[Spread-users] CVS access to Spread

Jon Stevens jon at latchkey.com
Wed Aug 22 21:04:47 EDT 2001 

on 8/22/01 11:10 AM, "Theo Schlossnagle" <jesus at omniti.com> wrote:

> First off, through prevalent, anonymous CVS access is not an required
> part of OSS.

Nope. However, I will assert that truly successful OSS projects with lots of
committers do have anonymous CVS access.

>  The idea is "open" (Open Source Software).  The Spread
> community is currently small enough and the project's core is
> complicated enough that "open" CVS access should be perfectly acceptable.
> 
> Open CVS access is just as good and it apparently gives the Spread
> maintainers what they want (which is seeing who is using it -- readonly
> or not).  My interpretation of the the announcement of CVS access didn't
> say anything about restricting it to certain people.  It just said, mail
> in for a password.  I understood it as "everyone who wants access gets
> it."
> 
> Personally, I don't like pserver.  I would never set up anonymous CVS in
> that fashion if given the choice.  I _always_ try to set up CVS over ssh
> only.

I hear your preferences, however reality is that it is possible to setup
anonymous :pserver: to point to a directory of symlinks. This provides
security.

Read:

<http://cvs.apache.org/viewcvs.cgi/CVSROOT/README.txt?rev=1.4&content-type=t
ext/vnd.viewcvs-markup>

> As for creating an anonymous account with no password as a
> readonly CVS user over ssh... Maybe that is a solution (and IMNSHO a
> good one).

What *exactly* does that gain you other than higher overhead for everyone
involved?

> Are you familiar with copyright and licensing?

Of course I am. I have been dealing with contributing to and managing large
scale OSS projects for the last 5+ years and in smaller amounts for 5 years
before that (I used to port a lot of software to A/UX, including X11R6v4)...

>  You cannot merge
> contributions into a project if they are inappropriately licensed and
> copyrighted.  This the reason that the FSF has the painful assignment of
> copyright rigamarole.  This, to most people, is annoying.  If instead
> the maintainers require that contributions be licensed under a specific
> compatible license (like BSD, MIT X11, etc.), then there are no issues.

Simple solution (that the ASF employees):

Contributions are required to be under the ASF License (in your case,
Spread's License) and copyright to the ASF (in your case, the same copyright
that Spread is under).

I just saw the other message from Yair confirming this...

> Currently, there are no guidelines on the contributions to Spread.  I
> believe what they are saying is that they are setting guidelines so that
> there will be no legal problems accepting contributions.  Please don't
> stand in their way.

Where did you get that I'm standing in anyone's way or even trying to? I
want things open. Nothing more, nothing less.

>> That is because no one could use it commercially.
>
> I assume you meant that no one could use it commercially without
> obtaining a license?

Correct.

> Ben gives many of us here at CNDS advice on a regular basis.  I consider
> his advice invaluable as I am sure the Spread maintainers do too.  There
> are several other Open Source maintainers that we work with regularly
> here, and we try to draw on all of the knowledge and attend to there
> recommendations.

Great. I also volunteer to provide guidance if you want it. I have a lot of
experience running OSS projects.

-jon

More information about the Spread-users mailing list