From owner-freebsd-current@freebsd.org  Thu Sep 17 23:29:29 2020
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A69A13F1116
 for <freebsd-current@mailman.nyi.freebsd.org>;
 Thu, 17 Sep 2020 23:29:29 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BstTh5Fktz3XsC;
 Thu, 17 Sep 2020 23:29:28 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id J3LBkVuerTWWpJ3LCk6TmZ; Thu, 17 Sep 2020 17:29:27 -0600
X-Authority-Analysis: v=2.4 cv=EcV2/NqC c=1 sm=1 tr=0 ts=5f63f157
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=xqWC_Br6kY4A:10 a=kj9zAlcOel0A:10 a=reM5J-MqmosA:10 a=6I5d2MoRAAAA:8
 a=YxBL1-UpAAAA:8 a=EkcXrb_YAAAA:8 a=re3MI-Lb873Kp2c5MdQA:9 a=CjuIK1q_8ugA:10
 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=LK5xJRSDVpKd5WXXoEvA:22
Received: from slippy.cwsent.com (slippy [IPv6:fc00:1:1:1::5b])
 by spqr.komquats.com (Postfix) with ESMTPS id 482EE28E;
 Thu, 17 Sep 2020 16:29:24 -0700 (PDT)
Received: from slippy (localhost [127.0.0.1])
 by slippy.cwsent.com (8.16.1/8.16.1) with ESMTP id 08HNTNrH056088;
 Thu, 17 Sep 2020 16:29:23 -0700 (PDT)
 (envelope-from Cy.Schubert@cschubert.com)
Message-Id: <202009172329.08HNTNrH056088@slippy.cwsent.com>
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: Ian Lepore <ian@freebsd.org>
cc: John-Mark Gurney <jmg@funkthat.com>,
 FreeBSD Current <freebsd-current@freebsd.org>
Subject: Re: Deprecating ftpd in the FreeBSD base system?
In-reply-to: <0ab6a75e6b821058a2b939447a8e499196ec2388.camel@freebsd.org>
References: <CAPyFy2BHki84KuzP94AqTLk7v9FTAnLP-sa4HaFLq0kdxt0dEQ@mail.gmail.com>
 <202009171404.08HE4fZj007939@slippy.cwsent.com>
 <CALH631n=MEvoS+3qOo9nM6-VXYW85jVxv1ih1w=7kfW6E0feag@mail.gmail.com>
 <4d2c3d9dd633ed9a264cf3675dcbb4386f11ada3.camel@freebsd.org>
 <20200917194941.GY4213@funkthat.com>
 <0ab6a75e6b821058a2b939447a8e499196ec2388.camel@freebsd.org>
Comments: In-reply-to Ian Lepore <ian@freebsd.org>
 message dated "Thu, 17 Sep 2020 13:53:38 -0600."
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 17 Sep 2020 16:29:23 -0700
X-CMAE-Envelope: MS4xfKiRQQdq1Iyza2i0f+AR9CYMnUZw91ehqxYTZgATUwIbgayAK18SYCOSi2Ul6SXwm7zpSATJ3VVLxJUvZKqU+lmOnbrToxoJDeQjwyLvhN1B9wK4EFKm
 cqWc9R/oKZh+I69q/tDOp+SpxPVXba07M+eta9kOivEnMSuRrfP7rw+zb1kKg5BuNOLXJlFOYPSPxYOpZbhy82PaFj2aZ3s7s4P7sp5gm0O2Lxp78rJ9qv/k
 eci3Fu/CJBt9zAzwyqOAYUqjMCvwMqVk14gQGBqbDMc=
X-Rspamd-Queue-Id: 4BstTh5Fktz3XsC
X-Spamd-Bar: +++
X-Spamd-Result: default: False [3.02 / 15.00];
 HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 RWL_MAILSPIKE_GOOD(0.00)[64.59.134.12:from]; MV_CASE(0.50)[];
 RCVD_COUNT_THREE(0.00)[4]; TO_DN_ALL(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[70.67.125.17:received];
 RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA];
 SUBJECT_ENDS_QUESTION(1.00)[]; ARC_NA(0.00)[];
 REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; NEURAL_SPAM_SHORT(0.02)[0.022];
 NEURAL_HAM_LONG(-0.01)[-0.007]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[cschubert.com: no valid DMARC record];
 AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.70)[0.702];
 RCVD_IN_DNSWL_LOW(-0.10)[64.59.134.12:from];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[no SPF record];
 MAILMAN_DEST(0.00)[freebsd-current]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 23:29:29 -0000

In message <0ab6a75e6b821058a2b939447a8e499196ec2388.camel@freebsd.org>, 
Ian Le
pore writes:
> On Thu, 2020-09-17 at 12:49 -0700, John-Mark Gurney wrote:
> > Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600:
> > > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote:
> > > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert <
> > > > Cy.Schubert@cschubert.com>
> > > > wrote:
> > > > 
> > > > > I've been advocating removing FTP (and HTTP) from libfetch as
> > > > > well.
> > > > > People
> > > > > should be using HTTPS only.
> > > > > 
> > > > 
> > > > Isn't this a bit too much? I often find myself in need to
> > > > download
> > > > something starting with "http://" or "ftp://" and use fetch for
> > > > this.
> > > 
> > > Indeed, we have products which rely on this ability in libfetch and
> > > we
> > > have to keep supporting them for many many years to come.
> > > 
> > > I hate it when someone imperiously declares [For security reasons]
> > > "People should/shouldn't be using ______".  You have no idea what
> > > the
> > > context is, and thus no ability to declare what should or shouldn't
> > > be
> > > used in that context.  For example, two embedded systems talking to
> > > each other over a point to point link within a sealed device are
> > > not
> > > concerned about man in the middle attacks or other modern internet
> > > threats.
> > 
> > And I really dislike when people want to make sure that their unique
> > case that less than a percent of people would every hit blocks the
> > security improvements for the majority of people...
> > 
> > I've given up on a number of security improvements in FreeBSD because
> > of this attitude...
> > 
>
> Good.  Because what you call "improvements" I would probably call
> "Imposing policy rather than providing tools."

We as developers, here, on the job, or elsewhere, apply policy all the time 
when we make decisions regarding the software we write/maintain. When you 
think of it, I don't have the time for _____ is also a policy decision.

My former manager's 80/20 rule, as much as I didn't like it at the time 
(but now see the wisdom), was also a policy decision. A business decision.

>
> I've don't complain about making defaults the safest choices available.
> I complain about removing options completely because they're unsafe in
> some circumstances according to some people.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

	The need of the many outweighs the greed of the few.