On Thu, 2020-09-17 at 12:49 -0700, John-Mark Gurney wrote: > Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: > > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > > Cy.Schubert_at_cschubert.com> > > > wrote: > > > > > > > I've been advocating removing FTP (and HTTP) from libfetch as > > > > well. > > > > People > > > > should be using HTTPS only. > > > > > > > > > > Isn't this a bit too much? I often find myself in need to > > > download > > > something starting with "http://" or "ftp://" and use fetch for > > > this. > > > > Indeed, we have products which rely on this ability in libfetch and > > we > > have to keep supporting them for many many years to come. > > > > I hate it when someone imperiously declares [For security reasons] > > "People should/shouldn't be using ______". You have no idea what > > the > > context is, and thus no ability to declare what should or shouldn't > > be > > used in that context. For example, two embedded systems talking to > > each other over a point to point link within a sealed device are > > not > > concerned about man in the middle attacks or other modern internet > > threats. > > And I really dislike when people want to make sure that their unique > case that less than a percent of people would every hit blocks the > security improvements for the majority of people... > > I've given up on a number of security improvements in FreeBSD because > of this attitude... > Good. Because what you call "improvements" I would probably call "Imposing policy rather than providing tools." I've don't complain about making defaults the safest choices available. I complain about removing options completely because they're unsafe in some circumstances according to some people. -- IanReceived on Thu Sep 17 2020 - 17:53:43 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC