"Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or “scp”)? Both provide a similar function, securely, which also works with a basic installation without any ports. SSHFXP, the protocol underlying sftp is better specified, less ambiguous and more fault tolerant and safe than the FTP protocol ever was. The client is better than most ftp clients, and the server (/usr/libexec/sftp-server) is started on demand on a per-connection basis. What makes FTP more desirable than a service over SSH which is (from a technical and usability point of view) a better"r FTP than FTP ever was?"
Because we have a lot of legacy clients, in the field that use ftp to transfer non sensitive data, it's simple, and I don't see the need to revisit this because it's an old fashioned non encrypted protocol, you may disagree that's fine, but for many purposes it does the job. Sure there may be better tools, but I see no reason to re issue lots of client apps that are built on this and are working fine needlessly, G On Mon, Apr 5, 2021 at 7:28 PM Roger Leigh <rle...@codelibre.net> wrote: > On 3 Apr 2021, at 22:21, Eugene Grosbein <eu...@grosbein.net> wrote: > > > > 04.04.2021 3:39, Ed Maste wrote: > > > >> I propose deprecating the ftpd currently included in the base system > >> before FreeBSD 14, and opened review D26447 > >> (https://reviews.freebsd.org/D26447) to add a notice to the man page. > >> I had originally planned to try to do this before 13.0, but it dropped > >> off my list. FTP is not nearly as relevant now as it once was, and it > >> had a security vulnerability that secteam had to address. > >> > >> I'm happy to make a port for it if anyone needs it. Comments? > > > > I'm strongly against remove of stock ftpd. FTP is fastest protocol for > both testing > > and daily file transfer for trusted isolated segments, and even for WAN > wrapped in IPSec. > > > > Our stock ftpd has very short backlog of security issues comparing with > other FTP server implementations, > > mostly linked with libc or other libraries and not with ftpd code itself. > > > > Please don't fix what ain't broken. Please. > > How would you draw the line between something that must be part of the > base system vs. something that would be better off as part of the ports > tree? What bar should ftpd have to meet to warrant remaining in base vs > moving to ports? > > Personally, I’ve never enabled it nor had any desire to. FTP is, at this > point in time, thoroughly obsolescent, and I cannot imagine that it is > something that most people enable, if they are even aware of its > existence. Why can’t it simply be installed from the ports for the > occasional user who still requires it? Why should the base system contain > obsolete stuff that few people will use? Surely the ports tree serves this > need better? > > Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or > “scp”)? Both provide a similar function, securely, which also works with a > basic installation without any ports. SSHFXP, the protocol underlying sftp > is better specified, less ambiguous and more fault tolerant and safe than > the FTP protocol ever was. The client is better than most ftp clients, and > the server (/usr/libexec/sftp-server) is started on demand on a > per-connection basis. What makes FTP more desirable than a service over > SSH which is (from a technical and usability point of view) a better FTP > than FTP ever was? > > Kind regards, > Roger > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" > _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
