Date: Thu, 17 Sep 2020 16:29:23 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Ian Lepore <ian@freebsd.org> Cc: John-Mark Gurney <jmg@funkthat.com>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Deprecating ftpd in the FreeBSD base system? Message-ID: <202009172329.08HNTNrH056088@slippy.cwsent.com> In-Reply-To: <0ab6a75e6b821058a2b939447a8e499196ec2388.camel@freebsd.org> References: <CAPyFy2BHki84KuzP94AqTLk7v9FTAnLP-sa4HaFLq0kdxt0dEQ@mail.gmail.com> <202009171404.08HE4fZj007939@slippy.cwsent.com> <CALH631n=MEvoS%2B3qOo9nM6-VXYW85jVxv1ih1w=7kfW6E0feag@mail.gmail.com> <4d2c3d9dd633ed9a264cf3675dcbb4386f11ada3.camel@freebsd.org> <20200917194941.GY4213@funkthat.com> <0ab6a75e6b821058a2b939447a8e499196ec2388.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <0ab6a75e6b821058a2b939447a8e499196ec2388.camel@freebsd.org>, Ian Le pore writes: > On Thu, 2020-09-17 at 12:49 -0700, John-Mark Gurney wrote: > > Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: > > > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > > > Cy.Schubert@cschubert.com> > > > > wrote: > > > > > > > > > I've been advocating removing FTP (and HTTP) from libfetch as > > > > > well. > > > > > People > > > > > should be using HTTPS only. > > > > > > > > > > > > > Isn't this a bit too much? I often find myself in need to > > > > download > > > > something starting with "http://" or "ftp://" and use fetch for > > > > this. > > > > > > Indeed, we have products which rely on this ability in libfetch and > > > we > > > have to keep supporting them for many many years to come. > > > > > > I hate it when someone imperiously declares [For security reasons] > > > "People should/shouldn't be using ______". You have no idea what > > > the > > > context is, and thus no ability to declare what should or shouldn't > > > be > > > used in that context. For example, two embedded systems talking to > > > each other over a point to point link within a sealed device are > > > not > > > concerned about man in the middle attacks or other modern internet > > > threats. > > > > And I really dislike when people want to make sure that their unique > > case that less than a percent of people would every hit blocks the > > security improvements for the majority of people... > > > > I've given up on a number of security improvements in FreeBSD because > > of this attitude... > > > > Good. Because what you call "improvements" I would probably call > "Imposing policy rather than providing tools." We as developers, here, on the job, or elsewhere, apply policy all the time when we make decisions regarding the software we write/maintain. When you think of it, I don't have the time for _____ is also a policy decision. My former manager's 80/20 rule, as much as I didn't like it at the time (but now see the wisdom), was also a policy decision. A business decision. > > I've don't complain about making defaults the safest choices available. > I complain about removing options completely because they're unsafe in > some circumstances according to some people. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009172329.08HNTNrH056088>