nginx 專案搬到 GitHub 上

在「Nginx has moved to GitHub (nginx.org)」看到的,原連結是「[nginx-announce] NGINX has moved to Github!」。

這次搬移也順便將本來是 Mercurial 的專案換到 Git 上了...

Hacker News 有不少人在討論現在 nginx 目前的情況,像是之前有提到分家的事情:「nginx 分家:freenginx」。

不過基本功能都算成熟很久了,算是還好?

Firefox 宣布從 Mercurial 換到 Git

Firefox 宣佈從 Mercurial 換到 Git:「Firefox Development Is Moving From Mercurial To Git」。

目前是 Mercurial 與 Git 都支援,理由是不想要維持兩套:

For a long time Firefox Desktop development has supported both Mercurial and
Git users. This dual SCM requirement places a significant burden on teams which
are already stretched thin in parts. We have made the decision to move Firefox
development to Git.

不過不知道決策的過程到底是怎麼產生的,算是 Mozilla 的老問題了...

SourceHut 宣佈拒絕 cryptocurrency 與 blockchain 相關的專案

SourceHut 是個 GitMercurial 的 hosting service,以及提供一些專案管理常見的功能。

他們宣佈不再提供 cryptocurrency 以及 blockchain 相關專案的服務,自 2023 年生效:「SourceHut terms of service updates, cryptocurrency-related projects to be removed」。

SourceHut is planning to roll out updates to our terms of service, effective in 2023. The changes most likely to impact users is the prohibition of cryptocurrency- or blockchain-related projects on SourceHut.

因為這些技術幾乎都是用在違法用途上:

These domains are strongly associated with fraudulent activities and high-risk investments which take advantage of people who are suffering from economic hardship and growing global wealth inequality. Few to no legitimate use-cases for this technology have been found; instead it is mostly used for fraudulent “get rich quick” schemes and to facilitate criminal activity, such as ransomware, illicit trade, and sanctions evasion. These projects often encourage large-scale energy waste and electronics waste, which contributes to the declining health of Earth’s environment. The presence of these projects on SourceHut exposes new victims to these scams and is harmful to the reputation of SourceHut and its community.

不過這年頭自己架 GitLab 也不是什麼難事,該有的功能都有,這個只能算是個宣言...

Bitbucket 放棄 Mercurial

Bitbucket 放棄對 Mercurial 的支援:「Sunsetting Mercurial support in Bitbucket」。

兩個時間點,一個是明年二月不能再新增,另外一個是明年六月完全停用:

February 1, 2020: users will no longer be able to create new Mercurial repositories
June 1, 2020: users will not be able to use Mercurial features in Bitbucket or via its API and all Mercurial repositories will be removed.

在 Mercurial 網站上的 wiki 也更新了:「Mercurial Hosting」,對於不想要搬到 Git 的人可以在這份列表裡找替代方案。

Rust 版本 Mercurial

看到「Mercurial: 964212780daf」這則 commit log,看起來 MercurialPython 換成 Rust 的計畫正在進行中:

rust: implementation of `hg`

This commit provides a mostly-working implementation of the `hg` script in Rust along with scaffolding to support Rust in the repository.

之前從朋友那邊聽到,在 F 公司用 Mercurial 用到覺得很厭世,主要是因為 repository 太大,一跑下去就會發現記憶體用量與速度都很無奈 (即使內部已經有不少工具改善速度),所以就啟動專案要換一個程式語言,直接拼最後那段的效能 XD

如果是隔壁棚的 Git... 就沒這個問題,一開始 Git 就用 C 寫,所以如果厭世的話也不太容易生出什麼進展了 XDDD

在 Git/Mercurial/Subversion 上 "-" 發生的問題

在「[ANNOUNCE] Git v2.14.1, v2.13.5, and others」這邊看到 - 開頭產生的問題:

These contain a security fix for CVE-2017-1000117, and are released in coordination with Subversion and Mercurial that share a similar issue. CVE-2017-9800 and CVE-2017-1000116 are assigned to these systems, respectively, for issues similar to it that are now addressed in their part of this coordinated release.

這算是老問題了,Git 對應的修正主要是朝 filter input 的方向修正,包括了禁用 - 開頭的 hostname,以及禁止 GIT_PROXY_COMMAND- 開頭,另外是禁止開頭是 - 的 repository name:

  • A "ssh://..." URL can result in a "ssh" command line with a hostname that begins with a dash "-", which would cause the "ssh" command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage).
  • Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from "ssh://..." URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash "-" as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage).
  • In the same spirit, a repository name that begins with a dash "-" is also forbidden now.

然後中華電信的 DNS server (168.95.1.1 & 168.95.192.1) 都查不到 marc.info,改用 Google 的 8.8.8.8 才查得到... =_=

Python 的 Repository 將搬到 GitHub 上

Python 宣佈將會搬到 GitHub 上:「[core-workflow] We will be moving to GitHub」,而目前應該是在 Mercurial 架的「Python.org Mercurial repositories index」上。

看討論有很多反對意見啊...

Facebook 的主程式碼放在 Git?

在一月時,Facebook 官方的 Engineering Blog 上提到 Facebook 使用 Mercurial 遇到的問題,以及所作的努力「Scaling Mercurial at Facebook」:

Facebook's main source repository is enormous--many times larger than even the Linux kernel, which checked in at 17 million lines of code and 44,000 files in 2013.

...

Instead, we chose to improve Mercurial. Mercurial is a distributed source control system similar to Git, with many equivalent features.

當時的解讀是 Facebook 把 main source repository 放到 Mercurial 上。

以 Facebook 的規模以及遇到的問題,是有能力直接改變世界的,用 Mercurial 或是 Git 都算是合理的選擇。

不過這幾天在 Twitter 上看到:

這讓人錯亂了啊 XDDD