Linus Torvalds on GIT at Google

I've been looking at GIT and learning what it does, so this 70
minute Youtube video Tech Talk: Linus Torvalds on git

caught my attention:

<param name="movie" value="http://www.youtube.com/v/4XpnKHJAok8"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/4XpnKHJAok8" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed>

Linus actually explains in a compressed
amount of time why GIT is better than
most other SCM (that's
"source code management" to him) tools. He
thinks they are
hopelessly broken. He cites the

following reasons:

  1. CVS can't merge without much

    agony.

  2. SVN, based on CVS,
    offers only improved branching, but no
    improvement where it matters

    on merge performance and ease.

  3. ClearCase is tortuously slow.
  4. Perforce and most of the other tools he
    criticized are centralized, impacting
    performance and trust.

Linus identifies
Bitkeeper
,
Monotone
,
and
Mercurial
as exceptions. (He puts
a very positive spin on the parting of the
ways with Bitkeeper early on in the

talk.)

A confident security analysis of a
distributed model for code management may
appear counterintuitive, and
Linus does not spend any time on actual
security issues. What he
does talk about is the behavioral aspects:
if everyone owns his own repository, and
decentralized "pulls" bring data to
the experts who are analyzing the code,
and if merging tools are very good, then
you have a much better system than
relying on one location to "protect"

data integrity.

Privacy issues are not usually a concern for
open source developers, but one can argue that
pulling an SVN/CVS repository down to your local
hard drive and pushing changes to it back up again
is no more secure than providing the same
authentication and logged access method to several
private GIT development repositories. Politics

may vary.

Linus briefly asserts that the notion of SHA1 content
hashing is intended for integrity checking.
I've been involved with a project where the
central code repository was corrupted by
a file system bug. Having a way to verify the
content over many years as Linus asserts,
would have been very helpful to us as
we patched the code repository back together

again the best we knew how.

Linus has done some amazing work here, and
his talk gives us some insight into why GIT
is a good thing. But the notion of distributed
development and the model Linus has adopted for
maintaining Linux is just as powerful. Let other
people contribute, while needing no real
trust, because the decentralized development
model lets a code gatekeeper analyze every
line of code, and every byte of every file
based on his own experience with it over

the duration of the project.