CVS is used to manage the source trees of many projects including the BSD projects, the ecgs complier, the Mozilla web browser, and some branches of Linux. Until recently, in order to use CVS to access a source tree one had to have an account on the system on which the CVS source repository was stored. Anyone with a "developer account" can checkout and modify the content of a CVS source repository. Thus, having a developer account (and thus access to the information stored in the CVS source repository) was considered a privilege. This privilege was typically closely guarded to prevent source tree corruption.
In the fall of 1995 Theo de Raadt and I created "Anonymous CVS." Anonymous CVS is a CVS access mechanism that allows anyone to safely have read-only access to a CVS source repository. We created anonymous CVS in response to a dispute between Theo and the leaders of the NetBSD project (the NetBSD "Core" group). Theo was one of the founders of the NetBSD project and a former member of the NetBSD Core. The result of this dispute is that Theo left NetBSD and started the OpenBSD project. When Theo left NetBSD his developers account was removed, thus preventing him from accessing the NetBSD CVS repository. This was unfortunate because Theo was still doing technical work on BSD and could have made good use of the CVS histories and logs contained in the NetBSD CVS repository.
The dispute between Theo and NetBSD Core caused Theo and I to reconsider the management of the OpenBSD CVS source repository. We both came to the conclusion that it was to everyone's benefit to allow general access to the log and revision information CVS stored in our CVS repository. This would enable users who were not directly involved with OpenBSD (and thus did not have developer accounts) to more easily debug problems and to better feel a part of the OpenBSD project. So we decided that anonymous read-only access to the OpenBSD CVS repository was a good idea. This was a radical idea at the time because CVS access had always been considered a developer-only privilege.
Unfortunately, before we could provide anonymous CVS access to the OpenBSD source repository we had several technical problems to overcome First, the "cvs" program was not designed to provide read-only access to a source repository and so we had to verify that it would work properly in this new mode. Second, we had security concerns --- we did not want an unexpected bug to allow anonymous write access to the repository. Third, the OpenBSD CVS repository was located behind an ISDN line in Canada. We did not want anonymous CVS network traffic to flood this line.
To address these three issues we came up with the following design. First, we decided that anonymous CVS access should be provided from a different machine than the one that the one that contained source repository. This allowed us to locate our new anonymous CVS server on a campus network with a high-speed data link (much faster than ISDN). Second, we put a copy of the source repository on the new machine and arranged for it to download changes from the master repository several times a day (using the "sup" protocol). This allowed us to quickly provide general access to our CVS source updates to our user community. Third, to allow anonymous access to the CVS repository, we created an account "anoncvs" with a null password (so that anyone could access the account). To provide security for our anonymous CVS server, the "anoncvs" account has a special setuid "root" shell that chroot(2)'s to the base of the CVS, drops privileges, and then execve(2)'s the "cvs" program. The result of these changes is that anyone with CVS installed can execute the following commands to access the OpenBSD source tree:
setenv CVSROOT anoncvs@anoncvs.openbsd.org:/cvs cvs co -AP src(See the OpenBSD anonymous CVS web page for more details on accessing the OpenBSD CVS tree.)
In addition to allowing anyone to access the CVS histories and logs, anonymous CVS also allows users to take advantage of CVS' other features. For example, CVS can intelligently merge changes from the main source repository into a local copy. This allows users to maintain local changes in their source tree without having to worry about those changes being wiped out during a source update operation. Anonymous CVS also allows new developers the chance to learn about CVS before they get write access to the main source repository.
We believe that our pioneering work on anonymous CVS has been a great success. Several other groups have built on our ideas to provide new ways to access CVS repositories. For example, the FreeBSD project released their CVS source repository shortly after the OpenBSD project did. As part of FreeBSD's efforts to release their CVS repository, Bill Fenner created the innovative "CVS WEB" package. CVS WEB allows anonymous CVS access through a standard web browser (see http://www.freebsd.org/cgi/cvsweb.cgi for an example). Also, after reviewing our work on anonymous CVS Cyclic Software (the maintainers of CVS) added a new CVS access mechanism ("pserver") that allows anonymous CVS access.