Hi Leo et al,
On +2021-02-13 14:12:13 -0500, Leo Famulari wrote:
> On Sat, Feb 13, 2021 at 07:34:09PM +0100, Bengt Richter wrote:
> > I would prefer something that fits in with mes-philosopy.
> > ftp seems old and simple, so I would vote for push-back
> > to fix the ftp client involved.
>
> FTP is more complicated than HTTP in that it requires the use of
> multiple connections. Additionally, it's often blocked on corporate
> networks, whereas HTTP/S is never going to be blocked (HTTPS anyways).
>
> Based on experience in Guix, we have never had bug reports from users
> who could not access sources over HTTP/S, but there have been several
> reports of problems using FTP. The HTTP/S ports 80 and 443 are basically
> the only ports you can depend on being open on a network that is
> connected to the internet.
>
> The creator of curl compares them here:
>
> https://daniel.haxx.se/docs/ftp-vs-http.html
Thanks, that was interesting.
He says (re download speed)
"Ultimately the net outcome of course differs depending on
specific details, but I would say that for single-shot static files,
you won't be able to measure a difference."
So in that case, what's minimal, and how vulnerable is it?
Is there a minimal quic without google upstream?
or X.25 -- dating myself ;-P
and what about TFTP/PXE ??
What would the mes-people suggest
for minimalist functionality, and minimal trust scope,
and maximal monopoly-independence, I wonder?
[meta-question] How does one gracefully go off-topic onto a tangential
discussion? I thought my original comment re expired gpg key might
have helped in some way, but my comment wanting to get the ftp fixed
intead of (or in addition to) being bypassed provoked the explanation
of how I was deluded (ok, no worries :), but I might want to
say something about separate connections isolating meta-data and data
as being a "feature" that I expect to see more of, but that would be
another step along the tangent ... or osculating circle? NNTR :-D
--
Regards,
Bengt Richter
