Date: Mon, 5 Apr 2021 19:27:23 +0100 From: Roger Leigh <rleigh@codelibre.net> To: freebsd-stable stable <freebsd-stable@freebsd.org> Subject: Re: Deprecating base system ftpd? Message-ID: <425D60FC-3A9A-4DFA-B793-13B821AFDA7D@codelibre.net> In-Reply-To: <eda59707-46cf-d7c1-512e-39a141cfda61@grosbein.net> References: <CAPyFy2AbP2X339zbemZ9Y8edjNKdyygnR9mH48Q78nxwDtOBAg@mail.gmail.com> <eda59707-46cf-d7c1-512e-39a141cfda61@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3 Apr 2021, at 22:21, Eugene Grosbein <eugen@grosbein.net> wrote: >=20 > 04.04.2021 3:39, Ed Maste wrote: >=20 >> I propose deprecating the ftpd currently included in the base system >> before FreeBSD 14, and opened review D26447 >> (https://reviews.freebsd.org/D26447) to add a notice to the man page. >> I had originally planned to try to do this before 13.0, but it = dropped >> off my list. FTP is not nearly as relevant now as it once was, and it >> had a security vulnerability that secteam had to address. >>=20 >> I'm happy to make a port for it if anyone needs it. Comments? >=20 > I'm strongly against remove of stock ftpd. FTP is fastest protocol for = both testing > and daily file transfer for trusted isolated segments, and even for = WAN wrapped in IPSec. >=20 > Our stock ftpd has very short backlog of security issues comparing = with other FTP server implementations, > mostly linked with libc or other libraries and not with ftpd code = itself. >=20 > Please don't fix what ain't broken. Please. How would you draw the line between something that must be part of the = base system vs. something that would be better off as part of the ports = tree? What bar should ftpd have to meet to warrant remaining in base vs = moving to ports? Personally, I=E2=80=99ve never enabled it nor had any desire to. FTP = is, at this point in time, thoroughly obsolescent, and I cannot imagine = that it is something that most people enable, if they are even aware of = its existence. Why can=E2=80=99t it simply be installed from the ports = for the occasional user who still requires it? Why should the base = system contain obsolete stuff that few people will use? Surely the = ports tree serves this need better? Can I ask, for those who do enable it, why isn=E2=80=99t =E2=80=9Csftp=E2=80= =9D acceptable (or =E2=80=9Cscp=E2=80=9D)? Both provide a similar = function, securely, which also works with a basic installation without = any ports. SSHFXP, the protocol underlying sftp is better specified, = less ambiguous and more fault tolerant and safe than the FTP protocol = ever was. The client is better than most ftp clients, and the server = (/usr/libexec/sftp-server) is started on demand on a per-connection = basis. What makes FTP more desirable than a service over SSH which is = (from a technical and usability point of view) a better FTP than FTP = ever was? Kind regards, Roger=09
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425D60FC-3A9A-4DFA-B793-13B821AFDA7D>