On 2024-08-22 Alex via Gnupg-users wrote:
[...]
> In case ftp is something which should be still provided maybe twoftpd could
> be an option.
> https://packages.debian.org/buster/twoftpd
> http://www.untroubled.org/twoftpd/
[...]
Hello,
Sure, a package removed from Debian about two years ago be
On 2024-08-23 06:27, Ineiev via Gnupg-users wrote:
On Thu, Aug 22, 2024 at 02:01:15PM +0200, Björn Persson wrote:
Those who already have GPG and the release-signing keys can verify the
next version of GPG that way. To anyone who doesn't already have GPG,
HTTPS is the best integrity protection th
On Thu, Aug 22, 2024 at 02:01:15PM +0200, Björn Persson wrote:
>
> Those who already have GPG and the release-signing keys can verify the
> next version of GPG that way. To anyone who doesn't already have GPG,
> HTTPS is the best integrity protection they will get.
Meeting Werner in person may be
On Thu, Aug 22, 2024 at 07:12:37PM -0500, Jacob Bachmeyer via Gnupg-users wrote:
> > [...]
> > > I would encourage resuming FTP distribution, since I see no
> > > plausible security benefit to omitting it.
> >
> > For the download usecase, I see no plausible benefit to providing FTP
> > service in
Björn Persson wrote:
Jacob Bachmeyer via Gnupg-users wrote:
Unlike HTTP, FTP is /not/ subject to simple Man-on-the-Side attacks
(which motivated the rush to HTTPS) because there is no in-protocol
redirect.
So FTP isn't vulnerable to that particular attack,
... which is important bec
Werner Koch wrote:
On Wed, 21 Aug 2024 19:09, Jacob Bachmeyer said:
configured for anonymous-only. FTP is both simple and ancient, so I
Yes, the protocol is simple but most server implementaions are pretty
complex. That is why we settled for oftpd nearly decades ago. And as
we see
On Thu, 22 Aug 2024 14:01, Björn Persson said:
> next version of GPG that way. To anyone who doesn't already have GPG,
> HTTPS is the best integrity protection they will get.
Not really. This does not protect the files on the server. Only the
.sig and the checksums posted to several places can
Jacob Bachmeyer via Gnupg-users wrote:
> Unlike HTTP, FTP is /not/ subject to simple Man-on-the-Side attacks
> (which motivated the rush to HTTPS) because there is no in-protocol
> redirect.
So FTP isn't vulnerable to that particular attack, and attackers have
to resort to TCP hijacking or DNS p
Hi.
On 2024-08-22 (Do.) 09:48, Werner Koch via Gnupg-users wrote:
On Wed, 21 Aug 2024 19:09, Jacob Bachmeyer said:
configured for anonymous-only. FTP is both simple and ancient, so I
Yes, the protocol is simple but most server implementaions are pretty
complex. That is why we settled for o
On Wed, 21 Aug 2024 19:09, Jacob Bachmeyer said:
> configured for anonymous-only. FTP is both simple and ancient, so I
Yes, the protocol is simple but most server implementaions are pretty
complex. That is why we settled for oftpd nearly decades ago. And as
we see we are already building a fil
Werner Koch wrote:
On Tue, 20 Aug 2024 19:19, Jacob Bachmeyer said:
I would suggest checking what ftpd Debian ships and using that.
They don't provide oftpd anymore which is an anonymous only ftpd. All
others have a way larger attack surface.
I would be very surprised if whatever t
On Tue, 20 Aug 2024 19:19, Jacob Bachmeyer said:
> I would suggest checking what ftpd Debian ships and using that.
They don't provide oftpd anymore which is an anonymous only ftpd. All
others have a way larger attack surface.
Salam-Shalom,
Werner
--
The pioneers of a warless world are th
Werner Koch wrote:
On Tue, 20 Aug 2024 00:26, Jacob Bachmeyer said:
I would encourage resuming FTP distribution, since I see no plausible
security benefit to omitting it.
I agree with your arguments. However, not providing FTP saves us from a
lot of bike shedding discussions ;-)
On Tue, 20 Aug 2024 10:49, jman said:
> All technical considerations aside, would it make it sense to make it
> official with a short announcement, even "a posteriori"?
I just pushed a short NEWS to the web server frontpage.
> a very visible project, probably good communication is beneficial fo
Werner Koch via Gnupg-users writes:
I agree with your arguments. However, not providing FTP saves us from a
lot of bike shedding discussions ;-)
All technical considerations aside, would it make it sense to make it official with a short
announcement, even "a posteriori"?
My reasoning be
On Tue, 20 Aug 2024 00:26, Jacob Bachmeyer said:
> I would encourage resuming FTP distribution, since I see no plausible
> security benefit to omitting it.
I agree with your arguments. However, not providing FTP saves us from a
lot of bike shedding discussions ;-)
Another reason why we stopped
Werner Koch via Gnupg-users wrote:
Hi!
Thanks for mentioning this.
On Sat, 17 Aug 2024 13:49, Jan Palus said:
FTP service at ftp.gnupg.org appears to be down for some
time. Couldn't find any
info about FTP decommissioning so just letting you know about the problem.
I would not consid
Am 19.08.2024 um 12:58:36 Uhr schrieb Dennis Clarke via Gnupg-users:
> Surely you mean gopher ? FTP and TFTP are much loved. :)
The amount of gopherholes is also increasing.
--
Gruß
Marco
Send unsolicited bulk mail to 1724065116mu...@cartoonies.org
_
On 8/19/24 05:34, Werner Koch via Gnupg-users wrote:
Hi!
Thanks for mentioning this.
On Sat, 17 Aug 2024 13:49, Jan Palus said:
FTP service at ftp.gnupg.org appears to be down for some
time. Couldn't find any
info about FTP decommissioning so just letting you know about the problem.
I would
Hi!
Thanks for mentioning this.
On Sat, 17 Aug 2024 13:49, Jan Palus said:
> FTP service at ftp.gnupg.org appears to be down for some
> time. Couldn't find any
> info about FTP decommissioning so just letting you know about the problem.
I would not considere this a problem but something which we
FTP service at ftp.gnupg.org appears to be down for some time. Couldn't
find any
info about FTP decommissioning so just letting you know about the problem.
Regards,
Jan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman
Hey all,
I'm new to the site so please excuse me if I'm not using the appropriate
list. I'm trying to install libgcrypt but my connection to the FTP server
times out when I brew install or try to hit the download location from the
GnuPG home page. Does anyone know if the server is down?
thx,
S
22 matches
Mail list logo
