From owner-freebsd-security@freebsd.org  Wed Jul 24 20:22:19 2019
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AC463B798F
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Wed, 24 Jul 2019 20:22:19 +0000 (UTC)
 (envelope-from rsimmons0@gmail.com)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com
 [IPv6:2a00:1450:4864:20::12a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id CA38A726A8
 for <freebsd-security@freebsd.org>; Wed, 24 Jul 2019 20:22:18 +0000 (UTC)
 (envelope-from rsimmons0@gmail.com)
Received: by mail-lf1-x12a.google.com with SMTP id b17so32861882lff.7
 for <freebsd-security@freebsd.org>; Wed, 24 Jul 2019 13:22:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=zBdJI/uPx/PVe+6s74AL27rQbB3kwzXADYglrKFd0VE=;
 b=rh8ALMNSqotS+C/+d0udywn0wm8siV4YnDvhpl6JBCAZq7lHAKIRwGpPPv+4dlmrHY
 YwS/NytbrUrNbtiKcK3LnER1lfvar6XoyaQTmgs99A8S7zDh6d/nxnp6q5p1fYdCBjam
 aNInnRfvmzx9TvACWTedT7qZnqk1W0zhlcwAdwykRdYSSRBB4UwaAXj/7GX659fSWLR2
 86gdALppduTJYM7Z4W8DmYIDChmVDmi0/nSs+FK15U7grAIb6eMZDRKFUYUtKUpghh6Z
 ycVSRHCm4TIjQ8XfA0Ls37Y2pXInxlR1n0BH6C7G+32HIShyiNzC20RPqMLZJc2KAwf3
 o/ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=zBdJI/uPx/PVe+6s74AL27rQbB3kwzXADYglrKFd0VE=;
 b=k4ZR+vPGOPEMC3wHyL6NptNLPgZBqf02nM/y13SOpS73lmoqLjKCi0w/lqHmE7N6yk
 IrMngWfDHq/zbhX5Eqw5AQn9bGCHtVdmNCV6W16xgvI5+PAYpYlGKlfloxBlOYk77FwI
 qzCNBEBpKDuK69sUMDaPyeXm2CxjcBfLMlnxSfrQoSwRrce6A59plEciAbR7rjfwzr53
 UY/77BPbrLohUBNboSyU4JndTtZB8A1PbY2eTpbPDlCq6eS7Hhtd42mk8J3Era4S0Rcf
 kfydfLlcVGh2TtcZ/nhoRoyQw6EMB0ScdxU7oWsCAN0uGKMET6wuFc44rIbQT1Kd1nY8
 GO5A==
X-Gm-Message-State: APjAAAW4FGzG2o/ODpAT8l6XErj0Kpt1EJi6MSRGB9MLXmGNePrwcBBA
 tbJD37BNll22cyPd4GRhC3C4EqDQNQ2TiXZjNOE+M0VO
X-Google-Smtp-Source: APXvYqwlV676W2uneRpGicM329tkp4+D8QqPQbAN7cuDtzpUrpcrJ3HA5geRRBnniWOepBeXOCUqvQlT3YbjsTOqmEQ=
X-Received: by 2002:a19:7509:: with SMTP id y9mr39220903lfe.117.1563999737187; 
 Wed, 24 Jul 2019 13:22:17 -0700 (PDT)
MIME-Version: 1.0
References: <CA+QLa9DnEmC0fK81rHGCsuextpN+UjMbraUFKBz0DYeDbz+Tjg@mail.gmail.com>
 <CAC0r6X-8YpghSCcLAMKtYy=ZTGHZbvMhX7f1Gk5ZQiE92QbEVQ@mail.gmail.com>
 <CA+QLa9BbR9iox5UJr99fZqv=eFm4H6jePDUeKBQ0yq8LhYBMKA@mail.gmail.com>
 <CAEE+rGqLhp2Khe_fFhwmTtUxMkF+mTacdbcg_P12HZgSpfdGqw@mail.gmail.com>
 <CA+QLa9DK9UOC1uSrLQEn4-QpX4t11hJMYCCCn6g4Jb1ogUaBXg@mail.gmail.com>
 <CAEE+rGoPHewt-QVoPB=ai4psod_gndB9MLGHKmRkzn1N866omg@mail.gmail.com>
In-Reply-To: <CAEE+rGoPHewt-QVoPB=ai4psod_gndB9MLGHKmRkzn1N866omg@mail.gmail.com>
From: Robert Simmons <rsimmons0@gmail.com>
Date: Wed, 24 Jul 2019 16:22:06 -0400
Message-ID: <CA+QLa9DazeevnpHMhHGxkHn2v4gSzetEmaG-dfqhmRpPfM6b5w@mail.gmail.com>
Subject: Re: Old Stuff
To: "Aaron C. de Bruyn" <aaron@heyaaron.com>
Cc: Luke Crooks <luke@solentwholesale.com>, freebsd-security@freebsd.org
X-Rspamd-Queue-Id: CA38A726A8
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=rh8ALMNS;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of rsimmons0@gmail.com designates
 2a00:1450:4864:20::12a as permitted sender) smtp.mailfrom=rsimmons0@gmail.com
X-Spamd-Result: default: False [-6.84 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[a.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]; RCVD_TLS_LAST(0.00)[];
 NEURAL_HAM_SHORT(-0.86)[-0.861,0]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2];
 IP_SCORE(-2.97)[ip: (-9.36), ipnet: 2a00:1450::/32(-2.99), asn: 15169(-2.43),
 country: US(-0.05)]; 
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 20:22:19 -0000

You're correct. I did make two separate suggestion in the same email. My
suggestion about ftp and telnet is not based on code base complexity. I'm
only using that argument for dropping 32bit.

On Wed, Jul 24, 2019 at 4:17 PM Aaron C. de Bruyn <aaron@heyaaron.com>
wrote:

> On Wed, Jul 24, 2019 at 12:09 PM Robert Simmons <rsimmons0@gmail.com>
> wrote:
>
>> Yes, to reduce the code base complexity so that resources can be focused
>> on a smaller code base.
>>
>
> That seems like several completely different arguments.  Codebase
> complexity, available resources, and "a smaller code base".
>
> So why does removing telnet and FTP solve or partially solve codebase
> complexity whereas removing sh or curl not solve the problem?
>
> As for available resources, is that currently a problem?  Is there no
> telnet or FTP maintainer?  Are they complaining they're overworked with a
> flood of changes to the telnet protocol (have there been any changes in the
> last 2 decades)?
>
> Why is "a smaller code base" a goal?  Shouldn't it be more along the lines
> of "the smallest most efficient code base necessary to support feature x,
> use-case y, or project z"?
>
> I'm being a bit snarky with this, but you could solve all the problems you
> listed by distributing an OS that simply had an 'ls' command and that's
> it.  No login.  No vi.  No video support. No nothing.  It just boots to a
> prompt and allows you to type 'ls'.  Much smaller codebase, less
> complexity, tons of resources for a very small project.
>
> Maybe I misunderstood based on Stephen's earlier reply though.  If the
> case is simply removing it from the base to ports, I would have less of an
> issue.  It means a bit more work on my end, but at least the functionality
> is available.  I would think it would have a minor impact on users coming
> over from Windows, Linux, or other BSDs with the former two being less
> inclined to dive in and compile from source or even know/understand ports
> initially.
>
> -A
>
>