I hope these are not dumb questions. Would sftp (secure ftp) be a better alternative than ftp? What was the logic to remove that option on the network install versus http? is there even a benefit for the mirrors to be on https (secure http) vs http and would that allow for a verified download like the openbsd compact disks? I always got really concerned when the install prompted me that "Directory does not contain SHA256.sig. Continue without verification?" before actually using official openbsd compact dics. My intent is to assess the strengths and weaknesses of the protocols being discussed and comparing them with respect to security.
On Mon, Nov 16, 2015 at 6:09 AM, Raul Miller <rauldmil...@gmail.com> wrote: > All protocols are, to some degree or another. Especially when you look > at all the irrelevant complexity of a full implementation. > > Sometimes there's no good answers. > > -- > Raul > > On Mon, Nov 16, 2015 at 8:25 AM, Eric Furman <ericfur...@fastmail.net> > wrote: > > Yea, but ftp is a shitty protocol that should have died > > a merciful death a long time ago so.... > > > > On Mon, Nov 16, 2015, at 06:07 AM, Marc Peters wrote: > >> Am 11/16/15 um 12:00 schrieb Stefan Wollny: > >> > Hi there, > >> > > >> > I may be wrong but I thought usage of ftp to get information and to > >> > download packages is discouraged. I just noticed (after having done a > >> > fresh install of amd64-current) reading the welcome mail "Welcome to > >> > OpenBSD 5.8!" that the ftp-protocol is still given. > >> > > >> > Instead > >> > ftp://ftp.openbsd.org/pub/OpenBSD/5.8/packages > >> > shouldn't this rather be > >> > http://ftp.openbsd.org/pub/OpenBSD/5.8/packages > >> > >> ftp is still a valid option for packages. The installation via ftp is > >> not supported anymore. > >> > >> > >> Marc
