From owner-freebsd-current@freebsd.org Thu Sep 17 19:53:43 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 21DCD3EBD10 for ; Thu, 17 Sep 2020 19:53:43 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound2k.ore.mailhop.org (outbound2k.ore.mailhop.org [54.148.219.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bsnhk2fzzz4WTj for ; Thu, 17 Sep 2020 19:53:42 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1600372421; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=T3C9WCRsyzSQ36qualIK3fU0bKF7qjfRP8tlYcZyw/+oIr6jl0D3fQ6RRMfJumriWWacewkRuyjUh wsd8FwXEtGJYtL5IPsc1MsngQAJWUphMSJCrwOgh1dPOJP8CDTT3p8ahTSExyW95zUEkTyqT38km8v HNH5oNMf6Q8vGEsH+FS8996sEfWA2kZJzsnVvJs/klu3erEUkb4h0MOdc1nFo6jlw9qpFMav9aYfgU R9T4KR1WtCM9R9V09tx8B19RUHa0CsU+nxL246i3YzQaTU1N+Z+Yeczd4Ro2Jtdxlfhw/CzI+hsqNR 0wUJWe++XeB5HG8rg6DYKySscyTSbUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:dkim-signature:from; bh=VNSfC9fv17o7b2bDte3UIEE+3/Ah87gR7nX8XrSz29Q=; b=bGwRvyiiI8X/TrNrOcxM+jo+oH//PwkThV95+glJ1KDq2UhGTsMSac9o32PwObHGvwmAYswafooB/ vM0Sq1etB40kKB+ygO82PUB3D0qw8bI3/2odN7bs1DcdNx681AK2TVOTDpXU3UFYahEYMnhAZ6xe/7 huHOwIrI4ZqCVGM0oBjnPYyetdREv0/g1unFH52q64dBu0VKfuXkZ3502arMrr95tGp15spTKbfIXm hKpmAKT/K4RWDn1O4aV66JLD34oJThoASDbzTEyQLnqiTkEuy0wABULhUjuRFNZo0lgg14eEXxsMRs ChnKXf6kQRtoPsobSigLF1LhTGnmHQg== ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; X-MHO-RoutePath: aGlwcGll X-MHO-User: 7acc54f1-f91f-11ea-9e11-df46ed8f892f X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (c-67-177-211-60.hsd1.co.comcast.net [67.177.211.60]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 7acc54f1-f91f-11ea-9e11-df46ed8f892f; Thu, 17 Sep 2020 19:53:40 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id 08HJrcbK006642; Thu, 17 Sep 2020 13:53:38 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <0ab6a75e6b821058a2b939447a8e499196ec2388.camel@freebsd.org> Subject: Re: Deprecating ftpd in the FreeBSD base system? From: Ian Lepore To: John-Mark Gurney Cc: FreeBSD Current Date: Thu, 17 Sep 2020 13:53:38 -0600 In-Reply-To: <20200917194941.GY4213@funkthat.com> References: <202009171404.08HE4fZj007939@slippy.cwsent.com> <4d2c3d9dd633ed9a264cf3675dcbb4386f11ada3.camel@freebsd.org> <20200917194941.GY4213@funkthat.com> Content-Type: text/plain; charset="ASCII" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Bsnhk2fzzz4WTj X-Spamd-Bar: / X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:16509, ipnet:54.148.0.0/15, country:US]; local_wl_from(0.00)[freebsd.org] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Sep 2020 19:53:43 -0000 On Thu, 2020-09-17 at 12:49 -0700, John-Mark Gurney wrote: > Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: > > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > > Cy.Schubert@cschubert.com> > > > wrote: > > > > > > > I've been advocating removing FTP (and HTTP) from libfetch as > > > > well. > > > > People > > > > should be using HTTPS only. > > > > > > > > > > Isn't this a bit too much? I often find myself in need to > > > download > > > something starting with "http://" or "ftp://" and use fetch for > > > this. > > > > Indeed, we have products which rely on this ability in libfetch and > > we > > have to keep supporting them for many many years to come. > > > > I hate it when someone imperiously declares [For security reasons] > > "People should/shouldn't be using ______". You have no idea what > > the > > context is, and thus no ability to declare what should or shouldn't > > be > > used in that context. For example, two embedded systems talking to > > each other over a point to point link within a sealed device are > > not > > concerned about man in the middle attacks or other modern internet > > threats. > > And I really dislike when people want to make sure that their unique > case that less than a percent of people would every hit blocks the > security improvements for the majority of people... > > I've given up on a number of security improvements in FreeBSD because > of this attitude... > Good. Because what you call "improvements" I would probably call "Imposing policy rather than providing tools." I've don't complain about making defaults the safest choices available. I complain about removing options completely because they're unsafe in some circumstances according to some people. -- Ian