From owner-freebsd-arch  Fri Feb 16 10:37: 1 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 1158E37B491
	for <arch@FreeBSD.ORG>; Fri, 16 Feb 2001 10:36:57 -0800 (PST)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id KAA03213;
	Fri, 16 Feb 2001 10:36:02 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda03211; Fri Feb 16 10:36:00 2001
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f1GIZsb74976;
	Fri, 16 Feb 2001 10:35:54 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdb74972; Fri Feb 16 10:35:26 2001
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.2/8.9.1) id f1GIZOB29603;
	Fri, 16 Feb 2001 10:35:24 -0800 (PST)
Message-Id: <200102161835.f1GIZOB29603@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdo29596; Fri Feb 16 10:34:38 2001
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Dag-Erling Smorgrav <des@ofug.org>, Mark Murray <mark@grondar.za>,
	arch@FreeBSD.ORG
Subject: Re: List of things to move from main tree to ports (was Re: 
 Wish List (was: Re: The /usr/bin/games bikeshed again))
In-reply-to: Your message of "Fri, 16 Feb 2001 10:01:14 PST."
             <200102161801.f1GI1Ew98317@earth.backplane.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 16 Feb 2001 10:34:37 -0800
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <200102161801.f1GI1Ew98317@earth.backplane.com>, Matt Dillon 
writes:
>     I'll collect all the responses from the list together and put together
>     a comprehensive list, then post it tonight.

Please move Sendmail to ports.  People should have a choice of which 
MTA they want to use.  Sendmail should not have any special status when 
compared to other MTA's in ports.  Qmail and postfix are quite popular 
too and they are in ports.

BIND:  There is a growing groundswell in favour of djbdns.  People 
should have a choice.  Once again if they choose djbdns, BIND takes up 
space that could be used by other software on the disk.  Economy.

telnetd and ftpd.  (I suppose the clients can stay in the base system, 
though fetch and a web browser can do the same).  I no longer offer 
anonymous ftp services on most systems I manage, as a web browser can 
serve files just as well (assuming the client has approved of the 
changes), and the HTTP protocol is firewall friendly while FTP is not.

For non-anonymous FTP, there is sftp.  It's not the same protocol but 
the user interface is the same.  Sftp, which uses SSH is much more 
secure and is firewall friendly, e.g. doesn't need any FTP proxy.  
Anyhow, I hope everyone can understand my rationale for moving away 
from FTP.

All four of these have been very hot issues in the past.  Judging from 
the responses in the past, I'd suggest taking a vote and deciding from 
there.

Some of the above have flags defined in make.conf others don't.  I 
suppose the place to start would be to define macros for each of the 
above that don't have macros defined in make.conf.  Then after a while, 
like FreeBSD-6.0, default the above to "don't build".  Finally, e.g. 
FreeBSD-7.0, people might be acclimatised to not having them, the can 
be moved to ports.  For some, like ftpd and ftp, telnetd and telnet, we 
may have to phase in the solution over a much longer period of time -- 
call it a 3 or 5 year plan (virtually forever in this business but 
taking it slow should satisfy most if not all people).

I realise these are sensitive issues, which is why I propose a long 
lead time.  By then other open source projects and maybe even some 
vendors might have caught on to the idea as well.

For those of use who have private networks with people you can trust on 
them, e.g. my network at home, I see no problem using these services 
and protocols.  Having said that, this breaks one premise of good 
security (which I don't even follow as much as I preach), which is 
security through depth, so even then I can argue against using these 
protocols there.

Hopefully I haven't ruffled too many feathers and have conveyed my 
message in a constructive manner.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message