From owner-freebsd-stable@freebsd.org Mon Apr 5 15:28:13 2021 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E780F5BCAC3 for ; Mon, 5 Apr 2021 15:28:13 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33]) by mx1.freebsd.org (Postfix) with ESMTP id 4FDZL46jBsz4jX9; Mon, 5 Apr 2021 15:28:12 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: from localhost (bizet.nethelp.no [IPv6:2001:8c0:9e04:500::1]) by bizet.nethelp.no (Postfix) with ESMTP id DC8B6E6079; Mon, 5 Apr 2021 17:28:09 +0200 (CEST) Date: Mon, 05 Apr 2021 17:28:09 +0200 (CEST) Message-Id: <20210405.172809.200436441.sthaug@nethelp.no> To: Cy.Schubert@cschubert.com Cc: emaste@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Deprecating base system ftpd? From: sthaug@nethelp.no In-Reply-To: <202104051444.135EixF6025306@slippy.cwsent.com> References: <202104051444.135EixF6025306@slippy.cwsent.com> X-Mailer: Mew version 6.7 on Emacs 26 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FDZL46jBsz4jX9 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of sthaug@nethelp.no designates 195.1.209.33 as permitted sender) smtp.mailfrom=sthaug@nethelp.no X-Spamd-Result: default: False [1.10 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCPT_COUNT_THREE(0.00)[3]; RWL_MAILSPIKE_GOOD(0.00)[195.1.209.33:from]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[nethelp.no]; NEURAL_SPAM_SHORT(1.00)[1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[195.1.209.33:from]; FROM_NO_DN(0.00)[]; MID_CONTAINS_FROM(1.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:2116, ipnet:195.1.0.0/16, country:NO]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-stable]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2021 15:28:14 -0000 >> I propose deprecating the ftpd currently included in the base system >> before FreeBSD 14, and opened review D26447 >> (https://reviews.freebsd.org/D26447) to add a notice to the man page. >> I had originally planned to try to do this before 13.0, but it dropped >> off my list. FTP is not nearly as relevant now as it once was, and it >> had a security vulnerability that secteam had to address. > > I think this is an excellent start. My shopping list includes: > > - remove ftp(1) > - remove ftpd(8) > - remove telnet(1) > - remove telnetd(8) My preference would be to leave those four in the system. However, I can live with removal, as long as they are available as ports. > - remove ftp:// and http:// from libfetch. This is 2021 and we should all > use https://. Please don't. There is still a lot of content not available over https (and quite a few web sites with only "readonly" type content). Removal of ftp:// and http:// from libfetch simply means I'll have to install wget instead - and we're getting ever close to FreeBSD being only a kernel. > - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS > traffic? Because I trust my (European) ISP significantly more than I trust big US companies? Yes, I have a pretty good idea what Cloudflare, Google etc have said about the queries they receive. I still don't see a reason to trust them, given their actions in other areas. Bert Hubert has written much better then I can about moving everything to DoH/DoT: https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/ Steinar Haug, Nethelp consulting, sthaug@nethelp.no