Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Sep 2020 12:14:49 -0300
From:      =?utf-8?Q?Lucas_Nali_de_Magalh=C3=A3es?= <rollingbits@gmail.com>
To:        Cy Schubert <Cy.Schubert@cschubert.com>
Cc:        Ed Maste <emaste@freebsd.org>, FreeBSD Current <FreeBSD-current@freebsd.org>
Subject:   Re: Deprecating ftpd in the FreeBSD base system?
Message-ID:  <E561492F-6849-400D-BE3C-B967DC7D7644@gmail.com>
In-Reply-To: <202009171404.08HE4fZj007939@slippy.cwsent.com>
References:  <202009171404.08HE4fZj007939@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi.

> On Sep 17, 2020, at 11:05 AM, Cy Schubert <Cy.Schubert@cschubert.com> wrot=
e:
> =EF=BB=BFIn message <CAPyFy2BHki84KuzP94AqTLk7v9FTAnLP-sa4HaFLq0kdxt0dEQ@m=
ail.gmail.c
> om>
> , Ed Maste writes:
>> FTP is (becoming?) a legacy protocol, and I think it may be time to
>> remove the ftp server from the FreeBSD base system - with the recent
>> security advisory for ftpd serving as a reminder.
>=20
> We should also deprecate the FTP client.
>=20
> I've been advocating removing FTP (and HTTP) from libfetch as well. People=
=20
> should be using HTTPS only. (libfetch could support a plugin that might be=
=20
> supplied by a port should someone be inclined to write one.)

I usually evaluate the possibility to interact with legacy stuff as a featur=
e and then this would make FreeBSD shine less. The associated security impro=
vement could be done in many different ways and this one is one of the worst=
s. Maybe a warning during use or a flag to disable/enable it when desired or=
 needed? And among all the security measures the project can take to improve=
 FreeBSD security, this one is on the bottom of my list for sure. FTPD not e=
ven comes enabled by default.

--=20
rollingbits =E2=80=94 =F0=9F=93=A7 rollingbits@gmail.com =F0=9F=93=A7 rollin=
gbits@terra.com.br =F0=9F=93=A7 rollingbits@yahoo.com =F0=9F=93=A7 rollingbi=
ts@globo.com =F0=9F=93=A7 rollingbits@icloud.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E561492F-6849-400D-BE3C-B967DC7D7644>