Re: Deprecating ftpd in the FreeBSD base system?

From: Rodney W. Grimes <freebsd-rwg_at_gndrsh.dnsmgr.net>
Date: Thu, 17 Sep 2020 10:53:45 -0700 (PDT)
> In message <CAPyFy2BHki84KuzP94AqTLk7v9FTAnLP-sa4HaFLq0kdxt0dEQ_at_mail.gmail.c
> om>
> , Ed Maste writes:
> > FTP is (becoming?) a legacy protocol, and I think it may be time to
> > remove the ftp server from the FreeBSD base system - with the recent
> > security advisory for ftpd serving as a reminder.
> >
> > I've proposed adding a deprecation notice to the man page in
> > https://reviews.freebsd.org/D26447 to start this off. There are a
> > number of ftp servers in ports, and if we're going to remove the base
> > system one we can create a port for it first, as well.
> >
> > Any comments or concerns, please follow up in the code review or in email her
> > e.
> 
> We should also deprecate the FTP client.
> 
> I've been advocating removing FTP (and HTTP) from libfetch as well. People 
> should be using HTTPS only. (libfetch could support a plugin that might be 
> supplied by a port should someone be inclined to write one.)

All the world is NOT the internet, there are far to many
uses and places that do not need or warrant https, or sftp
to make this type of move.

It is already become very annoying that certain infustructure
now only supports https for what is data that has no security
concern.

Please do NOT remove the ftp client, or the ability of fetch
to use ftp or http protocols.

> 
> FTP is firewall unfriendly.

Passive mode solved that decades ago.

> 
> The F5 gateway at $JOB does not support FTP. When we still worked at the 
> office I had to take my $JOB laptop to the coffee shop to use their 
> wireless to download patches from Broadcom's FTP site. Now that I WFH (we 
> won't ever go back to the office) I download while disconnected from the 
> VPN.

I believe this is mis-information on F5 gateways, I know that at least
some of them can be configure to support ftp.  Any gateway/firewall
that can not be configure to support passive mode ftp is.. um... broken.

> Then move the removed bits to ports, which I think we already have in tnftp 
> and tnftpd.
> 
> 
> -- 
> Cheers,
> Cy Schubert <Cy.Schubert_at_cschubert.com>
> FreeBSD UNIX:  <cy_at_FreeBSD.org>   Web:  https://FreeBSD.org
> NTP:           <cy_at_nwtime.org>    Web:  https://nwtime.org
> 
> 	The need of the many outweighs the greed of the few.
> 
> 
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
> 

-- 
Rod Grimes                                                 rgrimes_at_freebsd.org
Received on Thu Sep 17 2020 - 15:53:53 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC