On Sat, Jun 05, 2004 at 12:37:24PM +0300, Shlomi Fish wrote:
> > Also, limiting to HTTP, we could have a single place to limit
> > concurrent number of connections, access etc.
>
> Again, we are stressing our convenience over the users' whom we serve.
Yes, I see. And still, how do we prevent the unfairness of FTP users
being limited while HTTP users are not?
> 1. mod_dav is only available for Apache 2.0.x. Debian Stable ships with Apache
No. mod_dav is integrated into Apache 2.0, but _is_ available for 1.3
as a separate package.
> 2. WebDAV as a protocol is quite complex and based on XML. This may make its
> implementation potentially very prone to errors.
If that's any comfort, mod_dav doesn't roll its own XML parser (which's
indeed a thing prone to string errors), but uses Expat instead, which
is a quite tested XML parser.
> 3. WebDAV is much less ubiquitous than FTP is. There are tons of FTP clients
> available for any platform, and most distributions (including Win32) ship
> with at least one ("ftp") in the default install.
Windows, since Win98/2K, ship with "Web Folders", which's a client to
access WebDAV sites, integrated into the shell.
KDE and GNOME both can access WebDAV sites transparently (just like
they access the local filesystem or an FTP site).
> Do you know of a WebDAV client that comes close to the power of ncftp?
cadaver has auto-completion and 'mget' and a UI of a good old FTP
client.
> So I think we're better off with FTP instead of, or along with, WebDAV.
However, I agree that FTP is not inherently evil or hard to code securely.
It's just that FTP is usually slow and inefficient (establishing a
session...), so it simply annoys most power-users.
> > Also, I think we shouldn't keep an rsync server; if not for its
> > unfortunate security history, then for the fact that we're not an
> > official mirror for anything, not even 2nd-tier.
>
> I find rsync convenient many times to correct mis-downloaded files. I already
> installed rsync on the server so I can transfer files there using rsync over
> ssh. But I won't insist on that.
I'm talking about a rsync in standalone daemon opening a port, not about
using rsync as a "better scp" over ssh.
