Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 Apr 2021 19:27:23 +0100
From:      Roger Leigh <rleigh@codelibre.net>
To:        freebsd-stable stable <freebsd-stable@freebsd.org>
Subject:   Re: Deprecating base system ftpd?
Message-ID:  <425D60FC-3A9A-4DFA-B793-13B821AFDA7D@codelibre.net>
In-Reply-To: <eda59707-46cf-d7c1-512e-39a141cfda61@grosbein.net>
References:  <CAPyFy2AbP2X339zbemZ9Y8edjNKdyygnR9mH48Q78nxwDtOBAg@mail.gmail.com> <eda59707-46cf-d7c1-512e-39a141cfda61@grosbein.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 3 Apr 2021, at 22:21, Eugene Grosbein <eugen@grosbein.net> wrote:
>=20
> 04.04.2021 3:39, Ed Maste wrote:
>=20
>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it =
dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
>>=20
>> I'm happy to make a port for it if anyone needs it. Comments?
>=20
> I'm strongly against remove of stock ftpd. FTP is fastest protocol for =
both testing
> and daily file transfer for trusted isolated segments, and even for =
WAN wrapped in IPSec.
>=20
> Our stock ftpd has very short backlog of security issues comparing =
with other FTP server implementations,
> mostly linked with libc or other libraries and not with ftpd code =
itself.
>=20
> Please don't fix what ain't broken. Please.

How would you draw the line between something that must be part of the =
base system vs. something that would be better off as part of the ports =
tree?  What bar should ftpd have to meet to warrant remaining in base vs =
moving to ports?

Personally, I=E2=80=99ve never enabled it nor had any desire to.  FTP =
is, at this point in time, thoroughly obsolescent, and I cannot imagine =
that it is something that most people enable, if they are even aware of =
its existence.  Why can=E2=80=99t it simply be installed from the ports =
for the occasional user who still requires it?  Why should the base =
system contain obsolete stuff that few people will use?  Surely the =
ports tree serves this need better?

Can I ask, for those who do enable it, why isn=E2=80=99t =E2=80=9Csftp=E2=80=
=9D acceptable (or =E2=80=9Cscp=E2=80=9D)?  Both provide a similar =
function, securely, which also works with a basic installation without =
any ports.  SSHFXP, the protocol underlying sftp is better specified, =
less ambiguous and more fault tolerant and safe than the FTP protocol =
ever was.  The client is better than most ftp clients, and the server =
(/usr/libexec/sftp-server) is started on demand on a per-connection =
basis.  What makes FTP more desirable than a service over SSH which is =
(from a technical and usability point of view) a better FTP than FTP =
ever was?

Kind regards,
Roger=09




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425D60FC-3A9A-4DFA-B793-13B821AFDA7D>