Date: Fri, 16 Feb 2001 10:34:37 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Matt Dillon <dillon@earth.backplane.com> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Dag-Erling Smorgrav <des@ofug.org>, Mark Murray <mark@grondar.za>, arch@FreeBSD.ORG Subject: Re: List of things to move from main tree to ports (was Re: Wish List (was: Re: The /usr/bin/games bikeshed again)) Message-ID: <200102161835.f1GIZOB29603@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 16 Feb 2001 10:01:14 PST." <200102161801.f1GI1Ew98317@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200102161801.f1GI1Ew98317@earth.backplane.com>, Matt Dillon writes: > I'll collect all the responses from the list together and put together > a comprehensive list, then post it tonight. Please move Sendmail to ports. People should have a choice of which MTA they want to use. Sendmail should not have any special status when compared to other MTA's in ports. Qmail and postfix are quite popular too and they are in ports. BIND: There is a growing groundswell in favour of djbdns. People should have a choice. Once again if they choose djbdns, BIND takes up space that could be used by other software on the disk. Economy. telnetd and ftpd. (I suppose the clients can stay in the base system, though fetch and a web browser can do the same). I no longer offer anonymous ftp services on most systems I manage, as a web browser can serve files just as well (assuming the client has approved of the changes), and the HTTP protocol is firewall friendly while FTP is not. For non-anonymous FTP, there is sftp. It's not the same protocol but the user interface is the same. Sftp, which uses SSH is much more secure and is firewall friendly, e.g. doesn't need any FTP proxy. Anyhow, I hope everyone can understand my rationale for moving away from FTP. All four of these have been very hot issues in the past. Judging from the responses in the past, I'd suggest taking a vote and deciding from there. Some of the above have flags defined in make.conf others don't. I suppose the place to start would be to define macros for each of the above that don't have macros defined in make.conf. Then after a while, like FreeBSD-6.0, default the above to "don't build". Finally, e.g. FreeBSD-7.0, people might be acclimatised to not having them, the can be moved to ports. For some, like ftpd and ftp, telnetd and telnet, we may have to phase in the solution over a much longer period of time -- call it a 3 or 5 year plan (virtually forever in this business but taking it slow should satisfy most if not all people). I realise these are sensitive issues, which is why I propose a long lead time. By then other open source projects and maybe even some vendors might have caught on to the idea as well. For those of use who have private networks with people you can trust on them, e.g. my network at home, I see no problem using these services and protocols. Having said that, this breaks one premise of good security (which I don't even follow as much as I preach), which is security through depth, so even then I can argue against using these protocols there. Hopefully I haven't ruffled too many feathers and have conveyed my message in a constructive manner. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102161835.f1GIZOB29603>