Date: Wed, 7 Apr 2021 12:17:58 +0000 From: tech-lists <tech-lists@zyxst.net> To: freebsd-stable@freebsd.org Subject: Re: Deprecating base system ftpd? Message-ID: <YG2i9hxDCHuDH4G8@ceres.zyxst.net> In-Reply-To: <202104051444.135EixF6025306@slippy.cwsent.com> References: <CAPyFy2AbP2X339zbemZ9Y8edjNKdyygnR9mH48Q78nxwDtOBAg@mail.gmail.com> <202104051444.135EixF6025306@slippy.cwsent.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Hi, I'm a bit late to the discussion On Mon, Apr 05, 2021 at 07:44:59AM -0700, Cy Schubert wrote: >I think this is an excellent start. My shopping list includes: > >- remove ftp(1) >- remove ftpd(8) >- remove telnet(1) >- remove telnetd(8) >- remove ftp:// and http:// from libfetch. This is 2021 and we should all >use https://. >- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS >traffic? Very firmly against this, and this sort of thing, for the following reasons: 1. I want an OS, not a kernel. If I just want a kernel, then why not go with linux? FreeBSD is meant to be, I think, (generally), a server OS. So, would you agree that it needs the ability to have server protocols easily configured, with a minimum of fuss, without packages? 2. a lot of infrastructure depends on ftpd. it's easy to configure securely ftpd in base. 3. there are some networks, like internal ones, where encryption is not a requirement, or appropriate. 4. there are some places where encryption is in fact illegal. >Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely >on ports. Having worked on UNIX, Internet security, and firewalls over the >last 3/5 of my almost 50 year career, I have lamented the existence of the >FTP protocol back in 1995 and I hate the FTP protocol with greater a >passion today. Let's simply remove all vestiges of FTP from the base >system, including libfetch, sooner than later. We don't need it now that we >have HTTPS and POST; and sftp. 5. some services commonly don't use https. Lots of internet radio stations don't. If https is enforced then the user will have to jump through more hoops than they already do in order to, in this case, listen to internet radio. Or face a loss of functionality. 6. not everywhere will have constant internet access. Not everyone will want to use pkgs or have space for the ports tree. >I think we should make it our goal to remove any and all unencrypted >protocols from FreeBSD by 2025. I think you should carefully think of the consequences of removing functionality in the default install. It will make it less useful, not more. -- J. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAmBtou0ACgkQs8o7QhFz NAXy3RAAjfR97qYe+4+u9NrcpwcA8rKtxiffqt85Y9YnbcRAlWgoC8bK1mtM+XXf 2yg6reHcpI2S1ZWvzmpNFJW3zQP0+VLwPEhbRz1nUohJabruyLcWnOcUawu0wf08 3Edq1zFchnzGY+XGTyTyAdRPobdUAyIXPg1FxRtWmpZebflEE7A0KUj8rrM1V6+X QMi9Sr4sktkLTlrTNwuQgRG0nd6cBhTUOnijHKOj0RB12wusexzRRqzxb1H5RYvG nZfiCy3qykhaqdx/bX/FnTN6EL959nmXZzim3gZ3/SY9evESnYb+/DOVgGQieoWC hYSm7wfUhWDpzzUY7/9rFwqqEQaU0zVcjrShJMd+QlqcrgwJ+llmDZtAA7QNj8fZ zeww8WP8R3kuOH31FkUl5K5zTA5gk8StDqhULCn5wMQxV1Yc6vyNhHudqpqzAR/n mFypp7ErR7PPkGnWOKMkiYc1HX8RYGO/uy8s6C8oPo2SE5HFyOyOL78tuIxICrup bj7PLF5X7pQLb2fgQx2jVgXKDZFEuYoHVM5/1gC+ht5WUR0Vt9tl+6AgOfHwOkhh 8290zhTWRYgDF67CQV9JTeuNjYHjaOQyZuYabdg5dJmyexnl1N/2xBBy6Z0bWb7y aPM1T1wI3AEvkwCIWyWI7TtUOqnV5zCLghkydLorYxqomQO+Gbo= =WOZi -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YG2i9hxDCHuDH4G8>