On Thu, Aug 22, 2024 at 07:12:37PM -0500, Jacob Bachmeyer via Gnupg-users wrote: > > [...] > > > I would encourage resuming FTP distribution, since I see no > > > plausible security benefit to omitting it. > > > > For the download usecase, I see no plausible benefit to providing FTP > > service in addition to HTTPS. A web server plus an FTP server will > > always be a larger attack surface than only the web server. I recommend > > leaving the FTP server off. > > FTP is a longstanding and simple protocol; accordingly, FTP servers were all > hardened long ago. The incremental risk is slight, compared to the > complexity of a modern httpd.
At the same time, FTP would provide redundancy. I don't think HTTPS failures are absolutely uncommon these days.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
