#1124786 cvsd: Vcs bot detection, consider maintaining in salsa

Package:
src:cvsd
Source:
src:cvsd
Submitter:
Bastian Germann
Date:
2026-05-26 05:41:01 UTC
Severity:
normal
Tags:
#1124786#5
Date:
2026-01-06 18:36:40 UTC
From:
To:
Hi Arthur,

The Vcs-Browser URL forwards (me) to a website titled
"Blocked (suspected bot)". This is unpleasant.

Please reconsider this. As this is the last package in whole Debian to
be maintained via CVS, I suggest to move the pkg maintenance to salsa,
which should get you less traffic on your server as well.
I see that you use salsa for other packages, so this should not be
unfamiliar to you.

Thanks,
Bastian

#1124786#10
Date:
2026-01-06 22:01:22 UTC
From:
To:
Hi Bastian,

I recently had to install pretty broad blocking of user agents because
it was overloading my website (50 times increase in traffic, mostly
hitting my repositories).

If you can provide my your user agent I can fine-tune the block list. I
can also provide you a unique link (not via the BTS) that will allow me
to extract the user agent myself.

If feels hypocritical to manage a package that is meant to expose CVS
repositories not in CVS so I'd rather not switch to Git for cvsd. It is
also fun to use cvs commands every 10 years or so to find out that I
haven't lost muscle memory of the commands yet ;).

Also, I really prefer to have as much as possible self-hosted for as
long possible because I feel we should try to encourage a decentralised
Internet.

Kind regards,

#1124786#15
Date:
2026-04-15 13:18:11 UTC
From:
To:
Hi again,

in the same manner as for svn2cl I also created a repository for cvsd at

https://salsa.debian.org/debian/cvsd

BTW, I tried hard to keep the CVS history of the Debian packaging but
failed.  Thus I used `gbp import-dscs` as fallback.

Due to this and since I'm not really sure why this package is Debian
native I did not yet uploaded to the delayed queue.  If I do not hear
from you in 21 days I will do a NMU upload.

Kind regards
    Andreas.

PS: svn2cl will hit unstable in 2 days.


Am Tue, Apr 07, 2026 at 02:35:53PM +0200 schrieb Andreas Tille:

#1124786#24
Date:
2026-05-05 06:31:34 UTC
From:
To:
Hi Arthur,

greetings from MiniDebConf in Hamburg.

I’m working towards the goal of having no packages in Debian maintained
in CVS anymore (and cvsd is the last one). Since I believe you’re still
active and that a migration to Salsa would generally be in your
interest, I wanted to quickly check whether that assumption is correct.

I’ve prepared an NMU here:

https://salsa.debian.org/debian/cvsd

If you’re happy with this direction, I can go ahead with the upload. Of
course, I’d also be glad if you prefer to do the upload yourself.

Please let me know what you think.

Kind regards
   Andreas

#1124786#29
Date:
2026-05-06 05:41:36 UTC
From:
To:
Hi Arthur,

sorry, I missed this response of yours when drafting my last two
messages to this bug report.

Am Tue, Jan 06, 2026 at 11:01:22PM +0100 schrieb Arthur de Jong:

I admit I can follow this argument to some extend.

:-)

I admit I disagree with this argument.

Invoking a “decentralised Internet” here feels misplaced. Salsa is
operated by the Debian Project itself; using it is not outsourcing
control but relying on shared project infrastructure.

More importantly, keeping this package outside Salsa creates unnecessary
friction. It makes contributions, reviews, and potential co-maintenance
harder, and ties the packaging to a single setup. Hosting it on Salsa
improves transparency, lowers the barrier for others to help, and avoids
a single point of failure if maintenance ever needs to change hands.

It also means missing out on established tooling like Salsa CI, which
provides automated builds, linting, and reproducibility checks out of
the box. That kind of integration directly improves package quality and
reduces manual effort.

Given that this is the only remaining package handled in a different Vcs
than Git, the inconsistency mainly adds cost without a clear benefit.

Thank you for considering the adoption of

https://salsa.debian.org/debian/cvsd

which I prepared for your convenience.

Kind regards
    Andreas.

#1124786#34
Date:
2026-05-07 15:43:15 UTC
From:
To:
severity 1124786 wishlist
thanks

Hi,

I feel this is merely a minor bug: The fact that the Vcs-Browser URL forwards
to a website titled "Blocked (suspected bot)" can be unpleasant indeed.  We
suffer from similar issues now that salsa is being attacked by LLM webscraping
bots.  Since the maintainer made it clear they consciencely choose to maintain
this package on their own infrastructure, and using CVS, and since nothing
in policy forbits this, I feel we should just let this rest and keep on supporting
Arthur doing good work for Debian and Free Software.

My € 0,02.

(And thanks Andreas giving this bug more eyeballs.)

Bye,

Joost

#1124786#41
Date:
2026-05-26 05:39:51 UTC
From:
To:
[Removing pending tag since Maintainer disagreed.]

Hi Arthur,

As I tried to express, I do understand your reasoning why maintaining
this package in CVS makes a certain amount of sense. On the other hand,
it is now the only remaining Debian package maintained in a VCS other
than Git.

udd=> SELECT source, version, release, vcs_type, vcs_url, maintainer
FROM ( SELECT DISTINCT ON (source) source, version, release, vcs_type, vcs_url, maintainer
       FROM sources WHERE release in ('forky', 'sid') ORDER BY source, version DESC ) latest
WHERE vcs_type != 'Git';
 source | version | release | vcs_type |                   vcs_url                    |             maintainer
--------+---------+---------+----------+----------------------------------------------+-------------------------------------
 cvsd   | 1.0.25  | sid     | Cvs      | :pserver:anonymous@arthurdejong.org:/arthur/ | Arthur de Jong <adejong@debian.org>
(1 Zeile)

From a collaboration and maintenance point of view, I would appreciate
it if you could reconsider your decision. Using Salsa would make it
easier for others to contribute and would also allow straightforward
integration with Salsa CI and autopkgtest infrastructure. I could, for
example, imagine adding autopkgtests that exercise the server to ensure
it remains functional.

Kind regards
   Andreas.