Ian Lepore wrote this message on Thu, Sep 17, 2020 at 09:01 -0600: > On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote: > > On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert < > > cy.schub...@cschubert.com> > > wrote: > > > > > I've been advocating removing FTP (and HTTP) from libfetch as well. > > > People > > > should be using HTTPS only. > > > > > > > Isn't this a bit too much? I often find myself in need to download > > something starting with "http://" or "ftp://" and use fetch for this. > > Indeed, we have products which rely on this ability in libfetch and we > have to keep supporting them for many many years to come. > > I hate it when someone imperiously declares [For security reasons] > "People should/shouldn't be using ______". You have no idea what the > context is, and thus no ability to declare what should or shouldn't be > used in that context. For example, two embedded systems talking to > each other over a point to point link within a sealed device are not > concerned about man in the middle attacks or other modern internet > threats.
And I really dislike when people want to make sure that their unique case that less than a percent of people would every hit blocks the security improvements for the majority of people... I've given up on a number of security improvements in FreeBSD because of this attitude... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"