From owner-freebsd-arch Fri Feb 16 12:29:31 2001 Delivered-To: freebsd-arch@freebsd.org Received: from smtp10.phx.gblx.net (smtp10.phx.gblx.net [206.165.6.140]) by hub.freebsd.org (Postfix) with ESMTP id 7A4F837B4EC for ; Fri, 16 Feb 2001 12:29:25 -0800 (PST) Received: (from daemon@localhost) by smtp10.phx.gblx.net (8.9.3/8.9.3) id NAA15374; Fri, 16 Feb 2001 13:28:54 -0700 Received: from usr05.primenet.com(206.165.6.205) via SMTP by smtp10.phx.gblx.net, id smtpdvZljUa; Fri Feb 16 13:28:47 2001 Received: (from tlambert@localhost) by usr05.primenet.com (8.8.5/8.8.5) id NAA07885; Fri, 16 Feb 2001 13:29:14 -0700 (MST) From: Terry Lambert Message-Id: <200102162029.NAA07885@usr05.primenet.com> Subject: Re: List of things to move from main tree to ports (was Re: To: Cy.Schubert@uumail.gov.bc.ca Date: Fri, 16 Feb 2001 20:29:14 +0000 (GMT) Cc: dillon@earth.backplane.com (Matt Dillon), des@ofug.org (Dag-Erling Smorgrav), mark@grondar.za (Mark Murray), arch@FreeBSD.ORG In-Reply-To: <200102161835.f1GIZOB29603@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at Feb 16, 2001 10:34:37 AM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > I'll collect all the responses from the list together and put together > > a comprehensive list, then post it tonight. > > Please move Sendmail to ports. People should have a choice of which > MTA they want to use. Sendmail should not have any special status when > compared to other MTA's in ports. Qmail and postfix are quite popular > too and they are in ports. Please don't, until after you fix the rc code to allow it to be dropped in without manual editting being required. > BIND: There is a growing groundswell in favour of djbdns. People > should have a choice. Once again if they choose djbdns, BIND takes up > space that could be used by other software on the disk. Economy. Please don't. DJBDNS lacks significant and important functionality for all but trivial (one controller or single zone) uses. Also, if this goes in over that objection, please don't do it until after you have broken libresolv out of libc. > telnetd and ftpd. (I suppose the clients can stay in the base system, > though fetch and a web browser can do the same). I no longer offer > anonymous ftp services on most systems I manage, as a web browser can > serve files just as well (assuming the client has approved of the > changes), and the HTTP protocol is firewall friendly while FTP is not. For behind a firewall, telnetd and ftpd are useful. The ability to set up an ftpd for maintenance and support easily, and without a lot of work are important. Similarly, ftp and telnet clients are useful for more than talking to their respective servers locally; you can not debug SMTP or POP3 or IMAP4, etc., without telnet. For the daemons, please do not remove them, until you have addressed the ability of a port to manipulate the contents of the inetd.conf file, so that if they are selected as part of an installation (I suspect, people will want a "traditional" option to be default in sysinstall, with a totally seperate and non-default "anal" option). > For non-anonymous FTP, there is sftp. It's not the same protocol but > the user interface is the same. Sftp, which uses SSH is much more > secure and is firewall friendly, e.g. doesn't need any FTP proxy. > Anyhow, I hope everyone can understand my rationale for moving away > from FTP. You don't want us to be able to download files from Windows servers? > I realise these are sensitive issues, which is why I propose a long > lead time. By then other open source projects and maybe even some > vendors might have caught on to the idea as well. I suspect that whatever group wants to change the world will have to provide all the vendors with a fait accompli, for the change to be global. Volunteers gratefully accepted to work on the original code, ports to other OS's that can be integrated into vendor source trees without fear of the license, modification to the mozilla source to ad "sftp" handling, a plugin for Internet Expolorer on Windows, Macintosh, and Solaris, and an RFC to define the "sftp://" URI introducer. > For those of use who have private networks with people you can trust on > them, e.g. my network at home, I see no problem using these services > and protocols. Having said that, this breaks one premise of good > security (which I don't even follow as much as I preach), which is > security through depth, so even then I can argue against using these > protocols there. I suggest a port called "audit", which you can write to complain about, among other things, "lack of depth". > Hopefully I haven't ruffled too many feathers and have conveyed my > message in a constructive manner. We can agree to disagree, without having to worry about it coming to blows, I think. 8-). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message