Just a random Joe here, but I'd like to vote *against removing FTP support*. FTP is still widely used, its easy to configure and to use file transfer protocol. Despite its age, there still aren't really any proper full-featured and well-supported alternatives for FTP, one of the reason is because FTP is universally supported in OS and browsers while other protocols are not, and removing FTP support from Firefox removes "old and ugly" protocol without introducing any alternative for it, reducing the software functionality for end user.
The main advantage of the protocol is its design for file transfer only. Unlike more general and complex protocols like HTTP, FTP does not require for the administrator to setup and configure multiple complex software (web server + application server/interpreter + file sharing software on top of it) to perform one simple thing: file transfer. You can't upload whole folder without complex hacks via HTTP, while FTP allows to do that in one click. File transfer with FTP: * Easy software setup, lots of mature server and client software for any platform * Upload privileges could be given as easy as sharing the link * You can download and upload whole folders * You can navigate through folders, download and upload files and folders with stock Unix and Windows console and graphical software File transfer with HTTP: * Complex software setup: web server + special third-party file transfer software, which does not conform to any specification * Could not be properly used outside of web browsers * No functionality to download multiple files at once, only file-by-file * No functionality to download or upload folders One of the argument against FTP is that it's unsecure. The plain FTP, just as HTTP, does not have encryption, but there's HTTPS alternative for FTP — FTPS, which is a TLS layer on top of FTP. I believe it could be easily implemented in Firefox. There's a bug for adding FTPS support which has been filled 19 (!) years ago https://bugzilla.mozilla.org/show_bug.cgi?id=85464 I guess It would be acceptable if Mozilla remove FTP support but introduce it's alternative, WebDAV for example. WebDAV is a file transfer protocol on top of HTTP. It provides functionality similar to FTP, but it's not popular due to very limited software support (both client and server). I ask you to consider not to remove FTP support. Despite its problems, the protocol still does what it is designed to do and beats its rivals. If protocol insecurity is the only consideration, I am willing to help by implementing FTPS (FTP over TLS) support and sending a patch, if that would change Mozilla's decision to keep this functionality. Please let me know if I can do anything, because I won't try to implement FTPS support if it won't be merged. Also, Google still index FTPs. I find it strange if the user clicks on Google search result and it could not be opened in a browser. On 19.03.2020 03:24, Michal Novotny wrote: > We plan to remove FTP protocol implementation from our code. This work is > tracked in bug 1574475 [1]. The plan is to > > - place FTP behind a pref and turn it off by default on 77 [2] > - keep FTP enabled by default on 78 ESR [3] > - remove the code completely at the beginning of 2021 > > We're doing this for security reasons. FTP is an insecure protocol and there > are no reasons to prefer it over HTTPS for downloading resources. Also, a > part of the FTP code is very old, unsafe and hard to maintain and we found a > lot of security bugs in it in the past. After disabling FTP in our code, the > protocol will be handled by external application, so people can still use it > to download resources if they really want to. However, it won't be possible > to view and browse directory listings. > > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1574475 > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1622409 > [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1622410 >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
