In message <202009171753.08HHrjbj014850_at_gndrsh.dnsmgr.net>, "Rodney W. Grimes" writes: > > In message <CAPyFy2BHki84KuzP94AqTLk7v9FTAnLP-sa4HaFLq0kdxt0dEQ_at_mail.gmail. > c > > om> > > , Ed Maste writes: > > > FTP is (becoming?) a legacy protocol, and I think it may be time to > > > remove the ftp server from the FreeBSD base system - with the recent > > > security advisory for ftpd serving as a reminder. > > > > > > I've proposed adding a deprecation notice to the man page in > > > https://reviews.freebsd.org/D26447 to start this off. There are a > > > number of ftp servers in ports, and if we're going to remove the base > > > system one we can create a port for it first, as well. > > > > > > Any comments or concerns, please follow up in the code review or in email > her > > > e. > > > > We should also deprecate the FTP client. > > > > I've been advocating removing FTP (and HTTP) from libfetch as well. People > > should be using HTTPS only. (libfetch could support a plugin that might be > > supplied by a port should someone be inclined to write one.) > > All the world is NOT the internet, there are far to many > uses and places that do not need or warrant https, or sftp > to make this type of move. > > It is already become very annoying that certain infustructure > now only supports https for what is data that has no security > concern. > > Please do NOT remove the ftp client, or the ability of fetch > to use ftp or http protocols. > > > > > FTP is firewall unfriendly. > > Passive mode solved that decades ago. Not always, when you have dueling firewalls. When the local firewall allows passive and the remote firewall expects port ftp, i.e. denies ingress data port, you're stuck. I see this all the time. Switching from passive to port ftp will resolve the instance. I see this all the time. Usually due to NAT of ftp to a bastion in the DMZ. Even worse, Checkpoint is doing some funky things with various protocols. FTP-like protocols, like rexec, ftp, and oracle's tns listner are a royal PITA. -- Cheers, Cy Schubert <Cy.Schubert_at_cschubert.com> FreeBSD UNIX: <cy_at_FreeBSD.org> Web: https://FreeBSD.org NTP: <cy_at_nwtime.org> Web: https://nwtime.org The need of the many outweighs the greed of the few.Received on Thu Sep 17 2020 - 16:10:42 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC