anymore. Also upstreams have been known to move tags and branches.

> How does the 
> kernel work?  That's one thing common to all distros that already has a 
> distributed SCM.

Distros still use tarballs to build their kernel packages and even if
they didn't the kernel is special: there are very few projects so
central we know their SCM is not going to change or disappear suddenly.

>  > The huge
> > nice property or release archives is they are scarce and not a
> > continuum. That means everyone uses the same archives. A SCM feed is
> > something else altogether: suddenly you're not using the same release
> > as everyone else plus known patches, you're using a state others may
> > not have picked, and you don't get the benefits of cross-distro
> > testing (and annoyed upstreams because Fedora bugs are always
> > different from other user bugs)
> 
> That should be a matter of appropriate tagging.

We can't even get all upstreams to agree on a common sane archive naming
and numbering and you want us to posit they'll have sane SCM tagging
conventions?

And that does not change the fact even a perfect SCM offers many more
pull points than a release archive process, so you still lose the
"everyone tests the same version" effect. And I don't even want to think
the fun people following CVE numbers would have in this scenario.

> In most cases there 
> would already be a direct mapping of SCM tags to tarball releases.

Quite the contrary, this is the exception not the rule. Most projects
have tags that approximate releases, which is good enough for
developers, but not for QA or audit trails.

Ironically Fedora cvs is one exception and that's only because koji will
only build stuff when given a tag number, and generally speaking we have
anal brutal dumb SCM procedures that force everyone to behave.

-- 
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20071112/de076deb/attachment.sig>