Hi. > On Sep 17, 2020, at 11:05 AM, Cy Schubert <Cy.Schubert_at_cschubert.com> wrote: > In message <CAPyFy2BHki84KuzP94AqTLk7v9FTAnLP-sa4HaFLq0kdxt0dEQ_at_mail.gmail.c > om> > , Ed Maste writes: >> FTP is (becoming?) a legacy protocol, and I think it may be time to >> remove the ftp server from the FreeBSD base system - with the recent >> security advisory for ftpd serving as a reminder. > > We should also deprecate the FTP client. > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > should be using HTTPS only. (libfetch could support a plugin that might be > supplied by a port should someone be inclined to write one.) I usually evaluate the possibility to interact with legacy stuff as a feature and then this would make FreeBSD shine less. The associated security improvement could be done in many different ways and this one is one of the worsts. Maybe a warning during use or a flag to disable/enable it when desired or needed? And among all the security measures the project can take to improve FreeBSD security, this one is on the bottom of my list for sure. FTPD not even comes enabled by default. -- rollingbits — 📧 rollingbits_at_gmail.com 📧 rollingbits_at_terra.com.br 📧 rollingbits_at_yahoo.com 📧 rollingbits_at_globo.com 📧 rollingbits_at_icloud.comReceived on Thu Sep 17 2020 - 13:14:56 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC