From owner-freebsd-stable@freebsd.org Mon Apr 5 14:45:06 2021 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7B4E85BB7DC for ; Mon, 5 Apr 2021 14:45:06 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FDYNK3bY1z4g49; Mon, 5 Apr 2021 14:45:05 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.66.148.124]) by shaw.ca with ESMTPA id TQTNlr4vEeHr9TQTOlxvOW; Mon, 05 Apr 2021 08:45:03 -0600 X-Authority-Analysis: v=2.4 cv=Yq/K+6UX c=1 sm=1 tr=0 ts=606b226f a=Cwc3rblV8FOMdVN/wOAqyQ==:117 a=Cwc3rblV8FOMdVN/wOAqyQ==:17 a=kj9zAlcOel0A:10 a=3YhXtTcJ-WEA:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=EkcXrb_YAAAA:8 a=Lng4QwBR5uOYiKpvOFsA:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 2C859DDD; Mon, 5 Apr 2021 07:45:00 -0700 (PDT) Received: from slippy (localhost [127.0.0.1]) by slippy.cwsent.com (8.16.1/8.16.1) with ESMTP id 135EixF6025306; Mon, 5 Apr 2021 07:44:59 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <202104051444.135EixF6025306@slippy.cwsent.com> X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Ed Maste cc: freebsd-stable stable Subject: Re: Deprecating base system ftpd? In-reply-to: References: Comments: In-reply-to Ed Maste message dated "Sat, 03 Apr 2021 16:39:48 -0400." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 05 Apr 2021 07:44:59 -0700 X-CMAE-Envelope: MS4xfC4YtaKZic5guWCD8i4kStv0r+V7Oc7+HEsImRempO77vTFt5smZg+wxyiH+pUuWqYL9f9ae7ksSKoi0CEGmKiNHmFdxMYvtYLM3X8pUZRMdJ4iFm9Zq CTuWfZnf95et/ogUIp1hAD38+sYSIZbZivR3DYwOKxgH7mTxk0/hSEVTXvmfjAsNWjXxQbnb4XDPWkHSxRMeWzTBuRnP5tLNagAy5fsTolc7kiSsy9eiIMUG kUzNv/7wq63U/VeE35mKMw== X-Rspamd-Queue-Id: 4FDYNK3bY1z4g49 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 64.59.134.12) smtp.mailfrom=cy.schubert@cschubert.com X-Spamd-Result: default: False [1.30 / 15.00]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[64.59.134.12:from]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[70.66.148.124:received]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[64.59.134.12:from]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; SUBJECT_ENDS_QUESTION(1.00)[]; ARC_NA(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[cschubert.com: no valid DMARC record]; AUTH_NA(1.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[64.59.134.12:from:127.0.2.255]; RCVD_IN_DNSWL_LOW(-0.10)[64.59.134.12:from]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; MAILMAN_DEST(0.00)[freebsd-stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2021 14:45:06 -0000 In message , Ed Maste writes: > I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. I think this is an excellent start. My shopping list includes: - remove ftp(1) - remove ftpd(8) - remove telnet(1) - remove telnetd(8) - remove ftp:// and http:// from libfetch. This is 2021 and we should all use https://. - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS traffic? > > I'm happy to make a port for it if anyone needs it. Comments? I've started working on splitting ftp and ftpd into an external git repo. The problem I've encountered is that though only ftp and ftpd are left the resultant repo is still 1.2 GB. If my last attempt fails, there is a choice between a 1.2 GB repo and burning ftp forever then the choice is clear: burn it forever. Adding the following as an option: Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD ftp and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to share our customizations with NetBSD and we simply reply on NetBSD for the client and server in our ports? This last option might be simpler than creating a port. Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely on ports. Having worked on UNIX, Internet security, and firewalls over the last 3/5 of my almost 50 year career, I have lamented the existence of the FTP protocol back in 1995 and I hate the FTP protocol with greater a passion today. Let's simply remove all vestiges of FTP from the base system, including libfetch, sooner than later. We don't need it now that we have HTTPS and POST; and sftp. I think we should make it our goal to remove any and all unencrypted protocols from FreeBSD by 2025. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org The need of the many outweighs the greed of the few.