Re: Deprecating base system ftpd?

[Chris]

On 2021-04-14 19:28, Andy Farkas wrote:

I think this is an excellent start. My shopping list includes:

- remove ftp(1)
- remove ftpd(8)
- remove telnet(1)
- remove telnetd(8)
- remove ftp:// and http:// from libfetch. This is 2021 and we should all
use https://.
- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
traffic?



I wonder how many people use YP/NIS (man 8 yp)?
It's a nifty concept; I played around with it last century...
I believe there is still an open PR in bugzilla I created (can't find it
right now, used a diffent email address back then, although same
username).

LOL I did the same a year or so ago. I felt much the same as you describe.
But I've since discovered it can be leveraged in ways that it did not
originally intend to do. So I've since decided that given in whole
it's small footprint, along with a proven track record. It has value
enough that it ought to remain.


Removing it from base (if it should be done at all) looks very complicated
and therefore creating a port equally so.

I know this topic (removing ftpd) is closed, so perhaps this should be
a new one (removing YP/NIS)?  ie. no development on yp has been
done for over a decade.

My view: remove neither

I concur. :-)



-andyf

--Chris



___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Andy Farkas]

I think this is an excellent start. My shopping list includes:

- remove ftp(1)
- remove ftpd(8)
- remove telnet(1)
- remove telnetd(8)
- remove ftp:// and http:// from libfetch. This is 2021 and we should all
use https://.
- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
traffic?



I wonder how many people use YP/NIS (man 8 yp)?


It's a nifty concept; I played around with it last century...

I believe there is still an open PR in bugzilla I created (can't find it

right now, used a diffent email address back then, although same

username).


Removing it from base (if it should be done at all) looks very complicated

and therefore creating a port equally so.


I know this topic (removing ftpd) is closed, so perhaps this should be

a new one (removing YP/NIS)?  ie. no development on yp has been

done for over a decade.


My view: remove neither


-andyf


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Cy Schubert]

Cy Schubert writes:
> In message  om>
> , Ed Maste writes:
> > I propose deprecating the ftpd currently included in the base system
> > before FreeBSD 14, and opened review D26447
> > (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> > I had originally planned to try to do this before 13.0, but it dropped
> > off my list. FTP is not nearly as relevant now as it once was, and it
> > had a security vulnerability that secteam had to address.
>
> I think this is an excellent start. My shopping list includes:
>
> - remove ftp(1)
> - remove ftpd(8)
> - remove telnet(1)
> - remove telnetd(8)
> - remove ftp:// and http:// from libfetch. This is 2021 and we should all 
> use https://.
> - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS 
> traffic?
>
> >
> > I'm happy to make a port for it if anyone needs it. Comments?
>
> I've started working on splitting ftp and ftpd into an external git repo. 
> The problem I've encountered is that though only ftp and ftpd are left the 
> resultant repo is still 1.2 GB. If my last attempt fails, there is a choice 
> between a 1.2 GB repo and burning ftp forever then the choice is clear: 
> burn it forever.

The best I can do to separate libexec/ftpd out into its own repo is 596 MB 
(ZFS lz4 compressed). The worst was 1.5 GB. I suppose 596 MB will do. If we 
want to make it smaller then history will need to take a back seat.

We can do a port with it now.


-- 
Cheers,
Cy Schubert 
FreeBSD UNIX: Web:  https://FreeBSD.org
NTP:   Web:  https://nwtime.org

The need of the many outweighs the greed of the few.


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd

[George Mitchell]

On 4/10/21 2:58 AM, Scott Bennett via freebsd-stable wrote:

[...]I would like
something far smaller, namely, a choice of schedulers during/just
after installation of a -RELEASE without having to a) download the
entire source tree, b) make buildworld, and c) make buildkernel.
[...]


+1 many times over!  I've been hoping someone would implement the
schedulers as linkable kernel modules.  Surely such a thing is
theoretically possible?  Maybe there would have to be a dummy
scheduler module capable of only single-CPU single-threaded
execution to get the kernel to the point where the user-specified
real scheduler could be loaded for further operations.

This is based, of course, on my complete lack of knowledge about
whether the scheduler interface is even compatible with the linkable
kernel module interface, etc., etc.  But it sure would be nice.
-- George



OpenPGP_signature
Description: OpenPGP digital signature

Re: Deprecating base system ftpd

[Scott Bennett via freebsd-stable]

 On Fri, 09 Apr 2021 07:32:12 +0900 aventa...@fastmail.fm wrote:

>It makes me think that there should be an offering for two completely 
>different audiences:
>(1) FreeBSD core (a very minimal offering for folks that want to build things, 
>like a Desktop, etc.)
>(2) FreeBSD server (an offering for folks that want a server build)
>
>Perhaps that idea is just unreasonably crazy as well. 
>
 LOL!  You have what is called a very big ask.  I would like
something far smaller, namely, a choice of schedulers during/just
after installation of a -RELEASE without having to a) download the
entire source tree, b) make buildworld, and c) make buildkernel.
The kernel developers in their wisdom--ahem--have burdened all new
installations with the abysmal performance of the ULE scheduler.
The installation images for -STABLE versions are much the same.
The 4BSD scheduler has been far from optimal, and the ULE scheduler
looked like a nice idea on paper for newer CPUs, but in fact, the
ULE scheduler's performance is awful, even when compared with the
4BSD scheduler, which generally gives acceptable, though not optimal,
performance.
 If the owner of a new installation wants to get passably usable
performance from his new system, he must first perform the tasks
noted above.  The second and third tasks will take *a lot* of extra
time because they must be done under the ULE scheduler.  Then one
must install the new kernel, reboot, do the mergemaster or /etc/update
steps, install the new world, more mergemaster or /etc/update, and
reboot again.
 Two ways of allowing a choice of scheduler are 1) to provide two
GENERIC kernels, e.g., GENERIC.ULE and GENERIC.4BSD, from which one
could choose at boot time, and 2) to compile both schedulers into the
GENERIC kernel, which could be selected from by a loader tunable at
boot time.
 The current system is yet another discouragement to upgrading to
a new -RELEASE via a new installation.  Further, this fix to bad
performance by default is not documented anywhere.  How is a user who
is new to FreeBSD to know about it?


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[aventador]

It makes me think that there should be an offering for two completely different 
audiences:
(1) FreeBSD core (a very minimal offering for folks that want to build things, 
like a Desktop, etc.)
(2) FreeBSD server (an offering for folks that want a server build)

Perhaps that idea is just unreasonably crazy as well. 

Best Regards,
Vic Thacker

On Fri, Apr 9, 2021, at 01:05, Chris wrote:
> On 2021-04-07 23:27, aventa...@fastmail.fm wrote:
> > I think folks have different definitions of what an operating system should 
> > be.
> Agreed.
> > 
> > An Operating System (OS) is an interface between a computer user and 
> > computer
> > hardware. An operating system is a software which performs all the basic 
> > tasks
> > like file management, memory management, process management, handling input 
> > and
> > output, and controlling peripheral devices such as disk drives and printers.
> > 
> > If you add or take away from the above definition, then there is your 
> > misunderstanding.
> IMHO many refer to Linux as an Operating System. When in fact it is a Kernel. 
> Which
> is also what you describe above.
> OTOH, UNIX as an OS has a defined set of commands available, as well as 
> servers to
> facilitate running a fully installed server. Which is what I believe he was
> referring to.
> 
> At this point I think this thread is becoming tiresome. ;-)
> 
> --Chris
> > 
> > Best Regards,
> > Vic Thacker
> > 
> > 
> > On Wed, Apr 7, 2021, at 21:17, tech-lists wrote:
> >> Hi, I'm a bit late to the discussion
> >> 
> >> On Mon, Apr 05, 2021 at 07:44:59AM -0700, Cy Schubert wrote:
> >> 
> >> >I think this is an excellent start. My shopping list includes:
> >> >
> >> >- remove ftp(1)
> >> >- remove ftpd(8)
> >> >- remove telnet(1)
> >> >- remove telnetd(8)
> >> >- remove ftp:// and http:// from libfetch. This is 2021 and we should all
> >> >use https://.
> >> >- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
> >> >traffic?
> >> 
> >> Very firmly against this, and this sort of thing, for the following 
> >> reasons:
> >> 
> >> 1. I want an OS, not a kernel. If I just want a kernel, then why not go
> >> with linux? FreeBSD is meant to be, I think, (generally), a server OS.
> >> So, would you agree that it needs the ability to have server protocols
> >> easily configured, with a minimum of fuss, without packages?
> >> 
> >> 2. a lot of infrastructure depends on ftpd. it's easy to configure
> >> securely ftpd in base.
> >> 
> >> 3. there are some networks, like internal ones, where encryption is not
> >> a requirement, or appropriate.
> >> 
> >> 4. there are some places where encryption is in fact illegal.
> >> 
> >> >Personally, I'd suggest we remove the ftpd server *AND* ftp client and 
> >> >rely
> >> >on ports. Having worked on UNIX, Internet security, and firewalls over the
> >> >last 3/5 of my almost 50 year career, I have lamented the existence of the
> >> >FTP protocol back in 1995 and I hate the FTP protocol with greater a
> >> >passion today. Let's simply remove all vestiges of FTP from the base
> >> >system, including libfetch, sooner than later. We don't need it now that 
> >> >we
> >> >have HTTPS and POST; and sftp.
> >> 
> >> 5. some services commonly don't use https. Lots of internet radio
> >> stations don't. If https is enforced then the user will have to jump
> >> through more hoops than they already do in order to, in this case,
> >> listen to internet radio. Or face a loss of functionality.
> >> 
> >> 6. not everywhere will have constant internet access. Not everyone will
> >> want to use pkgs or have space for the ports tree.
> >> 
> >> >I think we should make it our goal to remove any and all unencrypted
> >> >protocols from FreeBSD by 2025.
> >> 
> >> I think you should carefully think of the consequences of removing
> >> functionality in the default install. It will make it less useful, not
> >> more.
> >> --
> >> J.
> >> 
> >> Attachments:
> >> * signature.asc
> > ___
> > freebsd-stable@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Chris]

On 2021-04-07 23:27, aventa...@fastmail.fm wrote:
I think folks have different definitions of what an operating system should 
be.

Agreed.


An Operating System (OS) is an interface between a computer user and 
computer
hardware. An operating system is a software which performs all the basic 
tasks
like file management, memory management, process management, handling input 
and

output, and controlling peripheral devices such as disk drives and printers.

If you add or take away from the above definition, then there is your 
misunderstanding.
IMHO many refer to Linux as an Operating System. When in fact it is a Kernel. 
Which

is also what you describe above.
OTOH, UNIX as an OS has a defined set of commands available, as well as 
servers to

facilitate running a fully installed server. Which is what I believe he was
referring to.

At this point I think this thread is becoming tiresome. ;-)

--Chris


Best Regards,
Vic Thacker


On Wed, Apr 7, 2021, at 21:17, tech-lists wrote:

Hi, I'm a bit late to the discussion

On Mon, Apr 05, 2021 at 07:44:59AM -0700, Cy Schubert wrote:

>I think this is an excellent start. My shopping list includes:
>
>- remove ftp(1)
>- remove ftpd(8)
>- remove telnet(1)
>- remove telnetd(8)
>- remove ftp:// and http:// from libfetch. This is 2021 and we should all
>use https://.
>- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
>traffic?

Very firmly against this, and this sort of thing, for the following 
reasons:


1. I want an OS, not a kernel. If I just want a kernel, then why not go
with linux? FreeBSD is meant to be, I think, (generally), a server OS.
So, would you agree that it needs the ability to have server protocols
easily configured, with a minimum of fuss, without packages?

2. a lot of infrastructure depends on ftpd. it's easy to configure
securely ftpd in base.

3. there are some networks, like internal ones, where encryption is not
a requirement, or appropriate.

4. there are some places where encryption is in fact illegal.

>Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely
>on ports. Having worked on UNIX, Internet security, and firewalls over the
>last 3/5 of my almost 50 year career, I have lamented the existence of the
>FTP protocol back in 1995 and I hate the FTP protocol with greater a
>passion today. Let's simply remove all vestiges of FTP from the base
>system, including libfetch, sooner than later. We don't need it now that we
>have HTTPS and POST; and sftp.

5. some services commonly don't use https. Lots of internet radio
stations don't. If https is enforced then the user will have to jump
through more hoops than they already do in order to, in this case,
listen to internet radio. Or face a loss of functionality.

6. not everywhere will have constant internet access. Not everyone will
want to use pkgs or have space for the ports tree.

>I think we should make it our goal to remove any and all unencrypted
>protocols from FreeBSD by 2025.

I think you should carefully think of the consequences of removing
functionality in the default install. It will make it less useful, not
more.
--
J.

Attachments:
* signature.asc

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[aventador]

I think folks have different definitions of what an operating system should be.

An Operating System (OS) is an interface between a computer user and computer 
hardware. An operating system is a software which performs all the basic tasks 
like file management, memory management, process management, handling input and 
output, and controlling peripheral devices such as disk drives and printers.

If you add or take away from the above definition, then there is your 
misunderstanding.

Best Regards,
Vic Thacker


On Wed, Apr 7, 2021, at 21:17, tech-lists wrote:
> Hi, I'm a bit late to the discussion
> 
> On Mon, Apr 05, 2021 at 07:44:59AM -0700, Cy Schubert wrote:
> 
> >I think this is an excellent start. My shopping list includes:
> >
> >- remove ftp(1)
> >- remove ftpd(8)
> >- remove telnet(1)
> >- remove telnetd(8)
> >- remove ftp:// and http:// from libfetch. This is 2021 and we should all
> >use https://.
> >- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
> >traffic?
> 
> Very firmly against this, and this sort of thing, for the following reasons:
> 
> 1. I want an OS, not a kernel. If I just want a kernel, then why not go
> with linux? FreeBSD is meant to be, I think, (generally), a server OS. 
> So, would you agree that it needs the ability to have server protocols 
> easily configured, with a minimum of fuss, without packages?
> 
> 2. a lot of infrastructure depends on ftpd. it's easy to configure
> securely ftpd in base.
> 
> 3. there are some networks, like internal ones, where encryption is not
> a requirement, or appropriate.
> 
> 4. there are some places where encryption is in fact illegal.
> 
> >Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely
> >on ports. Having worked on UNIX, Internet security, and firewalls over the
> >last 3/5 of my almost 50 year career, I have lamented the existence of the
> >FTP protocol back in 1995 and I hate the FTP protocol with greater a
> >passion today. Let's simply remove all vestiges of FTP from the base
> >system, including libfetch, sooner than later. We don't need it now that we
> >have HTTPS and POST; and sftp.
> 
> 5. some services commonly don't use https. Lots of internet radio
> stations don't. If https is enforced then the user will have to jump
> through more hoops than they already do in order to, in this case,
> listen to internet radio. Or face a loss of functionality.
> 
> 6. not everywhere will have constant internet access. Not everyone will
> want to use pkgs or have space for the ports tree.
> 
> >I think we should make it our goal to remove any and all unencrypted
> >protocols from FreeBSD by 2025.
> 
> I think you should carefully think of the consequences of removing
> functionality in the default install. It will make it less useful, not
> more.
> -- 
> J.
> 
> Attachments:
> * signature.asc
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Kurt Buff]

On Wed, Apr 7, 2021 at 6:18 AM tech-lists  wrote:
>
> Hi, I'm a bit late to the discussion
>
> On Mon, Apr 05, 2021 at 07:44:59AM -0700, Cy Schubert wrote:
>
> >I think this is an excellent start. My shopping list includes:
> >
> >- remove ftp(1)
> >- remove ftpd(8)
> >- remove telnet(1)
> >- remove telnetd(8)
> >- remove ftp:// and http:// from libfetch. This is 2021 and we should all
> >use https://.
> >- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
> >traffic?
>
> Very firmly against this, and this sort of thing, for the following reasons:
>
> 1. I want an OS, not a kernel. If I just want a kernel, then why not go
> with linux? FreeBSD is meant to be, I think, (generally), a server OS.
> So, would you agree that it needs the ability to have server protocols
> easily configured, with a minimum of fuss, without packages?
>
> 2. a lot of infrastructure depends on ftpd. it's easy to configure
> securely ftpd in base.
>
> 3. there are some networks, like internal ones, where encryption is not
> a requirement, or appropriate.
>
> 4. there are some places where encryption is in fact illegal.
>
> >Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely
> >on ports. Having worked on UNIX, Internet security, and firewalls over the
> >last 3/5 of my almost 50 year career, I have lamented the existence of the
> >FTP protocol back in 1995 and I hate the FTP protocol with greater a
> >passion today. Let's simply remove all vestiges of FTP from the base
> >system, including libfetch, sooner than later. We don't need it now that we
> >have HTTPS and POST; and sftp.
>
> 5. some services commonly don't use https. Lots of internet radio
> stations don't. If https is enforced then the user will have to jump
> through more hoops than they already do in order to, in this case,
> listen to internet radio. Or face a loss of functionality.
>
> 6. not everywhere will have constant internet access. Not everyone will
> want to use pkgs or have space for the ports tree.
>
> >I think we should make it our goal to remove any and all unencrypted
> >protocols from FreeBSD by 2025.
>
> I think you should carefully think of the consequences of removing
> functionality in the default install. It will make it less useful, not
> more.
> --
> J.

To amplify this a bit: Those who are all about secure protocols (and
I'm one of them) should realize that public cryptography (not just
public key, but public use of cryptographic protocols i general) is
not a solved problem. In particular, multi-party key management in an
open Internet is problematic.

Open or plain text protocols do have a place.

Kurt
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Alan Somers]

On Tue, Apr 6, 2021 at 1:25 PM Chris  wrote:

> On 2021-04-03 13:45, Warner Losh wrote:
> > On Sat, Apr 3, 2021 at 2:40 PM Ed Maste  wrote:
> >
> >> I propose deprecating the ftpd currently included in the base system
> >> before FreeBSD 14, and opened review D26447
> >> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> >> I had originally planned to try to do this before 13.0, but it dropped
> >> off my list. FTP is not nearly as relevant now as it once was, and it
> >> had a security vulnerability that secteam had to address.
> I *strongly* object. MacOS also did this. Which made me discover that I
> could simply copy my already built FreeBSD version over to all my MacOS
> laptops and now enjoy an even better version than had previously existed.
> This fact has made my use and need for FreeBSD' ftp even more important.
> It has also made FreeBSD more popular with the Mac folks.
> I depend upon ftp(1) && ftpd(8). I have on FreeBSD, for as many years as
> FreeBSD has existed. I find the ssh and related ports are probed and
> hammered on constantly. Whereas the ftp ports are quite rare by comparison.
> So keeping sshd(8) and friends ports closed removes overhead. I have no
> difficulty managing ftpd(8) via inet(8) && hosts.allow(5). Ftp && ftpd
> are both trivial programs and should not be considered for removal.
> If the reason for their suggested removal is "development overhead".
> Please allow me to maintain both. I will happily assume full
> responsibility for them.
>
> Thank you for listening. :-)
>

Great!  Even though they work well, they haven't seen a lot of TLC.  What
really worries me most is that ftpd has zero test coverage.  It would be
great to fix that, and not too hard.  You could start be adapting the
existing tests in  libexec/tftpd/tests/ .  Capscium support would be nice,
too.

-Alan
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Chris]

On 2021-04-05 13:43, Ed Maste wrote:

On Sat, 3 Apr 2021 at 16:39, Ed Maste  wrote:


I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.


I posted this as a proposal for community feedback, and there's
clearly a strong objection to removing the base system ftpd. So, I'm
not going to pursue this any further.

I like to take the time to extend a massive _Thank You_ for your
chosen course for handling this. I'm also grateful for it's outcome. :-)

Thanks!

--Chris


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Chris]

On 2021-04-05 12:01, Patrick M. Hausen wrote:

Hi all,


Am 03.04.2021 um 22:39 schrieb Ed Maste :
I'm happy to make a port for it if anyone needs it. Comments?


A bit late to the party, but my take is: please just don't.

I absolutely freaked out when Apple removed the telnet and ftp clients
from Mac OS and I needed to reinstall them via MacPorts.

That route uses an inferior (opinion) version of ftp(1) && ftpd(8).
It might interest you to know that the FreeBSD versions that (currently)
already come with FreeBSD can be copied over to your Mac. I *too*
became upset when I found MacOS w/o these, and on a hunch tried it,
and worked as intended/expected. The FreeBSD version(s) are more
"featurefull" than those that originally came on the Mac, or the GNU
one that is supplied w/MacPorts.



People who manage any larger collection of networking gear *depend*
on these outdated but simple services. Client and server side alike.

TFTP is not going away, neither is FTP. I'm dead serious. Remote media
via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP.
Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions
via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay.
In local networks, of course.

But still even on "the Internet", FTP is the most used method for customers
of static website hosting. You cannot teach these people what an SSH key is.
Just my experience, but backed by a load of customer interactions over more
than 20 years ...

Kind regards,
Patrick
--
punkt.de GmbH
Patrick M. Hausen
.infrastructure

Kaiserallee 13a
76133 Karlsruhe

Tel. +49 721 9109500

https://infrastructure.punkt.de
i...@punkt.de

AG Mannheim 108285
Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein

--Chris
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Chris]

On 2021-04-05 11:27, Roger Leigh wrote:

On 3 Apr 2021, at 22:21, Eugene Grosbein  wrote:


04.04.2021 3:39, Ed Maste wrote:


I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.

I'm happy to make a port for it if anyone needs it. Comments?


I'm strongly against remove of stock ftpd. FTP is fastest protocol for both 
testing
and daily file transfer for trusted isolated segments, and even for WAN 
wrapped in IPSec.


Our stock ftpd has very short backlog of security issues comparing with 
other FTP server implementations,

mostly linked with libc or other libraries and not with ftpd code itself.

Please don't fix what ain't broken. Please.


How would you draw the line between something that must be part of the base 
system
vs. something that would be better off as part of the ports tree?  What bar 
should

ftpd have to meet to warrant remaining in base vs moving to ports?

Personally, I’ve never enabled it nor had any desire to.  FTP is, at this 
point in
time, thoroughly obsolescent, and I cannot imagine that it is something that 
most
people enable, if they are even aware of its existence.  Why can’t it simply 
be

installed from the ports for the occasional user who still requires it?  Why
should the base system contain obsolete stuff that few people will use?  
Surely

the ports tree serves this need better?

Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or 
“scp”)?
Sure. Because it's part of a one-time task. It might be part of a server 
setup. Or
might a task that must be done on thousands of machines. It needs to be 
available
out-of-the-box, and needs no overhead for setup (key exchange, config, 
etc...).

This scenario may also be on machines w/o any external sources/packages. IOW
everything should be available out of the box, with little to no additional
setup overhead. ftp(1), and ftpd(8) provide everything required at no 
additional

cost. :-)

Both provide a similar function, securely, which also works with a basic
installation without any ports.  SSHFXP, the protocol underlying sftp is 
better
specified, less ambiguous and more fault tolerant and safe than the FTP 
protocol

ever was.  The client is better than most ftp clients, and the server
(/usr/libexec/sftp-server) is started on demand on a per-connection basis.  
What
makes FTP more desirable than a service over SSH which is (from a technical 
and

usability point of view) a better FTP than FTP ever was?

Kind regards,
Roger


--Chris
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Chris]

On 2021-04-05 07:44, Cy Schubert wrote:

In message 
, Ed Maste writes:

I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.


I think this is an excellent start. My shopping list includes:

- remove ftp(1)
- remove ftpd(8)
- remove telnet(1)
- remove telnetd(8)
- remove ftp:// and http:// from libfetch. This is 2021 and we should all
use https://.
- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
traffic?

You've clearly never worked on extremely large networks. Or at least not
considered them in this statement -- think LAN/intranet in large corporate
settings. ftp(1) as well as ftpd(8) are lightweight, and utilitarian. It's
because of this that gives them such great value. They require nothing to
use. They just work with no setup required. With very little setup you can
manage something a little more sophisticated. I can easily script ftp for
complex situations needing nothing more than sh(1) and ftp(1), and it's all
available right-out-of-the-box. This isn't true of the others.
In an internet public facing scenario. It's enough to utilize one specific
line in inetd(8) and 2 in hosts.allow(2). This simplicity and lack of
overhead is not available with the other options.

Because something is old and un-featured does not make it valueless.





I'm happy to make a port for it if anyone needs it. Comments?

A port would be a nice option. But it should remain an option; as in
one _should_ be allowed to get ftp || ftpd out of the box if they so
choose.



I've started working on splitting ftp and ftpd into an external git repo.
The problem I've encountered is that though only ftp and ftpd are left the
resultant repo is still 1.2 GB. If my last attempt fails, there is a choice
between a 1.2 GB repo and burning ftp forever then the choice is clear:
burn it forever.

Adding the following as an option:

Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD ftp
and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to
share our customizations with NetBSD and we simply reply on NetBSD for the
client and server in our ports? This last option might be simpler than
creating a port.

Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely
on ports. Having worked on UNIX, Internet security, and firewalls over the
last 3/5 of my almost 50 year career, I have lamented the existence of the
FTP protocol back in 1995 and I hate the FTP protocol with greater a
passion today. Let's simply remove all vestiges of FTP from the base
system, including libfetch, sooner than later. We don't need it now that we
have HTTPS and POST; and sftp.

This assumes your willing to expend all the time and overhead to setup a web
server for a simple but absolutely mandatory one time task. When none of the
boxes you're working on are slated for or perhaps are even capable of running
as much. I (or anyone) should be able to have a FULLY functional system 
WITHOUT

the need to get additional sources to build additional functionality -- this
ain't Linux.



I think we should make it our goal to remove any and all unencrypted
protocols from FreeBSD by 2025.

Not everyone works exclusively "in the wild". Many also work within safe
environments, where such things, while nice, are unnecessary.

--Chris
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[tech-lists]

Hi, I'm a bit late to the discussion

On Mon, Apr 05, 2021 at 07:44:59AM -0700, Cy Schubert wrote:


I think this is an excellent start. My shopping list includes:

- remove ftp(1)
- remove ftpd(8)
- remove telnet(1)
- remove telnetd(8)
- remove ftp:// and http:// from libfetch. This is 2021 and we should all
use https://.
- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
traffic?


Very firmly against this, and this sort of thing, for the following reasons:

1. I want an OS, not a kernel. If I just want a kernel, then why not go
with linux? FreeBSD is meant to be, I think, (generally), a server OS. 
So, would you agree that it needs the ability to have server protocols 
easily configured, with a minimum of fuss, without packages?


2. a lot of infrastructure depends on ftpd. it's easy to configure
securely ftpd in base.

3. there are some networks, like internal ones, where encryption is not
a requirement, or appropriate.

4. there are some places where encryption is in fact illegal.


Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely
on ports. Having worked on UNIX, Internet security, and firewalls over the
last 3/5 of my almost 50 year career, I have lamented the existence of the
FTP protocol back in 1995 and I hate the FTP protocol with greater a
passion today. Let's simply remove all vestiges of FTP from the base
system, including libfetch, sooner than later. We don't need it now that we
have HTTPS and POST; and sftp.


5. some services commonly don't use https. Lots of internet radio
stations don't. If https is enforced then the user will have to jump
through more hoops than they already do in order to, in this case,
listen to internet radio. Or face a loss of functionality.

6. not everywhere will have constant internet access. Not everyone will
want to use pkgs or have space for the ports tree.


I think we should make it our goal to remove any and all unencrypted
protocols from FreeBSD by 2025.


I think you should carefully think of the consequences of removing
functionality in the default install. It will make it less useful, not
more.
--
J.


signature.asc
Description: PGP signature

Re: Deprecating base system ftpd?

[Pete Wright]

On 4/6/21 5:32 PM, Kevin P. Neal wrote:

On Tue, Apr 06, 2021 at 09:19:27AM +0100, Gerald de la Pascua wrote:

"Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or
“scp”)?  Both provide a similar function, securely, which also works with a

I just tried to sftp to ftp.freebsd.org. Connection refused.

I can ftp (or ncftp) to ftp.freebsd.org and download whatever.

What's the current, secure way to download FreeBSD releases?


https?
https://download.freebsd.org/
https://download.freebsd.org/ftp/releases/ISO-IMAGES/13.0/
etc.


-p

--
Pete Wright
p...@nomadlogic.org
@nomadlogicLA

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Chris]

On 2021-04-04 12:10, Ian Lepore wrote:

On Sat, 2021-04-03 at 16:39 -0400, Ed Maste wrote:

I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it
dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.

I'm happy to make a port for it if anyone needs it. Comments?



I would find the removal of ftpd to be very inconvenient unless there
was a port/pkg to install it from.

If there is a port, it would only be useful if I could set PREFIX=/usr
when building/installing it, so that its behavior when installed as a
port/pkg would be identical to how it was when it was part of base (in
terms of where its config files are located).

I like the sound of that. Except that I'd like to do it one better and
suggest something along the lines of PORTS_MODULES in make.conf(5).
Maybe
PORTS_DAEMONS= ftpd sshd rpcbind nfsd ypbind inetd etc...

That might make it a tenable for situation for everyone. ;-)

--Chris


-- Ian

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Chris]

On 2021-04-03 13:45, Warner Losh wrote:

On Sat, Apr 3, 2021 at 2:40 PM Ed Maste  wrote:


I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.

I *strongly* object. MacOS also did this. Which made me discover that I
could simply copy my already built FreeBSD version over to all my MacOS
laptops and now enjoy an even better version than had previously existed.
This fact has made my use and need for FreeBSD' ftp even more important.
It has also made FreeBSD more popular with the Mac folks.
I depend upon ftp(1) && ftpd(8). I have on FreeBSD, for as many years as
FreeBSD has existed. I find the ssh and related ports are probed and
hammered on constantly. Whereas the ftp ports are quite rare by comparison.
So keeping sshd(8) and friends ports closed removes overhead. I have no
difficulty managing ftpd(8) via inet(8) && hosts.allow(5). Ftp && ftpd
are both trivial programs and should not be considered for removal.
If the reason for their suggested removal is "development overhead".
Please allow me to maintain both. I will happily assume full
responsibility for them.

Thank you for listening. :-)

--Chris


I'm happy to make a port for it if anyone needs it. Comments?



I already use one of the ports ftpd's for my needs, so this is fine by me.
I'm agnostic about whether we need a port for what was in base, but suspect
that's likely the path of least resistance.

Warner
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Eugene Grosbein]

06.04.2021 15:37, aventa...@fastmail.fm wrote:

> Deprecating base system ftpd does seem to be a good idea, especially for 
> FreeBSD users wanting to use their computer
> as a workstation/desktop instead of as a server. I think the argument 
> becomes, "who is our target audience?"
> If the target audience is both server and desktop users, then minimizing the 
> base system makes a lot of sense.

Stock ftpd is single file /usr/libexec/ftpd sized 112KBytes uncompressed (71KB 
compressed with ZFS lz4 online compression)
and this is less than MAXPHYS=128K in current FreeBSD releases.
Minimizing the base system makes it another kind of Linux instead of solid 
operating system we love.


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Roderick]

On Tue, 6 Apr 2021, aventa...@fastmail.fm wrote:


Deprecating base system ftpd does seem to be a good idea,
especially for FreeBSD users wanting to use their computer as a
workstation/desktop instead of as a server. I think the argument becomes, 
"who is our target audience?" If the target audience is both server and
desktop users, then minimizing the base system makes a lot of sense. FreeBSD 
is not just for servers anymore.


I will never, never understand this kind of argumantation.

A desktop user, and desktop users like a lot of bloat with
few functionality, want to deprecate a meager program with a
clear functionality only because he do not need it.

R.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Kyle Evans]

On Tue, Apr 6, 2021 at 5:21 AM Andrea Brancatelli via freebsd-stable <
freebsd-stable@freebsd.org> wrote:

> On 2021-04-05 02:05, Daniel Morante via freebsd-stable wrote:
>
> > My vote is for no.
> >
> > Reasoning is simple... at what point does it stop?  By continuously
> moving stuff from base to ports, FreeBSD slowly becomes just a Kernel. 
>
> I strongly agree with this consideration.
>
>
Picking a random e-mail in this thread-

emaste already declared the effort abandoned because it was clear that
there's a strong objection... we don't need to continue litigating this? At
some point, a continuous flow of disagreement like this after the fact
becomes demotivating in general as it feels more like a dogpile than a
constructive effort on the original topic.

Thanks,

Kyle Evans
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[aventador]

Deprecating base system ftpd does seem to be a good idea, especially for 
FreeBSD users wanting to use their computer as a workstation/desktop instead of 
as a server. I think the argument becomes, "who is our target audience?" If the 
target audience is both server and desktop users, then minimizing the base 
system makes a lot of sense. FreeBSD is not just for servers anymore. 

Best Regards,
Vic Thacker

On Tue, Apr 6, 2021, at 17:21, Gerald de la Pascua wrote:
> +1 again from me too, keep it,
> 
> It seems a pointless change of something that it seems a reasonable number
> of people are still using,  even if there are better tools now,
> 
> G
> 
> 
> On Mon, Apr 5, 2021 at 8:16 PM Ted Hatfield  wrote:
> 
> > On Mon, 5 Apr 2021, Patrick M. Hausen wrote:
> > > Hi all,
> > >
> > >> Am 03.04.2021 um 22:39 schrieb Ed Maste :
> > >> I'm happy to make a port for it if anyone needs it. Comments?
> > >
> > > A bit late to the party, but my take is: please just don't.
> > >
> > > I absolutely freaked out when Apple removed the telnet and ftp clients
> > > from Mac OS and I needed to reinstall them via MacPorts.
> > >
> > > People who manage any larger collection of networking gear *depend*
> > > on these outdated but simple services. Client and server side alike.
> > >
> > > TFTP is not going away, neither is FTP. I'm dead serious. Remote media
> > > via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP.
> > > Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions
> > > via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay.
> > > In local networks, of course.
> > >
> > > But still even on "the Internet", FTP is the most used method for
> > customers
> > > of static website hosting. You cannot teach these people what an SSH key
> > is.
> > > Just my experience, but backed by a load of customer interactions over
> > more
> > > than 20 years ...
> > >
> > > Kind regards,
> > > Patrick
> > > --
> > >
> >
> >
> > Hear! Hear!
> >
> > Although I don't have any statistics to back this up this
> > has been my experience as well.
> >
> > Sincerely,
> >
> > Ted Hatfield
> >
> > ___
> > freebsd-stable@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
> >
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Stefan Bethke]

Am 06.04.2021 um 12:08 schrieb Helge Oldach :
> 
> Stefan Bethke wrote on Tue, 06 Apr 2021 11:29:34 +0200 (CEST):
>> Strato did disable FTP access over a year ago,
> 
> Actually it was effective October 20, 2020.

You are correct; I was remembering the announcement, not the switch off.

> and instructed customers on how to use SSH-based access instead,
> 
> They have a completely different incentive (avoiding cleartext passwords
> over the Internet, and reportedly they had a number of cases where
> customers where affected by password snooping) than a local admin person
> on a local network not exposed to the public.
> 
>> so it's definitely possible, and people are moving towards more secure
>> protocols, even when (non-technical) end users are affected.
> 
> No doubt about that. Any information about the ticket volume triggered
> by this deprecation?

I have no insight into Strato's operations, but from having to support a bunch 
of non-technical people who are customers, I'd say it was relatively painless, 
because Strato provided good instructions, and the (non-techincal) customers 
were using GUI clients already anyway where they only needed to switch from FTP 
to SFTP.

Stefan

--
Stefan BethkeFon +49 151 14070811



signature.asc
Description: Message signed with OpenPGP

Re: Deprecating base system ftpd?

[Miroslav Lachman]

On 06/04/2021 11:29, Stefan Bethke wrote:

Am 05.04.2021 um 21:01 schrieb Patrick M. Hausen :


But still even on "the Internet", FTP is the most used method for customers
of static website hosting. You cannot teach these people what an SSH key is.
Just my experience, but backed by a load of customer interactions over more
than 20 years ...


Strato did disable FTP access over a year ago, and instructed customers on how 
to use SSH-based access instead, so it's definitely possible, and people are 
moving towards more secure protocols, even when (non-technical) end users are 
affected.


Working for small / average web hosting company - we disabled plaintext 
FTP over 15 years ago. All customers are able to use FTP client 
supporting FTPeS (FTP with explicit TLS). So it definitely is possible 
if there is a will or enough pressure on customers.
On the other hand it does not matter to me if ftpd will be shipped in 
FreeBSD base for next 10 years. It is just a matter of maintaining it / 
man power for each release, testing etc.


Miroslav Lachman
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Eugene Grosbein]

05.04.2021 19:57, Alan Somers write:

> I wouldn't say that anything is "very good" when it has no test suite 
> whatsoever.

Many years of employment of ftpd in different environments (sometimes under 
heavy load) means something, too.
Maybe even more than synthetic tests.

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Andrea Brancatelli via freebsd-stable]

On 2021-04-05 02:05, Daniel Morante via freebsd-stable wrote:

> My vote is for no.
> 
> Reasoning is simple... at what point does it stop?  By continuously moving 
> stuff from base to ports, FreeBSD slowly becomes just a Kernel. 

I strongly agree with this consideration.  

---

Andrea Brancatelli
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Eugene Grosbein]

06.04.2021 1:27, Roger Leigh wrote:

>>> I propose deprecating the ftpd currently included in the base system
>>> before FreeBSD 14, and opened review D26447
>>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>>> I had originally planned to try to do this before 13.0, but it dropped
>>> off my list. FTP is not nearly as relevant now as it once was, and it
>>> had a security vulnerability that secteam had to address.
>>>
>>> I'm happy to make a port for it if anyone needs it. Comments?
>>
>> I'm strongly against remove of stock ftpd. FTP is fastest protocol for both 
>> testing
>> and daily file transfer for trusted isolated segments, and even for WAN 
>> wrapped in IPSec.
>>
>> Our stock ftpd has very short backlog of security issues comparing with 
>> other FTP server implementations,
>> mostly linked with libc or other libraries and not with ftpd code itself.
>>
>> Please don't fix what ain't broken. Please.
> 
> How would you draw the line between something that must be part of the base 
> system vs. something
> that would be better off as part of the ports tree?  What bar should ftpd 
> have to meet to warrant remaining in base vs moving to ports?

POLA at least.

> Personally, I’ve never enabled it nor had any desire to.  FTP is, at this 
> point in time, thoroughly obsolescent,

Because someone told us so? 

> and I cannot imagine that it is something that most people enable, if they 
> are even aware of its existence.
> Why can’t it simply be installed from the ports for the occasional user who 
> still requires it?

This is one of services that should be available even if distfiles/packages are 
not reachable.
You know, sshd used to be in ports too.

> Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or “scp”)?

sftp is not compatible with FTP clients and FTP is faster, basically it is 
plain TCP socket for data transfer.

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Stefan Bethke]

Am 05.04.2021 um 21:01 schrieb Patrick M. Hausen :
> 
> But still even on "the Internet", FTP is the most used method for customers
> of static website hosting. You cannot teach these people what an SSH key is.
> Just my experience, but backed by a load of customer interactions over more
> than 20 years ...

Strato did disable FTP access over a year ago, and instructed customers on how 
to use SSH-based access instead, so it's definitely possible, and people are 
moving towards more secure protocols, even when (non-technical) end users are 
affected.


Srefan

--
Stefan BethkeFon +49 151 14070811



signature.asc
Description: Message signed with OpenPGP

Re: Deprecating base system ftpd?

[Gerald de la Pascua]

+1 again from me too, keep it,

It seems a pointless change of something that it seems a reasonable number
of people are still using,  even if there are better tools now,

G


On Mon, Apr 5, 2021 at 8:16 PM Ted Hatfield  wrote:

> On Mon, 5 Apr 2021, Patrick M. Hausen wrote:
> > Hi all,
> >
> >> Am 03.04.2021 um 22:39 schrieb Ed Maste :
> >> I'm happy to make a port for it if anyone needs it. Comments?
> >
> > A bit late to the party, but my take is: please just don't.
> >
> > I absolutely freaked out when Apple removed the telnet and ftp clients
> > from Mac OS and I needed to reinstall them via MacPorts.
> >
> > People who manage any larger collection of networking gear *depend*
> > on these outdated but simple services. Client and server side alike.
> >
> > TFTP is not going away, neither is FTP. I'm dead serious. Remote media
> > via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP.
> > Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions
> > via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay.
> > In local networks, of course.
> >
> > But still even on "the Internet", FTP is the most used method for
> customers
> > of static website hosting. You cannot teach these people what an SSH key
> is.
> > Just my experience, but backed by a load of customer interactions over
> more
> > than 20 years ...
> >
> > Kind regards,
> > Patrick
> > --
> >
>
>
> Hear! Hear!
>
> Although I don't have any statistics to back this up this
> has been my experience as well.
>
> Sincerely,
>
> Ted Hatfield
>
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Gerald de la Pascua]

"Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or
“scp”)?  Both provide a similar function, securely, which also works with a
basic installation without any ports.  SSHFXP, the protocol underlying sftp
is better specified, less ambiguous and more fault tolerant and safe than
the FTP protocol ever was.  The client is better than most ftp clients, and
the server (/usr/libexec/sftp-server) is started on demand on a
per-connection basis.  What makes FTP more desirable than a service over
SSH which is (from a technical and usability point of view) a better"r FTP
than FTP ever was?"

Because we have a lot of legacy clients, in the field that use ftp to
transfer non sensitive data,
it's simple,  and I don't see the need to revisit this because it's an old
fashioned non encrypted protocol,
you may disagree that's fine,  but for many purposes it does the job.
Sure there may be better tools,  but I see no reason to re issue lots of
client apps that are built on this and are working fine needlessly,

G


On Mon, Apr 5, 2021 at 7:28 PM Roger Leigh  wrote:

> On 3 Apr 2021, at 22:21, Eugene Grosbein  wrote:
> >
> > 04.04.2021 3:39, Ed Maste wrote:
> >
> >> I propose deprecating the ftpd currently included in the base system
> >> before FreeBSD 14, and opened review D26447
> >> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> >> I had originally planned to try to do this before 13.0, but it dropped
> >> off my list. FTP is not nearly as relevant now as it once was, and it
> >> had a security vulnerability that secteam had to address.
> >>
> >> I'm happy to make a port for it if anyone needs it. Comments?
> >
> > I'm strongly against remove of stock ftpd. FTP is fastest protocol for
> both testing
> > and daily file transfer for trusted isolated segments, and even for WAN
> wrapped in IPSec.
> >
> > Our stock ftpd has very short backlog of security issues comparing with
> other FTP server implementations,
> > mostly linked with libc or other libraries and not with ftpd code itself.
> >
> > Please don't fix what ain't broken. Please.
>
> How would you draw the line between something that must be part of the
> base system vs. something that would be better off as part of the ports
> tree?  What bar should ftpd have to meet to warrant remaining in base vs
> moving to ports?
>
> Personally, I’ve never enabled it nor had any desire to.  FTP is, at this
> point in time, thoroughly obsolescent, and I cannot imagine that it is
> something that most people enable, if they are even aware of its
> existence.  Why can’t it simply be installed from the ports for the
> occasional user who still requires it?  Why should the base system contain
> obsolete stuff that few people will use?  Surely the ports tree serves this
> need better?
>
> Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or
> “scp”)?  Both provide a similar function, securely, which also works with a
> basic installation without any ports.  SSHFXP, the protocol underlying sftp
> is better specified, less ambiguous and more fault tolerant and safe than
> the FTP protocol ever was.  The client is better than most ftp clients, and
> the server (/usr/libexec/sftp-server) is started on demand on a
> per-connection basis.  What makes FTP more desirable than a service over
> SSH which is (from a technical and usability point of view) a better FTP
> than FTP ever was?
>
> Kind regards,
> Roger
>
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Gerald de la Pascua]

Speaking for myself,  like some others here,  I would find the removal of
ftp inconvenient, and if it is removed,
please could we have it in an easy to install and configure port.

We have a number of apps that transfer data,  and legacy issues mean that
it's hard to transfer to another protocol.
It's not sensitive data so the security concerns aren't an issue to us.

thanks,

Gerald,


On Sat, Apr 3, 2021 at 9:40 PM Ed Maste  wrote:

> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.
>
> I'm happy to make a port for it if anyone needs it. Comments?
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Andrea Venturoli]

On 4/5/21 8:27 PM, Roger Leigh wrote:


Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or “scp”)?


Because it's an *incompatible* replacement.

While I never enabled ftpd, I was once asked to.
I refused and enabled sftp instead: the problem was that for 99% of the 
customers on the other side of the wire, this wasn't the same thing.

It was hard to make them change their habits, their clients, etc...

That said, I vote for moving ftpd to ports.

Just my 2c.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Lyndon Nerenberg (VE7TFX/VE6BBM)]

Don't forget that Telnet is an actual protocol, which telnet(1)
implements.  nc is (for the most part) just a byte-copying middleman.

There's still gear out there that speaks Telnet, and expects the
client to support it (primarily for things like line mode editing).

--lyndon
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Roderick]

On Sun, 4 Apr 2021, Daniel Morante via freebsd-stable wrote:


My vote is for no.

Reasoning is simple... at what point does it stop?  By continuously moving 
stuff from base to ports, FreeBSD slowly becomes just a Kernel. 


I follow this argumentation.

I do not understand what is the problem leaving it there. It is no bloat.
It was there from the beginning of BSD.

It may be insecure, but can be used in local nets. And who does
not like it, do not need to use it.

We had in base a complete DNS, now only a cashing one. We have a very
robust MTA in base, sendmail, but some people complain against it.

This will never end.

R.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Ed Maste]

On Sat, 3 Apr 2021 at 16:39, Ed Maste  wrote:
>
> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.

I posted this as a proposal for community feedback, and there's
clearly a strong objection to removing the base system ftpd. So, I'm
not going to pursue this any further.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Charles Sprickman via freebsd-stable]

> On Apr 5, 2021, at 3:01 PM, Patrick M. Hausen  wrote:
> 
> Hi all,
> 
> I absolutely freaked out when Apple removed the telnet and ftp clients
> from Mac OS and I needed to reinstall them via MacPorts.

Yep, and what I think many miss IRT to the stock ftpd is that it’s dumb simple 
and “just works”.

For web hosting stuff I generally use something like Proftpd or vsftpd, and, 
IMHO, that’s when you should have to expend brain power to choose something 
from ports - when your use-case (supporting hosting customers, virtual users, 
etc.) requires a non-trivial ftp implementation.

Also I can count on my left hand the number of web hosting customers I’ve run 
into that actually use scp for sftp or even know what that is. They’re using 
the same ftp client they’ve always used (ws-ftp quite often) and the last thing 
they want to do is learn something new.

> People who manage any larger collection of networking gear *depend*
> on these outdated but simple services. Client and server side alike.

I frequently work with people who have limited budgets, and I don’t think I’m 
alone in that. Ebay is chock full of high-volume sellers turning over old 
networking gear that is amazingly good stuff that’s just outdated. I can grab a 
48 port GigE switch with 10gb/s uplink ports for under $200. The market is 
gigantic, and putting old stuff to use on an internal network with proper 
safeguards is not totally crazy. Customers can have multiple fully-loaded 
spares on-site for less than what a year of SmartNet coverage would cost.

My server platform of choice when I want a “support server” for this old stuff 
has always been FreeBSD. Stock tftpd and ftpd are wonderful, and anyone 
professing that those two tiny daemons are “bloat” just hasn’t used Linux.

> TFTP is not going away, neither is FTP. I'm dead serious. Remote media
> via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP.
> Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions
> via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay.
> In local networks, of course.

Preach! And plenty of VoIP gear too!

There are absolutely real world uses for these simple daemons, and I trust some 
stock FreeBSD daemon like this more than something I might fetch from ports - 
both in terms of knowing it’s had some kind of auditing/maintenance by 
qualified people and that it’s going to have an accurate manpage, sane 
defaults, and remain relatively simple/minimal.

I think as everyone has moved to the cloud and devops and all that they forget 
about sysadmins standing up servers as simple utility boxes that support a 
bunch of other gear.

> But still even on "the Internet", FTP is the most used method for customers
> of static website hosting. You cannot teach these people what an SSH key is.
> Just my experience, but backed by a load of customer interactions over more
> than 20 years …

I think some people mean well, and they imagine that if we just tell people to 
move to some monstrosity like Filezilla the problem is solved, but 
realistically it’s just a good way to lose paying customers.

Charles

> 
> Kind regards,
> Patrick
> --
> punkt.de GmbH
> Patrick M. Hausen
> .infrastructure
> 
> Kaiserallee 13a
> 76133 Karlsruhe
> 
> Tel. +49 721 9109500
> 
> https://infrastructure.punkt.de
> i...@punkt.de
> 
> AG Mannheim 108285
> Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
> 



signature.asc
Description: Message signed with OpenPGP

Re: Deprecating base system ftpd?

[Bob Bishop]

Hi,

> On 5 Apr 2021, at 20:01, Patrick M. Hausen  wrote:
> 
> Hi all,
> 
>> Am 03.04.2021 um 22:39 schrieb Ed Maste :
>> I'm happy to make a port for it if anyone needs it. Comments?
> 
> A bit late to the party, but my take is: please just don't.

+1 (later still)

> I absolutely freaked out when Apple removed the telnet and ftp clients
> from Mac OS and I needed to reinstall them via MacPorts.
> 
> People who manage any larger collection of networking gear *depend*
> on these outdated but simple services. Client and server side alike.
> 
> TFTP is not going away, neither is FTP. I'm dead serious. Remote media
> via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP.
> Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions
> via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay.
> In local networks, of course.
> 
> But still even on "the Internet", FTP is the most used method for customers
> of static website hosting. You cannot teach these people what an SSH key is.
> Just my experience, but backed by a load of customer interactions over more
> than 20 years ...
> 
> Kind regards,
> Patrick
> --
> punkt.de GmbH
> Patrick M. Hausen
> .infrastructure
> 
> Kaiserallee 13a
> 76133 Karlsruhe
> 
> Tel. +49 721 9109500
> 
> https://infrastructure.punkt.de
> i...@punkt.de
> 
> AG Mannheim 108285
> Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
> 

--
Bob Bishop
r...@gid.co.uk




___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Ted Hatfield]

On Mon, 5 Apr 2021, Patrick M. Hausen wrote:

Hi all,


Am 03.04.2021 um 22:39 schrieb Ed Maste :
I'm happy to make a port for it if anyone needs it. Comments?


A bit late to the party, but my take is: please just don't.

I absolutely freaked out when Apple removed the telnet and ftp clients
from Mac OS and I needed to reinstall them via MacPorts.

People who manage any larger collection of networking gear *depend*
on these outdated but simple services. Client and server side alike.

TFTP is not going away, neither is FTP. I'm dead serious. Remote media
via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP.
Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions
via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay.
In local networks, of course.

But still even on "the Internet", FTP is the most used method for customers
of static website hosting. You cannot teach these people what an SSH key is.
Just my experience, but backed by a load of customer interactions over more
than 20 years ...

Kind regards,
Patrick
--




Hear! Hear!

Although I don't have any statistics to back this up this
has been my experience as well.

Sincerely,

Ted Hatfield

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Patrick M. Hausen]

Hi all,

> Am 03.04.2021 um 22:39 schrieb Ed Maste :
> I'm happy to make a port for it if anyone needs it. Comments?

A bit late to the party, but my take is: please just don't.

I absolutely freaked out when Apple removed the telnet and ftp clients
from Mac OS and I needed to reinstall them via MacPorts.

People who manage any larger collection of networking gear *depend*
on these outdated but simple services. Client and server side alike.

TFTP is not going away, neither is FTP. I'm dead serious. Remote media
via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP.
Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions
via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay.
In local networks, of course.

But still even on "the Internet", FTP is the most used method for customers
of static website hosting. You cannot teach these people what an SSH key is.
Just my experience, but backed by a load of customer interactions over more
than 20 years ...

Kind regards,
Patrick
--
punkt.de GmbH
Patrick M. Hausen
.infrastructure

Kaiserallee 13a
76133 Karlsruhe

Tel. +49 721 9109500

https://infrastructure.punkt.de
i...@punkt.de

AG Mannheim 108285
Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein



signature.asc
Description: Message signed with OpenPGP

RE: Deprecating base system ftpd?

[Feldman, JamesX Michael]

I'd shed no tears losing ftp+(d).  That noted, tftp (the daemon) is still used 
to load firmware on too many devices (changing) and telnet (the client) can be 
useful in debugging network listeners and chatting with stupid IOTs that can't 
be bothered with using SSH.  I haven't enabled either telnetd or ftpd daemon in 
at least a decade.  My baseline would be, " is this something I'd want working 
from a live iso?".  Maybe the better (and tougher) decision is, "what belongs 
in a modern integrated OS environment?".  I leave that to better minds than 
mine.

jim

-Original Message-
From: owner-freebsd-sta...@freebsd.org  On 
Behalf Of Roger Leigh
Sent: Monday, April 5, 2021 11:27 AM
To: freebsd-stable stable 
Subject: Re: Deprecating base system ftpd?

On 3 Apr 2021, at 22:21, Eugene Grosbein  wrote:
> 
> 04.04.2021 3:39, Ed Maste wrote:
> 
>> I propose deprecating the ftpd currently included in the base system 
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it 
>> dropped off my list. FTP is not nearly as relevant now as it once 
>> was, and it had a security vulnerability that secteam had to address.
>> 
>> I'm happy to make a port for it if anyone needs it. Comments?
> 
> I'm strongly against remove of stock ftpd. FTP is fastest protocol for 
> both testing and daily file transfer for trusted isolated segments, and even 
> for WAN wrapped in IPSec.
> 
> Our stock ftpd has very short backlog of security issues comparing 
> with other FTP server implementations, mostly linked with libc or other 
> libraries and not with ftpd code itself.
> 
> Please don't fix what ain't broken. Please.

How would you draw the line between something that must be part of the base 
system vs. something that would be better off as part of the ports tree?  What 
bar should ftpd have to meet to warrant remaining in base vs moving to ports?

Personally, I’ve never enabled it nor had any desire to.  FTP is, at this point 
in time, thoroughly obsolescent, and I cannot imagine that it is something that 
most people enable, if they are even aware of its existence.  Why can’t it 
simply be installed from the ports for the occasional user who still requires 
it?  Why should the base system contain obsolete stuff that few people will 
use?  Surely the ports tree serves this need better?

Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or “scp”)?  
Both provide a similar function, securely, which also works with a basic 
installation without any ports.  SSHFXP, the protocol underlying sftp is better 
specified, less ambiguous and more fault tolerant and safe than the FTP 
protocol ever was.  The client is better than most ftp clients, and the server 
(/usr/libexec/sftp-server) is started on demand on a per-connection basis.  
What makes FTP more desirable than a service over SSH which is (from a 
technical and usability point of view) a better FTP than FTP ever was?

Kind regards,
Roger   

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Roger Leigh]

On 3 Apr 2021, at 22:21, Eugene Grosbein  wrote:
> 
> 04.04.2021 3:39, Ed Maste wrote:
> 
>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
>> 
>> I'm happy to make a port for it if anyone needs it. Comments?
> 
> I'm strongly against remove of stock ftpd. FTP is fastest protocol for both 
> testing
> and daily file transfer for trusted isolated segments, and even for WAN 
> wrapped in IPSec.
> 
> Our stock ftpd has very short backlog of security issues comparing with other 
> FTP server implementations,
> mostly linked with libc or other libraries and not with ftpd code itself.
> 
> Please don't fix what ain't broken. Please.

How would you draw the line between something that must be part of the base 
system vs. something that would be better off as part of the ports tree?  What 
bar should ftpd have to meet to warrant remaining in base vs moving to ports?

Personally, I’ve never enabled it nor had any desire to.  FTP is, at this point 
in time, thoroughly obsolescent, and I cannot imagine that it is something that 
most people enable, if they are even aware of its existence.  Why can’t it 
simply be installed from the ports for the occasional user who still requires 
it?  Why should the base system contain obsolete stuff that few people will 
use?  Surely the ports tree serves this need better?

Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or “scp”)?  
Both provide a similar function, securely, which also works with a basic 
installation without any ports.  SSHFXP, the protocol underlying sftp is better 
specified, less ambiguous and more fault tolerant and safe than the FTP 
protocol ever was.  The client is better than most ftp clients, and the server 
(/usr/libexec/sftp-server) is started on demand on a per-connection basis.  
What makes FTP more desirable than a service over SSH which is (from a 
technical and usability point of view) a better FTP than FTP ever was?

Kind regards,
Roger   

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Andrea Venturoli]

On 4/5/21 5:28 PM, sth...@nethelp.no wrote:


- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
traffic?


Because I trust my (European) ISP significantly more than I trust big
US companies? Yes, I have a pretty good idea what Cloudflare, Google
etc have said about the queries they receive. I still don't see a
reason to trust them, given their actions in other areas.


I agree.

Another reason is I often have my internal DNS server.

 bye
av.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Doug McIntyre]

On Mon, Apr 05, 2021 at 06:57:31PM +0300, Lev Serebryakov wrote:
> On 05.04.2021 17:44, Cy Schubert wrote:
> 
> > - remove ftp:// and http:// from libfetch. This is 2021 and we should all
> > use https://.
>   Please, explain how to setup simple sever which allows upload and on-server 
> file management with https ;-)
> 
>   I know letters "WebDAV", but I don't know any ftp-like client for it. And 
> server is apache24, which is much more huge security target than simple ftpd.


WebDAV is not simple, is not straight forward to use, and is not a FTP like 
setup for HTTP.

I'd agree that libfetch requires ftp: and http: methods in it.

The server set somebody runs may allow only modern stuff in it, but my network 
has items in it
that only support the old stuff that can't be upgraded short of a forklift 
upgrade.




___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Cy Schubert]

In message 
, Alan Somers writes:
> --bb4fba05bf3ae99f
> Content-Type: text/plain; charset="UTF-8"
>
> On Mon, Apr 5, 2021 at 8:45 AM Cy Schubert 
> wrote:
>
> > In message
> >  > om>
> > , Ed Maste writes:
> > > I propose deprecating the ftpd currently included in the base system
> > > before FreeBSD 14, and opened review D26447
> > > (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> > > I had originally planned to try to do this before 13.0, but it dropped
> > > off my list. FTP is not nearly as relevant now as it once was, and it
> > > had a security vulnerability that secteam had to address.
> >
> > I think this is an excellent start. My shopping list includes:
> >
> > - remove ftp(1)
> > - remove ftpd(8)
> > - remove telnet(1)
> > - remove telnetd(8)
> > - remove ftp:// and http:// from libfetch. This is 2021 and we should all
> > use https://.
> >
>
> Whoa there!  You can't remove ftp and http from libfetch, because FreeBSD
> doesn't control all of the servers that our users need to fetch from.  Not
> even close.
>
>
> > - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
> > traffic?
> >
> > >
> > > I'm happy to make a port for it if anyone needs it. Comments?
> >
> > I've started working on splitting ftp and ftpd into an external git repo.
> > The problem I've encountered is that though only ftp and ftpd are left the
> > resultant repo is still 1.2 GB. If my last attempt fails, there is a
> > choice
> > between a 1.2 GB repo and burning ftp forever then the choice is clear:
> > burn it forever.
> >
> > Adding the following as an option:
> >
> > Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD
> > ftp
> > and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to
> > share our customizations with NetBSD and we simply reply on NetBSD for the
> > client and server in our ports? This last option might be simpler than
> > creating a port.
> >
>
> Maybe, but that would be an impediment to adding Capsicum support.

If they accept #ifdef'd Capsicum patches, great! Otherwise we'd need to 
support a port for a period of time.

>
>
> >
> > Personally, I'd suggest we remove the ftpd server *AND* ftp client and
> > rely
> > on ports. Having worked on UNIX, Internet security, and firewalls over the
> > last 3/5 of my almost 50 year career, I have lamented the existence of the
> > FTP protocol back in 1995 and I hate the FTP protocol with greater a
> > passion today. Let's simply remove all vestiges of FTP from the base
> > system, including libfetch, sooner than later. We don't need it now that
> > we
> > have HTTPS and POST; and sftp.
> >
> > I think we should make it our goal to remove any and all unencrypted
> > protocols from FreeBSD by 2025.
> >
>
> tftpd is still vitally important for PXE booting.  And unencrypted NFS will
> certainly live on past 2025.

Sadly yes but I'm of the opinion we should do as much as we can with the 
low hanging fruit.

I doubt there will be a replacement or enhancement for tftp. Until the IETF 
NFSv4 TLS draft has been widely accepted and implemented across all 
platforms we will need to live with unencrypted NFS for a while. I'm hopful.


-- 
Cheers,
Cy Schubert 
FreeBSD UNIX: Web:  https://FreeBSD.org
NTP:   Web:  https://nwtime.org

The need of the many outweighs the greed of the few.


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Lyndon Nerenberg (VE7TFX/VE6BBM)]

Ruben van Staveren via freebsd-stable writes:

> It is time to deprecate ftp altogether, and any other protocols that =
> embed protocol information in layer 7, thus hurting any #IPv6 migration =
> and deployment technology (SIIT-DC e.g).

> ftp, a protocol not using TLS protection [...]

You seem to be a couple of decades behind the times.

RFC4217 (Securing FTP with TLS) was published on 2005.  IPv6 suopport
dates back to 1998 in RFC 2428 (FTP Extensions for IPv6 and NATs).

It would be nice if the base system ftpd grew TLS support.  OpenBSD has
had this for years.

--lyndon
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Lev Serebryakov]

On 05.04.2021 17:44, Cy Schubert wrote:


- remove ftp:// and http:// from libfetch. This is 2021 and we should all
use https://.

 Please, explain how to setup simple sever which allows upload and on-server 
file management with https ;-)

 I know letters "WebDAV", but I don't know any ftp-like client for it. And 
server is apache24, which is much more huge security target than simple ftpd.

 Even `sftp` is ugly.


- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
traffic?


 As soon as FreeBSD will include in *base* system DoH/DoT recursive server (as it 
includes unbound for simple DNS now). I don't understand why should I trust 
"centralized" DoH services.

 Do we want to import libnghttp2 to base for this?


--
// Lev Serebryakov
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[sthaug]

>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
> 
> I think this is an excellent start. My shopping list includes:
> 
> - remove ftp(1)
> - remove ftpd(8)
> - remove telnet(1)
> - remove telnetd(8)

My preference would be to leave those four in the system. However, I
can live with removal, as long as they are available as ports.

> - remove ftp:// and http:// from libfetch. This is 2021 and we should all 
> use https://.

Please don't. There is still a lot of content not available over https
(and quite a few web sites with only "readonly" type content). Removal
of ftp:// and http:// from libfetch simply means I'll have to install
wget instead - and we're getting ever close to FreeBSD being only a
kernel.

> - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS 
> traffic?

Because I trust my (European) ISP significantly more than I trust big
US companies? Yes, I have a pretty good idea what Cloudflare, Google
etc have said about the queries they receive. I still don't see a
reason to trust them, given their actions in other areas.

Bert Hubert has written much better then I can about moving everything
to DoH/DoT:

https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/

Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Alan Somers]

On Mon, Apr 5, 2021 at 8:45 AM Cy Schubert 
wrote:

> In message
>  om>
> , Ed Maste writes:
> > I propose deprecating the ftpd currently included in the base system
> > before FreeBSD 14, and opened review D26447
> > (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> > I had originally planned to try to do this before 13.0, but it dropped
> > off my list. FTP is not nearly as relevant now as it once was, and it
> > had a security vulnerability that secteam had to address.
>
> I think this is an excellent start. My shopping list includes:
>
> - remove ftp(1)
> - remove ftpd(8)
> - remove telnet(1)
> - remove telnetd(8)
> - remove ftp:// and http:// from libfetch. This is 2021 and we should all
> use https://.
>

Whoa there!  You can't remove ftp and http from libfetch, because FreeBSD
doesn't control all of the servers that our users need to fetch from.  Not
even close.


> - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
> traffic?
>
> >
> > I'm happy to make a port for it if anyone needs it. Comments?
>
> I've started working on splitting ftp and ftpd into an external git repo.
> The problem I've encountered is that though only ftp and ftpd are left the
> resultant repo is still 1.2 GB. If my last attempt fails, there is a
> choice
> between a 1.2 GB repo and burning ftp forever then the choice is clear:
> burn it forever.
>
> Adding the following as an option:
>
> Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD
> ftp
> and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to
> share our customizations with NetBSD and we simply reply on NetBSD for the
> client and server in our ports? This last option might be simpler than
> creating a port.
>

Maybe, but that would be an impediment to adding Capsicum support.


>
> Personally, I'd suggest we remove the ftpd server *AND* ftp client and
> rely
> on ports. Having worked on UNIX, Internet security, and firewalls over the
> last 3/5 of my almost 50 year career, I have lamented the existence of the
> FTP protocol back in 1995 and I hate the FTP protocol with greater a
> passion today. Let's simply remove all vestiges of FTP from the base
> system, including libfetch, sooner than later. We don't need it now that
> we
> have HTTPS and POST; and sftp.
>
> I think we should make it our goal to remove any and all unencrypted
> protocols from FreeBSD by 2025.
>

tftpd is still vitally important for PXE booting.  And unencrypted NFS will
certainly live on past 2025.

-Alan
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Cy Schubert]

In message 
, Ed Maste writes:
> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.

I think this is an excellent start. My shopping list includes:

- remove ftp(1)
- remove ftpd(8)
- remove telnet(1)
- remove telnetd(8)
- remove ftp:// and http:// from libfetch. This is 2021 and we should all 
use https://.
- replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS 
traffic?

>
> I'm happy to make a port for it if anyone needs it. Comments?

I've started working on splitting ftp and ftpd into an external git repo. 
The problem I've encountered is that though only ftp and ftpd are left the 
resultant repo is still 1.2 GB. If my last attempt fails, there is a choice 
between a 1.2 GB repo and burning ftp forever then the choice is clear: 
burn it forever.

Adding the following as an option:

Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD ftp 
and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to 
share our customizations with NetBSD and we simply reply on NetBSD for the 
client and server in our ports? This last option might be simpler than 
creating a port.

Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely 
on ports. Having worked on UNIX, Internet security, and firewalls over the 
last 3/5 of my almost 50 year career, I have lamented the existence of the 
FTP protocol back in 1995 and I hate the FTP protocol with greater a 
passion today. Let's simply remove all vestiges of FTP from the base 
system, including libfetch, sooner than later. We don't need it now that we 
have HTTPS and POST; and sftp.

I think we should make it our goal to remove any and all unencrypted 
protocols from FreeBSD by 2025.


-- 
Cheers,
Cy Schubert 
FreeBSD UNIX: Web:  https://FreeBSD.org
NTP:   Web:  https://nwtime.org

The need of the many outweighs the greed of the few.


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Marek Zarychta]

W dniu 05.04.2021 o 14:10, Ruben van Staveren via freebsd-stable pisze:
> 
> 
>> On 3 Apr 2021, at 22:39, Ed Maste  wrote:
>>
>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
>>
>> I'm happy to make a port for it if anyone needs it. Comments?
> 
> Make it a port
> 
> 
> It is time to deprecate ftp altogether, and any other protocols that embed 
> protocol information in layer 7, thus hurting any #IPv6 migration and 
deployment technology (SIIT-DC e.g).

How would FTP protocol hurt IPv6 deployment? Some transition IPv4 -->
IPv6 techniques will not be able to support it the same way NAT does
hardly cope with FTP protocol. The whole problem looks completely
different. FTP is an ancient protocol where the active mode works fine
only when both ends are directly reachable, so the IPv6 protocol used on
both ends can make the FTP protocol working in active mode again.

> Hopefully the IETF can put up a deprecation notice, just as was done for e.g. 
> TLS 1.0.
> Then we move onward to the self regulating capacity of the community, warning 
> each other on “you have ftp” running.
> 
TLS was to provide security, but TLS 1.0 became considered not secure
enough at some point, the same happened to SSH1 which is no more
trusted. Ancient protocols _do_ exist and probably neither GOPHER nor
FTP will become deprecated as network protocols.

> ftp, a protocol not using TLS protection but by adding it a netadmin needs to 
> manage the port range in their firewalls too because clients behind nat can’t 
> use passive mode with TLS as NAT can’t map things around ¯\_(ツ)_/¯
> 
> It is not worth the time and the hassle. Keep FTP(s) for legacy and internal, 
> serve anyone else with https

There are _many_ devices, which can download files only with FTP or TFTP
protocols. Uploading files with HTTP or HTTPS is impossible, only SCP
sometimes work, but older network equipment usually doesn't support new
ciphers and using SSH/SCP seems to be painful sometimes.

Some protocols are insecure and simplistic from the early design.
Forcing FTP, TFTP or TELNET ban would lead to more frustration of
sysadmins only.
16 years ago insecure from the design DNS gained security support via
DNSSEC. Please consider why DNSSEC is not and likely will soon not be
widely deployed. This was an off-topic note, but probably in place.

With kind regards,

-- 
Marek Zarychta



OpenPGP_signature
Description: OpenPGP digital signature

Re: Deprecating base system ftpd?

[Alan Somers]

On Sun, Apr 4, 2021 at 10:29 PM Eugene Grosbein  wrote:

> On 05.04.2021 06:25, Dave Cottlehuber wrote:
>
> > Eugene mentioned the convenience of ftpd in the same sentence as ipsec.
> > I'm willing to bet those systems have ports installed too.
>
> Ports/packages are great but they are not replacement for solid operating
> system
> with bundled software tested and proven with time.
>
> > If speed is an issue, HTTP supports pipelining, compression, chunked
> > encoding, & parallel connections. I'm not sure ftpd is even in the same
> > game anymore.
>
> Compression and various encodings of raw data are not good for speed.
> sendfile(2) system call used by ftpd to send raw data is good for speed.
> Unlimited CPU power should not be assumed.
>
> > The more code we hang onto in base, the larger the millstone around our
> > necks when moving forwards. Each individual opportunity to slim down
> > base *in itself* is not significant, but cumulatively they represent
> > gridlock.
> >
> > For each removal or deprecation, please consider, is this worth holding
> > the project back for?
>
> Our ftpd code does not hold the project back in any way. It's here, it
> works, it's very good.
>
> High quality bundled software is what we love FreeBSD for.
> Unfortunately, ports tend to rot more quick due to some known reasons.
>

I wouldn't say that anything is "very good" when it has no test suite
whatsoever.  If you want to help, you could write one.  You might take a
look at  libexec/tftpd/tests/ to get started.

-Alan
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Ruben van Staveren via freebsd-stable]

> On 3 Apr 2021, at 22:39, Ed Maste  wrote:
> 
> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.
> 
> I'm happy to make a port for it if anyone needs it. Comments?

Make it a port


It is time to deprecate ftp altogether, and any other protocols that embed 
protocol information in layer 7, thus hurting any #IPv6 migration and 
deployment technology (SIIT-DC e.g).
Hopefully the IETF can put up a deprecation notice, just as was done for e.g. 
TLS 1.0.
Then we move onward to the self regulating capacity of the community, warning 
each other on “you have ftp” running.

ftp, a protocol not using TLS protection but by adding it a netadmin needs to 
manage the port range in their firewalls too because clients behind nat can’t 
use passive mode with TLS as NAT can’t map things around ¯\_(ツ)_/¯

It is not worth the time and the hassle. Keep FTP(s) for legacy and internal, 
serve anyone else with https

Best Regards,
Ruben




signature.asc
Description: Message signed with OpenPGP

Re: Deprecating base system ftpd?

[Eugene Grosbein]

On 05.04.2021 06:25, Dave Cottlehuber wrote:

> Eugene mentioned the convenience of ftpd in the same sentence as ipsec.
> I'm willing to bet those systems have ports installed too.

Ports/packages are great but they are not replacement for solid operating system
with bundled software tested and proven with time.

> If speed is an issue, HTTP supports pipelining, compression, chunked
> encoding, & parallel connections. I'm not sure ftpd is even in the same
> game anymore.

Compression and various encodings of raw data are not good for speed.
sendfile(2) system call used by ftpd to send raw data is good for speed.
Unlimited CPU power should not be assumed.

> The more code we hang onto in base, the larger the millstone around our
> necks when moving forwards. Each individual opportunity to slim down
> base *in itself* is not significant, but cumulatively they represent
> gridlock.
> 
> For each removal or deprecation, please consider, is this worth holding
> the project back for?

Our ftpd code does not hold the project back in any way. It's here, it works, 
it's very good.

High quality bundled software is what we love FreeBSD for.
Unfortunately, ports tend to rot more quick due to some known reasons.


___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Freddie Cash]

On Sun., Apr. 4, 2021, 5:04 p.m. Rick Macklem,  wrote:

>
> I wonder what others find convenient when moving files to/from
> Windows?
>

SCP works beautifully for transferring files to/from Windows stations.
Haven't needed FTP support for about a decade now at $WORK and at home. SSH
has quickly become the ubiquitous replacement for FTP.

Windows 10 even comes with a native OpenSSH client these days (along with
the version that comes with WSL).

As for ftpd being in base, as a user of FreeBSD (not a developer) I'm ok
with it moving to ports or disappearing completely. So long as fetch(8)
supports FTP for connecting to remote FTP servers.


Cheers,
Freddie

Typos due to smartphone keyboard.

>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Charles Sprickman via freebsd-stable]

> On Apr 4, 2021, at 8:05 PM, Daniel Morante via freebsd-stable 
>  wrote:
> 
> My vote is for no.
> 
> Reasoning is simple... at what point does it stop?  By continuously moving 
> stuff from base to ports, FreeBSD slowly becomes just a Kernel. 

That’s a +1 here, both for the “keep it” and for the comment above regarding 
complete OS vs. kernel and a teeny userland.

Ideally, we’d modernize ftpd to support TLS.

The PITA with ports solutions is you immediate run into the issue of which of 
the many ftp daemons is going to fit your needs and not require some 
non-trivial amount of configuration. The stock ftpd ‘just works’ for local user 
accounts and has a simple method for blocking of swaths of users from using it 
if that sort of restriction is needed.

This reminds me of Apple removing the telnet client. Sure, most people don’t 
*need* telnet, but it’s handy to have, both as a simple test tool and as a way 
to get into old crufty network gear that never moved on to ssh.

Charles

> 
> On 4/3/2021 4:39 PM, Ed Maste wrote:
>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
>> 
>> I'm happy to make a port for it if anyone needs it. Comments?
>> ___
>> freebsd-stable@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>> 
> 



signature.asc
Description: Message signed with OpenPGP

Re: Deprecating base system ftpd?

[Ted Hatfield]

My vote is also for no.

I still use it on most of my systems.  Easy to configure easy to use.



On Sun, 4 Apr 2021, Daniel Morante via freebsd-stable wrote:


My vote is for no.

Reasoning is simple... at what point does it stop?  By continuously moving 
stuff from base to ports, FreeBSD slowly becomes just a Kernel. ?


On 4/3/2021 4:39 PM, Ed Maste wrote:

I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.

I'm happy to make a port for it if anyone needs it. Comments?
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"





___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Daniel Morante via freebsd-stable]

My vote is for no.

Reasoning is simple... at what point does it stop?  By continuously 
moving stuff from base to ports, FreeBSD slowly becomes just a Kernel. 


On 4/3/2021 4:39 PM, Ed Maste wrote:

I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.

I'm happy to make a port for it if anyone needs it. Comments?
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Deprecating base system ftpd?

[Rick Macklem]

Dave Cottlehuber wrote:
>> On 03/04/2021 22:39, Ed Maste wrote:
>> > I propose deprecating the ftpd currently included in the base system
>> > before FreeBSD 14, and opened review D26447
>> > (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> > I had originally planned to try to do this before 13.0, but it dropped
>> > off my list. FTP is not nearly as relevant now as it once was, and it
>> > had a security vulnerability that secteam had to address.
>> >
>> > I'm happy to make a port for it if anyone needs it. Comments?
>
>+1 for port. I suspect I last used an FTPd in anger sometime in late 90s,
>and I surmise this is the vast majority.
>
>We will have a very small # of users who require FTPd at all, to make their
>systems useful.
And I bet there are not a lot of users that need caesar, fortune, ...
to make their system useful either. If the goal is to strip the system
down, there are lots of stuff not needed in /usr/src.

>An even smaller # of those users will be unable to use FreeBSD if FTPd is
>only available in a pkg.
Yep. But it's a bit of a bother, although I can definitely live with one in
ports.

>For those objecting, are you *really* in that latter category -- are
>these boxes running without a single port/package installed?
At the moment I have one called "git", plus the dozens of things
it pulls in.

>When 13.0 goes EOL, somewhere after 2025, will you *still* need ftpd in
>14.0 base? It seems a reasonable delay, even for a large corporate, to
>accommodate this change, which can be done in less time than reading
>this email.
No more or less convenient than now.

>Ian's point about preserving paths is a reasonable one, but I had to add
>an ntpd user in last updates, this would be less difficult.
>
>Eugene mentioned the convenience of ftpd in the same sentence as ipsec.
>I'm willing to bet those systems have ports installed too.
>
>If speed is an issue, HTTP supports pipelining, compression, chunked
>encoding, & parallel connections. I'm not sure ftpd is even in the same
>game anymore.
Nope, just easy to move small files around the machines in front of me.
I have no interest in setting up a web server.
I wonder what others find convenient when moving files to/from
Windows?

>The more code we hang onto in base, the larger the millstone around our
>necks when moving forwards. Each individual opportunity to slim down
>base *in itself* is not significant, but cumulatively they represent
>gridlock.
Maybe they should take "ls /usr/bin", remove the obvious essential
ones and have a survey to determine what else is widely used/needed?

>For each removal or deprecation, please consider, is this worth holding
>the project back for?
>
># /etc/src.conf
>WITHOUT_CRUFT=yes
rick

A+
Dave
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Dave Cottlehuber]

> On 03/04/2021 22:39, Ed Maste wrote:
> > I propose deprecating the ftpd currently included in the base system
> > before FreeBSD 14, and opened review D26447
> > (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> > I had originally planned to try to do this before 13.0, but it dropped
> > off my list. FTP is not nearly as relevant now as it once was, and it
> > had a security vulnerability that secteam had to address.
> > 
> > I'm happy to make a port for it if anyone needs it. Comments?

+1 for port. I suspect I last used an FTPd in anger sometime in late 90s,
and I surmise this is the vast majority.

We will have a very small # of users who require FTPd at all, to make their
systems useful.

An even smaller # of those users will be unable to use FreeBSD if FTPd is
only available in a pkg.

For those objecting, are you *really* in that latter category -- are
these boxes running without a single port/package installed?

When 13.0 goes EOL, somewhere after 2025, will you *still* need ftpd in
14.0 base? It seems a reasonable delay, even for a large corporate, to
accommodate this change, which can be done in less time than reading
this email.

Ian's point about preserving paths is a reasonable one, but I had to add
an ntpd user in last updates, this would be less difficult.

Eugene mentioned the convenience of ftpd in the same sentence as ipsec.
I'm willing to bet those systems have ports installed too.

If speed is an issue, HTTP supports pipelining, compression, chunked
encoding, & parallel connections. I'm not sure ftpd is even in the same
game anymore.

The more code we hang onto in base, the larger the millstone around our
necks when moving forwards. Each individual opportunity to slim down
base *in itself* is not significant, but cumulatively they represent
gridlock.

For each removal or deprecation, please consider, is this worth holding
the project back for?

# /etc/src.conf
WITHOUT_CRUFT=yes

A+
Dave
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Jonathan Chen]

On Sun, 4 Apr 2021 at 08:40, Ed Maste  wrote:
>
> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.

I vote for leaving it on the system.

I have a small basic system on a portable hard drive; no installed
ports. Just enough to carry in a USB key, and to plug into any
computer on a network. Having FTP out-of-the-box makes the system
usable as a server immediately without having to search around for an
ftp-package.

Cheers.
-- 
Jonathan Chen 
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Christos Chatzaras]

> On 5 Apr 2021, at 00:22, Miroslav Lachman <000.f...@quip.cz> wrote:
> 
> On 03/04/2021 22:39, Ed Maste wrote:
>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
>> I'm happy to make a port for it if anyone needs it. Comments?
> 
> I am on FreeBSD for more than 20 years, running FTP service on almost all our 
> servers but it never was ftpd from base. I saw other comments against 
> removing it but from my point of view ftpd in base is useless for me.
> And I don't see much cases where FTP service is needed before any other 
> package / port can be installed.
> 
> As always there will be at least two groups of users one for, one against.
> 
> Kind regards
> Miroslav Lachman

I use FTP service too but pure-ftpd.

Also the only reason sometimes I use telnet is to check if SSH is open: "telnet 
server.example.com  22" but I can use "nc 
server.example.com  22"
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Miroslav Lachman]

On 03/04/2021 22:39, Ed Maste wrote:

I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.

I'm happy to make a port for it if anyone needs it. Comments?


I am on FreeBSD for more than 20 years, running FTP service on almost 
all our servers but it never was ftpd from base. I saw other comments 
against removing it but from my point of view ftpd in base is useless 
for me.
And I don't see much cases where FTP service is needed before any other 
package / port can be installed.


As always there will be at least two groups of users one for, one against.

Kind regards
Miroslav Lachman
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Mike Lempriere]

I'm actually in shock that you would propose such a thing!

Many wysiwyg web builders still use ftp as their publishing mechanism.  I'd
bet that most freebsd servers out there have ftpd enabled, but of course
that's just my opinion.  I really wish it would do secure ftp, but that's
another discussion...

My vote is don't remove it from base.


On Sat, Apr 3, 2021 at 1:40 PM Ed Maste  wrote:

> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.
>
> I'm happy to make a port for it if anyone needs it. Comments?
> ___
> freebsd-stable@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>


-- 
Mike Lempriere, Perennial Vintners 206-780-2146
Vintners.net/cell/txt 206-200-5902
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Ian Lepore]

On Sat, 2021-04-03 at 16:39 -0400, Ed Maste wrote:
> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it
> dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.
> 
> I'm happy to make a port for it if anyone needs it. Comments?
> 

I would find the removal of ftpd to be very inconvenient unless there
was a port/pkg to install it from.

If there is a port, it would only be useful if I could set PREFIX=/usr
when building/installing it, so that its behavior when installed as a
port/pkg would be identical to how it was when it was part of base (in
terms of where its config files are located).

-- Ian

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Marek Zarychta]

W dniu 03.04.2021 o 23:30, Rick Macklem pisze:
> Eugene Grosbein wrote:
>> 04.04.2021 3:39, Ed Maste wrote:
>>
>>> I propose deprecating the ftpd currently included in the base system
>>> before FreeBSD 14, and opened review D26447
>>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>>> I had originally planned to try to do this before 13.0, but it dropped
>>> off my list. FTP is not nearly as relevant now as it once was, and it
>>> had a security vulnerability that secteam had to address.
>>>
>>> I'm happy to make a port for it if anyone needs it. Comments?
>> I'm strongly against remove of stock ftpd. FTP is fastest protocol for both 
>> testing
>> and daily file transfer for trusted isolated segments, and even for WAN 
>> wrapped in IPSec.
>>
>> Our stock ftpd has very short backlog of security issues comparing with 
>> other FTP server implementations,
>> mostly linked with libc or other libraries and not with ftpd code itself.
>>
>> Please don't fix what ain't broken. Please.
> I'll +1 this.
>
> I find ftpd very handy on my local lan (for example, Windoze has an ftp 
> client).
> Since it isn't enabled by default, I don't see it as a security concern.
>
> rick

+1

It's a really valuable daemon and without it in the base, FreeBSD won't
be the same network operating system anymore. Both ftpd and tftpd from
the base do their job well, both are handy and pretty straightforward co
to configure, disabled by default and the mourning after the loss of any
of them will last long.

I know, it's not the same ftpd which served at ftp.cdrom.com back in
time but from the ordinary user's point of view, it's considered as an
inherent part of FreeBSD.

With kind regards,

-- 
Marek Zarychta

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Rick Macklem]

Eugene Grosbein wrote:
>04.04.2021 3:39, Ed Maste wrote:
>
>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
>>
>> I'm happy to make a port for it if anyone needs it. Comments?
>
>I'm strongly against remove of stock ftpd. FTP is fastest protocol for both 
>testing
>and daily file transfer for trusted isolated segments, and even for WAN 
>wrapped in IPSec.
>
>Our stock ftpd has very short backlog of security issues comparing with other 
>FTP server implementations,
>mostly linked with libc or other libraries and not with ftpd code itself.
>
>Please don't fix what ain't broken. Please.
I'll +1 this.

I find ftpd very handy on my local lan (for example, Windoze has an ftp client).
Since it isn't enabled by default, I don't see it as a security concern.

rick

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Eugene Grosbein]

04.04.2021 3:39, Ed Maste wrote:

> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.
> 
> I'm happy to make a port for it if anyone needs it. Comments?

I'm strongly against remove of stock ftpd. FTP is fastest protocol for both 
testing
and daily file transfer for trusted isolated segments, and even for WAN wrapped 
in IPSec.

Our stock ftpd has very short backlog of security issues comparing with other 
FTP server implementations,
mostly linked with libc or other libraries and not with ftpd code itself.

Please don't fix what ain't broken. Please.

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Deprecating base system ftpd?

[Warner Losh]

On Sat, Apr 3, 2021 at 2:40 PM Ed Maste  wrote:

> I propose deprecating the ftpd currently included in the base system
> before FreeBSD 14, and opened review D26447
> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
> I had originally planned to try to do this before 13.0, but it dropped
> off my list. FTP is not nearly as relevant now as it once was, and it
> had a security vulnerability that secteam had to address.
>
> I'm happy to make a port for it if anyone needs it. Comments?
>

I already use one of the ports ftpd's for my needs, so this is fine by me.
I'm agnostic about whether we need a port for what was in base, but suspect
that's likely the path of least resistance.

Warner
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Deprecating base system ftpd?

[Ed Maste]

I propose deprecating the ftpd currently included in the base system
before FreeBSD 14, and opened review D26447
(https://reviews.freebsd.org/D26447) to add a notice to the man page.
I had originally planned to try to do this before 13.0, but it dropped
off my list. FTP is not nearly as relevant now as it once was, and it
had a security vulnerability that secteam had to address.

I'm happy to make a port for it if anyone needs it. Comments?
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"