Closed as approved. Thanks
--Irene Irene Huang wrote: > This case is due time out on 11/25, any further comments, please send > an email before then. > > Thanks > > --Irene > Alfred Peng wrote: >> Hi John, >> >> The profile will be moved to $HOME/.gnome2/.gftp as GNOME community >> hosts the source repository/bug tracking for gFTP. >> >> Best Regards, >> -Alfred >> >> John Fischer wrote: >>> Alfred, >>> >>> It would be real nice to have the .gftp configuration file in .gnome >>> or some other directory instead of $HOME. When >>> will the "Desktop base directory spec" be an approved Free >>> Desktop specification? Thanks, >>> >>> John >>> >>> On Tue, 2008-11-18 at 23:47, Shi-Ying Irene Huang wrote: >>> >>>> Template Version: @(#)sac_nextcase %I% %G% SMI >>>> This information is Copyright 2008 Sun Microsystems >>>> 1. Introduction >>>> 1.1. Project/Component Working Name: >>>> Gftp for OpenSolaris >>>> 1.2. Name of Document Author/Supplier: >>>> Author: Alfred Peng >>>> 1.3 Date of This Document: >>>> 18 November, 2008 >>>> 4. Technical Description >>>> 1. Introduction >>>> 1.1. Project/Component Working Name: >>>> >>>> gFTP: multithreaded file transfer client. >>>> >>>> 1.2. Name of Document Author/Supplier: >>>> >>>> Alfred Peng >>>> >>>> 1.3. Date of This Document: >>>> >>>> 11/04/08 >>>> >>>> 1.3.1. Date this project was conceived: >>>> >>>> 12/14/1997 >>>> >>>> 1.4. Name of Major Document Customer(s)/Consumer(s): >>>> >>>> 1.4.1. The PAC or CPT you expect to review your project: >>>> >>>> Solaris PAC >>>> >>>> 1.4.2. The ARC(s) you expect to review your project: >>>> >>>> LSARC >>>> >>>> 1.4.3. The Director/VP who is "Sponsoring" this project: >>>> >>>> robert.odea at sun.com >>>> >>>> 1.4.4. The name of your business unit: >>>> >>>> New Solaris Group, Desktop >>>> >>>> 1.5. Email Aliases: >>>> >>>> 1.5.1. Responsible Manager: >>>> >>>> leo.binchy at sun.com >>>> >>>> 1.5.2. Responsible Engineer: >>>> >>>> alfred.peng at sun.com >>>> >>>> 1.5.3. Marketing Manager: >>>> >>>> glynn.foster at sun.com >>>> >>>> 1.5.4. Interest List: >>>> >>>> desktop-discuss at opensolaris.org >>>> >>>> 4. Technical Description: >>>> 4.1. Details: >>>> gFTP is a multithreaded file transfer client for *NIX based >>>> machines. >>>> It has the following features: >>>> >>>> * Supports the FTP, FTPS (control connection only), HTTP, >>>> HTTPS, SSH >>>> and FSP protocols. >>>> * FTP and HTTP proxy server support. >>>> * Supports FXP file transfers which is a subset of FTP >>>> protocol. >>>> * Bookmarks menu to quickly connect to remote sites. >>>> * Internationalized to 41 languages. >>>> * Double-paned layout to show the local and remote >>>> filesystems. >>>> * Transfer pane to show the real-time status of each queued >>>> or active >>>> file transfer. >>>> * Log pane to display the text commands and responses >>>> between gFTP >>>> and the remote server. >>>> >>>> 4.2. Bug/RFE Number(s): >>>> >>>> None. >>>> >>>> 4.3. In Scope: >>>> >>>> See above. >>>> >>>> 4.4. Out of Scope: >>>> >>>> See above. >>>> 4.5. Interfaces: >>>> >>>> Exported Interface >>>> >>>> -------------------------------------------------------------------- >>>> Interface Name Classification >>>> Comment >>>> >>>> -------------------------------------------------------------------- >>>> SUNWgftp Uncommitted >>>> Package name >>>> /usr/bin/gftp Volatile >>>> gFTP launch script >>>> /usr/bin/gftp-gtk Volatile >>>> gFTP GUI >>>> /usr/bin/gftp-text Volatile >>>> gFTP CLI >>>> $HOME/.gftp Project Private >>>> Profile >>>> /usr/share/gftp Project Private >>>> Directory >>>> /usr/share/doc/SUNWgftp Project Private >>>> Copyright directory >>>> /usr/share/applications/gftp.desktop Volatile >>>> UI spec >>>> >>>> >>>> Imported Interface >>>> >>>> -------------------------------------------------------------------- >>>> Interface Classification ARC case Comment >>>> >>>> -------------------------------------------------------------------- >>>> GNOME Platform Committed LSARC/2008/207 GTK+ >>>> library >>>> Libraries GNOME 2.22 >>>> SSH Committed PSARC/2001/212 >>>> Secure Shell >>>> OpenSSL Volatile PSARC/2006/019 >>>> OpenSSL library >>>> >>>> 4.6. Doc Impact: >>>> >>>> New manpage, gftp.1. >>>> 4.7. Admin/Config Impact: >>>> >>>> None. >>>> 4.8. HA Impact: >>>> >>>> None. >>>> 4.9. I18N/L10N Impact: >>>> >>>> The JDS team and the G11N are working together to evaluate and >>>> provide I18N/L10N support. >>>> 4.10. Packaging & Delivery: >>>> >>>> Adds new package, SUNWgftp >>>> 4.11. Security Impact: >>>> >>>> gFTP uses OpenSSL library to encrypt the control and data >>>> channels >>>> for file transfer over HTTPS, and to encrypt the contol >>>> channel for >>>> FTPS. It creates socket BIO to handle SSL connections >>>> transparently. >>>> A handshake will be performed to verify server's >>>> certificate after >>>> the connection is established. The certificate verification >>>> will be >>>> with mode SSL_VERIFY_PEER and depth 9. It doesn't use the >>>> SSLv2 >>>> protocol and the list of available ciphers will be set to >>>> "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH". >>>> >>>> To support SSH protocol, gFTP uses ssh/sftp commands to >>>> build up >>>> connection with the server. The authentication information >>>> will be >>>> sent over the SSH connection. All the following requests >>>> and responses >>>> will go back and forth through this connection for secure >>>> file transfer. >>>> >>>> gFTP uses socket to transfer file by FTP and HTTP protocol. >>>> The >>>> password will be encoded with standard base64 for HTTP >>>> authentication. >>>> As for FTP authentication, the password will be sent in >>>> plain text >>>> through socket. >>>> >>>> gFTP includes a feature that allows user to save passwords. >>>> The >>>> password will be saved in the gFTP profile directory. This >>>> will >>>> create a potential security vulnerabilty because gFTP only >>>> has very >>>> primary encryption/decryption to make the stored passwords >>>> unreadable. >>>> Each character is separated in two nibbles. Then each >>>> nibble is stored >>>> under the form 01xxxx01. The resulted string is prefixed by >>>> a '$'. >>>> >>>> e.12. Dependencies: >>>> >>>> The following versions of the imported interfaces are >>>> required: >>>> >>>> GNOME 2.22 Upwards >>>> OpenSSL, SSH >>>> >>>> 5. Reference Documents: >>>> >>>> [1] gFTP homepage: >>>> http://www.gftp.org >>>> >>>> [2] Related ARC cases: >>>> LSARC 2008/207: GNOME 2.22 >>>> PSARC/2006/019: OpenSSL upgrade to 0.9.8a >>>> PSARC/2001/212: Secure Shell >>>> >>>> >>>> 6. Resources and Schedule >>>> 6.4. Steering Committee requested information >>>> 6.4.1. Consolidation C-team Name: >>>> Desktop >>>> 6.5. ARC review type: FastTrack >>>> 6.6. ARC Exposure: open >>>> >>>> >>> >>> >> >
