Werner Koch wrote:
On Tue, 20 Aug 2024 00:26, Jacob Bachmeyer said:
I would encourage resuming FTP distribution, since I see no plausible
security benefit to omitting it.
I agree with your arguments. However, not providing FTP saves us from a
lot of bike shedding discussions ;-)
Like what? Whether to provide FTP? ;-)
Another reason why we stopped FTP is that I currently don't anymore
trust the oftpd we are using because it seems I have to maintain it
myself. Moving to Apache might be an option but that can only be done
when we also move the web server to Apache. We are still running Boa
instances behind Pound on pretty old hardware. This needs to be
changed, I know.
Admittedly, I was assuming currently-maintained software on the server.
(Although FTP is simple enough that I would expect the exploitable bugs
in *ftpd to have all been fixed by now.) If you need to disable FTP for
the time being until new software can be installed on the server, well,
that is what it is.
I would suggest checking what ftpd Debian ships and using that.
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
