I'd shed no tears losing ftp+(d). That noted, tftp (the daemon) is still used to load firmware on too many devices (changing) and telnet (the client) can be useful in debugging network listeners and chatting with stupid IOTs that can't be bothered with using SSH. I haven't enabled either telnetd or ftpd daemon in at least a decade. My baseline would be, " is this something I'd want working from a live iso?". Maybe the better (and tougher) decision is, "what belongs in a modern integrated OS environment?". I leave that to better minds than mine.
jim -----Original Message----- From: owner-freebsd-sta...@freebsd.org <owner-freebsd-sta...@freebsd.org> On Behalf Of Roger Leigh Sent: Monday, April 5, 2021 11:27 AM To: freebsd-stable stable <freebsd-stable@freebsd.org> Subject: Re: Deprecating base system ftpd? On 3 Apr 2021, at 22:21, Eugene Grosbein <eu...@grosbein.net> wrote: > > 04.04.2021 3:39, Ed Maste wrote: > >> I propose deprecating the ftpd currently included in the base system >> before FreeBSD 14, and opened review D26447 >> (https://reviews.freebsd.org/D26447) to add a notice to the man page. >> I had originally planned to try to do this before 13.0, but it >> dropped off my list. FTP is not nearly as relevant now as it once >> was, and it had a security vulnerability that secteam had to address. >> >> I'm happy to make a port for it if anyone needs it. Comments? > > I'm strongly against remove of stock ftpd. FTP is fastest protocol for > both testing and daily file transfer for trusted isolated segments, and even > for WAN wrapped in IPSec. > > Our stock ftpd has very short backlog of security issues comparing > with other FTP server implementations, mostly linked with libc or other > libraries and not with ftpd code itself. > > Please don't fix what ain't broken. Please. How would you draw the line between something that must be part of the base system vs. something that would be better off as part of the ports tree? What bar should ftpd have to meet to warrant remaining in base vs moving to ports? Personally, I’ve never enabled it nor had any desire to. FTP is, at this point in time, thoroughly obsolescent, and I cannot imagine that it is something that most people enable, if they are even aware of its existence. Why can’t it simply be installed from the ports for the occasional user who still requires it? Why should the base system contain obsolete stuff that few people will use? Surely the ports tree serves this need better? Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or “scp”)? Both provide a similar function, securely, which also works with a basic installation without any ports. SSHFXP, the protocol underlying sftp is better specified, less ambiguous and more fault tolerant and safe than the FTP protocol ever was. The client is better than most ftp clients, and the server (/usr/libexec/sftp-server) is started on demand on a per-connection basis. What makes FTP more desirable than a service over SSH which is (from a technical and usability point of view) a better FTP than FTP ever was? Kind regards, Roger _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
