All, On the gnulib list there was discussion about cvs (see below) and I was surprised it has been so long since the last cvs release.
What is the thoughts of CVS developers on release cadence? What do people think about importing 'cvs' to git (how ironic) and do a maintainance release fixing various low-hanging fruit and to provide the infrastructure to support making future releases? Basic CI could be provided via GitLab and/or GitHub to have some confidence in the build. I've happily been using Codeberg lately, and have been quite happy with it, in case that is an option. Is anyone interested in helping? The cvs source code on Savannah seems unavailable, so I have no idea how far away current HEAD is from the last 1.12.13 release. Doing an import to git could be one first step. /Simon Harry Sintonen <[email protected]> writes: > On Wed, 10 Sep 2025, Collin Funk wrote: > >> Harry Sintonen <[email protected]> writes: >> >>> Building CVS with USE_MMAP undefined (and thus using the >>> posix_memalign code) results in full checkout taking minutes vs hours. >> >> I'll need some time to look at the rest of this, but just wanted to >> mention that building CVS from the upstream repository will produce a >> binary with some nasty vulnerabilities. Distributions have lots of >> patches they apply for their repositories, see Fedora for example [1]. > > Good point there. The debian stable CVS (version 2:1.12.13+real-30) is > affected by this issue (and fixed by forcing no USE_MMAP), at least. I > have not checked other distros myself. > > > Regards,
signature.asc
Description: PGP signature
