Linus on Subversion, GPL3, Microsoft and More

victor77 writes "Linus has repeatedly slammed Subversion and CVS, questioning their basic architecture. Subversion community has responded...how valid is Linus's statement?" This and many other subjects are covered in this interview with Linus.

Linus would not be pleased...

[Anonymous Coward]

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC SQL Server Driver][SQL Server]Transaction (Process ID 182) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. /efytimes/lefthome.asp, line 193

Article

[Anonymous Coward]

Sunday, August 19, 2007: Did Microsoft's Men In Black ever met Linus Torvalds? But why is he so critical of GPLv3? Why does he slam Subversion? What would happen to the kernel development if he chooses to do something else more important? These are some of the questions Linux/open source community from around the globe wanted to ask Linus. And, here is Linus candid and blunt, and at times diplomatic. Check if the question you wanted to ask to the father of Linux is here and what does he have to say...
Q: What are the future enhancements/paths/plans for the Linux kernel? --Subramani R

Linus: I've never been much of a visionary -- instead of looking at huge plans for the future, I tend to have a rather short timeframe of 'issues in the next few months'. I'm a big believer in that the 'details' matter, and if you take care of the details, the big issues will end up sorting themselves out on their own.

So I really don't have any great vision for what the kernel will look like in five years -- just a very general plan to make sure that we keep our eye on the ball. In fact, when it comes to me personally, one of the things I worry about the most isn't even the technical issues, but making sure that the 'process' works, and that people can work well with each other.

Q: How do you see the relationship of Linux and Solaris evolving in the future? How will it benefit the users?

Linus: I don't actually see a whole lot of overlap, except that I think Solaris will start using more of the Linux user space tools (which I obviously don't personally have a lot to do with -- I really only do the kernel). The Linux desktop is just so much better than what traditional Solaris has, and I expect Solaris to move more and more towards a more Linux-like model there.

On the pure kernel side, the licensing differences mean that there's not much cooperation, but it will be very interesting to see if that will change. Sun has been making noises about licensing Solaris under the GPL (either v2 or v3), and if the licence differences go away, that could result in some interesting technology. But I'm taking a wait-and-see attitude to that.

Q: Now that the GPLv3 has been finalised and released, do you foresee any circumstance that would encourage you to begin moving the kernel to it? Or, from your perspective, is it so bad that you would never consider it? -- Peter Smith / Naveen Mudunuru.

Linus: I think it is much improved over the early drafts, and I don't think it's a horrible licence. I just don't think it's the same kind of 'great' licence that the GPLv2 is.

So in the absence of the GPLv2, I could see myself using the GPLv3. But since I have a better choice, why should I?

That said, I try to always be pragmatic, and the fact that I think the GPLv3 is not as good a licence as the GPLv2 is not a 'black and white' question. It's a balancing act. And if there are other advantages to the GPLv3, maybe those other advantages would be big enough to tilt the balance in favour of the GPLv3.

Quite frankly, I don't really see any, but if Solaris really is to be released under the GPLv3, maybe the advantage of avoiding unnecessary non-compatible licence issues could be enough of an advantage that it might be worth trying to re-license the Linux kernel under the GPLv3 too.

Don't get me wrong -- I think it's unlikely. But I do want to make it clear that I'm not a licence bigot, per se. I think the GPLv2 is clearly the better licence, but licences aren't everything.

After all, I use a lot of programs that are under other licences. I might not put a project I start myself under the BSD (or the X11-MIT) licence, but I think it's a great licence, and for other projects it may well be the right one.

Q: Currently are there any Indians who you'd like to highlight as key contributors to the Linux kernel?

Linus: I have to admit that I don't directly work with anybody that I actually realize as being from India. That said, I should clarify a bit: I've very consciously tried

Alternate link

[MythMoth]

This one is not (yet) slashdotted:
http://www.efytimes.com/archive/144/news.htm [efytimes.com]

Re:Can't RTFA...

[Oddscurity]

He did slam CVS indeed, SVN likewise. In Linux talk at Google about Git [google.com][video] he mentions SVN and their credo at on time being something along the line of "CVS done right", commenting that "there is no way to do CVS right."

The article linked here is light on details concerning SCM, though.

Re:Can't RTFA...

[nwbvt]

Site seems to be back up, here is what he had to say:

I suspect a lot of people really don't much like CVS, so I didn't really even expect anybody to argue that CVS was really anything but a legacy system. And while I've gotten a few people who argued that I shouldn't have been quite so impolite against SVN (and hey, that's fair -- I'm really not a very polite person!), I don't think anybody actually argued that SVN was 'good'.

SVN is, I think, a classic case of 'good enough'. It's what people are used to, and it's 'good enough' to be used fairly widely, but it's good enough in exactly the sense DOS and Windows were 'good enough'. Not great technology, just very widely available, and it works well enough for people and looks familiar enough that people use it. But very few people are 'proud' of it, or excited about it.

And here is the reaction from the subversion team [tigris.org]. For those of you who don't want to RTFA, they basically say they agree, its not appropriate for something like Linux.

BTW, isn't this all old news? His original comment on subversion was dated from 05

Re:Article Summary Misleading

[nwbvt]

Think that could be because its an Indian news site and the guy himself is Indian?

Believe it or not, just because something is published on the world wide web doesn't mean it has to cut out everything of local interest.

Re:Article

[fimbulvetr]

Mod parent down, he has altered the article to include things like "What do you think of penis?"

Re:Linus would not be pleased...

[dknj]

and if you're a programmer or an admin that knows sql server, then you know to disable this before you go into production. again, this is not a problem with the product. saying such would be like saying solaris is trash because it enables everything plus the kitchen sink, unless you tell it not to...

oracle is all great and fun if you have the money to cough up for it. sql server has great performance at a fraction of oracle's cost. of course, a competent architect will know when to use sql server and when to use oracle.

Other subversion flaws

[Antique Geekmeister]

There are other issues: the Subversion authors have made a very real mistake here in keeping unencrypted passwords online, by default, in every public Linux or UNIX client compiled from Subversion's basic source code.

I just had to have a polite conversation with a professional peer who kept his home directory on his laptop, then turned on NFS shares "to get work done". I waited, very politely, until he put his laptop on the DMZ with his NFS shares turned on. Then I pulled his SSH keys for a set of sourceforge projects from his directory, and his password from his oher Subversion repositories. Voila! I now have write access to his Sourceforge subversion epositories.

I'm patient. But crackers aren't, and scan for this sort of vulnerability constantly. The Subversion authors should never have bothered to include the ability to store the password, at all.

PARADIGM SHIFT!

[StCredZero]

Damnit, it's a paradigm shift that Linus is talking about. True distributed source code management brings an entirely new way of working. It enables very fast merging at a very fine granularity, which lets you use casually use this information (about what changed and when) in a way that changes the nature of how you work! It's the same sort of difference that code completion or Google search made. Once a certain kind of very useful information -- that has always been available, but a bit inconveniently -- becomes like running water out of the tap, it enables ways of working that just wouldn't have been practical before.

If you really want to know what Linus is talking about from the man himself, watch this Google Tech Talk. It's over an hour, but there's nothing like hearing it straight from the horse's mouth.

http://video.google.com/videoplay?docid=-219933204 4603874737&q=git+google+tech+talk&total=3&start=0& num=10&so=3&type=search&plindex=1 [google.com]

Re:Can't RTFA...

[chthon]

Too bad Continuus costs too much to try, I think he would want to return to SVN after using that piece of shit.

Re:Can't RTFA...

[coryking]

easy

- Not mess up my working directory with a bunch of .svn hidden directory junk.
- As somebody else said, proper branching & tagging
- Related to the .svn directory stuff, it is *way* to easy to ruin a working copy. Why related? You ever try to version a 3rd party tree (say, the ports tree)? It is virtually impossible because when you update the ports tree, it will mess with the filesystem enough to de-sync the .svn directory and ruin the entire working copy.
- While getting better, it isn't very fast dealing with large working copies (say, 200+ megs)

Re:Can't RTFA...

[smenor]

I used to use CVS (and still do for some projects). Then I switched over to SVN. It was remarkably unremarkable.

Then, a few months ago, there was a /. article on git [git.or.cz]. It sounded interesting so I tried it... and was thoroughly impressed.

I was up and running in about 20 minutes. You can use cvs/svn like commands, *but* you get local / decentralized repositories with fast forking and merging.

Start a project. Type "git init" and you've got a repository in place (you don't have to initialize and then check it out). "git add ." and "git commit" and you've got your first revision.

It took a little bit more effort to figure out how to push/pull from a remote repository, but it's fairly straightforward. A bunch of people can work in a group, have their own local repositories, and then merge their changes (along with the revision history). It's awesome.

The only reason I haven't switched all of my projects over to it is that the IDEs I use (Xcode and Eclipse) don't have good git integration (as far as I know).

Re:if it isn't broken

[someone1234]

You preach to the choir.

Re:Other subversion flaws

[Serpent Mage]

I waited, very politely, until he put his laptop on the DMZ with his NFS shares turned on. Then I pulled his SSH keys for a set of sourceforge projects from his directory, and his password from his oher Subversion repositories.

Considering that both the ssh keys folder and the subversion authorization folders are both chmod 700 by default, it doesn't matter if he tosses up an NFS share. You still cannot access it without being him or root. And of course if you had his password anyway then trying to access his password by him sharing his home directory is pointless anyway as you could simply just ssh into his computer and grab it. I call shenanigans on this one.

The Subversion authors should never have bothered to include the ability to store the password, at all.

As I mentioned above, by default, without the author changing permissions manually, the passwords are accessible only to the user. Even the group and world are not allowed access into the folder much less the files in them. And for those of us who live in the real world with real enterprise grade software to work on that span a dozen different repositories with at least 6 different authentication systems, yeah remember passwords is a godsend.

Then again, all my "file sharing" happens with a special user account that is nothing but filesharing and I just have symlinks into that user. And it is all samba based filesharing not NFS and it is locked down with a user/password to even access the samba share.

Subversion *does* have many flaws but the storing of passwords is not one of them. That is almost a mandatory feature requirement to work with repositories in most development organizations.

Re:Other subversion flaws

[gerddie]

Considering that both the ssh keys folder and the subversion authorization folders are both chmod 700 by default, it doesn't matter if he tosses up an NFS share. You still cannot access it without being him or root.

In the "simple" setup of an nfs server mounting the nfs share is usually independent of the user doing so, and if the other guy didn't restrict the allowed hosts of the shares, anyone on the net can do it, if he only knows the proper name, no passwords required. After you got this far, being him on nfs is just a matter of having the same user id - at least until nfs v3. Of course there are measures to restrict access, but someone exporting his home "to get work done" might not think that far ...

Re:Can't RTFA...

[coryking]

I set up a small (two line) shell script so I wouldn't have to manually do the -rx:x+1 each time

You had me staring at that for a minute until I realized you weren't talking about file permissions (ala chmod) and instead talking about command line switches! :-) In truth, it isn't the command line stuff that is hard, it is just svn's merging is very conceptually hard to understand. Instead of the task-based "I want the changes from this version to merge with that version" using native svn forces you to think "I want to merge the difference between two versions in time into this other point in time". The "difference between two points in time" thing is really hard to wrap your head around...

The trick is to get svnmerge. It handles almost all of the nitty gritty details so you can actually do what you realy want to do, which is "take the changes from branch A and put them into branch B". Say you want to take the junk in changeset 1,2,5 and all the junk between 30 and 35 and merge it into your working copy:

> svnmerge merge -r 1,2,5,30-35

First, it remembers where you want to pulls stuff in from - you set that when you initialize a branch by telling it "link the branch in this working copy to branch svn://somewhere/else/". Every time you run it, it looks at what hasn't been merge into your working copy. You can get a list of junk it hasn't merged with:

> svnmerge avail

Once you do the "svnmerge merge" it will pull in all the changes and automatically keep track of what it just merged it. You then do a regular commit on the changes and off you go. I usually do this:

> svnmerge merge -r 4,5,6 -f commit.txt || svn commit -F commit.txt || rm commit.txt

That command pulls in the revisions to your working copy and creates a commit log "commit.txt". It then commits your crap and removes the log.

The whole thing is a hackjob for sure, for starters TortiseSVN doesn't know about it and I'd love to do the whole process in some GUI thing. But it does show you that SVN itself is more than capable of handling merges in a "proper" way. Subversion just needs to get this hi-level stuff into it's own codebase so it knows what is up. I know they are working on it, I just hope that I can migrate from svnmerge to whatever native stuff they cook up in an elegant fashion.

Don't get your hopes up

[Slashdot Parent]

Hopefully, the merge tracking being implemented for SVN 1.5 will make SVN a real/complete scource code control system.

Don't get your hopes up.

"Merge Tracking in Subversion 1.5.0 is roughly equivalent in functionality to svnmerge.py, recording and using merge history to avoid common cases of the repeated merge problem, and allowing for cherry-picking of changes." -- http://subversion.tigris.org/merge-tracking/ [tigris.org]

Re:Can't RTFA...

[TemporalBeing]

No Linus wrote Linux as a reimplementation of BSD, during the period that AT&T sued to stop the distribution of BSD. Had BSD not been held up in court, there would have been no need to rewrite BSD from scratch using inferior networking code.

Actually, if you read Linus' own book - Just For Fun: The Story of an Accidental Revolutionary [amazon.com] - you'd find out that he wrote Linux as (a) a method for learning x86 Assembly for the i386 processor, (b) as a way to get into his school account over dial-up, and (c) as a re-implementation of Minix. It was also highly coupled with Minix for a while until around version 0.10, or shortly thereafter.

See also: 0.10 history [kerneltrap.org], 0.02 & 0.03 history [kerneltrap.org], 0.01 history [kerneltrap.org]

Re:"use git as if it were centralized"

[Lord Bitman]

Please correct me if I'm wrong, but when I first looked into git, I was left with the impression that there was /no way/ to use git as if it were centralized: every user had to have the full history, even if 99.99% of that history was irrelevant. I recall reading something where Linus noticed that if everyone used git with full history, they would all wind up with needlessly huge local copies. His solution: rather than fixing this obvious flaw in git, he chose instead to simply not import old version information. Did I read this wrong? Has something changed? These are not rhetorical questions, I have asked them previously and have yet to receive an answer. I just don't know. Why is git superior when it seems that it was fundamentally incapable of handling the full depth of the very project for which it was written?

My goal of a "perfect" version control system is one that is decentralized, but lets me decide how much history I want, and lets me decide if something is so old as to be irrelevant, not worth having locally. If older versions can be discarded without impacting day-to-day work, why have I not seen this as an option for any decentralized systems?
It is one of those "seems obvious enough to me that I am probably just using the wrong keywords in Google" things.

SVN lets me check out just the "most recent" copy, and I can pull whatever I need from the remote repository if I need it.
git, from what I've read, does not.

I am not trying to be arrogant here, I would love to be corrected. Given history of other times I've asked this question, I don't expect to.

Re:"use git as if it were centralized"

[Lord Bitman]

a brief googling reveals hard drive space was not the issue - it was bandwidth. My point is more related to archives in general, not the linux kernel itself, though (that Linus chose not to put the whole tree into git I still think is very telling, though). My primary concern is: if it wasn't worth it to have 3-year-old history THEN, why not three years from then? It just seems like a fundamental design issue that I've never heard explained other than "hard disks are cheap and bandwidth is infinite nowadays!", which is an outright lie and pretty much just says "git: not meant to be portable"
Perhaps I use SVN in situations where something simpler would suffice, but I /like/ to be able to check out/in from resource-limited systems without resorting to YetAnotherTool.

mostly, though, it's just the idea of "we don't want to import 3 years of history, it's not worth it right now" + "And this is good for the long term!"

Re:"use git as if it were centralized"

[Lord Bitman]

This was very quick googling, of the type "I think I remember reading something like...", typing "linus git kernel import", and clicking until I found something similar to my memory, total time 20 seconds:
http://kerneltrap.org/node/5014 [kerneltrap.org]

Just because I'm the type of person who uses version control and often have access to high-speed internet and large hard drives doesn't mean I'm /ALWAYS/ in a situation where I have a lot of bandwidth and hard disk space at my disposal. When I'm in a resource-limited situation, I still like to be able to check in/out, do other "what went wrong?" type of things without using a second system.

As for "give it a try", I did, but very early in its history so I don't think enough niceties were there at the time.
Mostly, it comes down to: sometimes my SVN repository grows very quickly due to all the sometimes unneeded history. There's no "svn obliterate", so we just put up with it. This causes (actual, not hypothetical) storage issues even with centralized version control. I wouldn't want to multiply this problem by the number of developers, while adding bandwidth issues previously not dealt with because some things they just didn't care about, just to allow them access to histories /when they wanted it/.