Deprecating base system ftpd?
sthaug at nethelp.no
sthaug at nethelp.no
Mon Apr 5 15:28:14 UTC 2021
>> I propose deprecating the ftpd currently included in the base system
>> before FreeBSD 14, and opened review D26447
>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>> I had originally planned to try to do this before 13.0, but it dropped
>> off my list. FTP is not nearly as relevant now as it once was, and it
>> had a security vulnerability that secteam had to address.
>
> I think this is an excellent start. My shopping list includes:
>
> - remove ftp(1)
> - remove ftpd(8)
> - remove telnet(1)
> - remove telnetd(8)
My preference would be to leave those four in the system. However, I
can live with removal, as long as they are available as ports.
> - remove ftp:// and http:// from libfetch. This is 2021 and we should all
> use https://.
Please don't. There is still a lot of content not available over https
(and quite a few web sites with only "readonly" type content). Removal
of ftp:// and http:// from libfetch simply means I'll have to install
wget instead - and we're getting ever close to FreeBSD being only a
kernel.
> - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS
> traffic?
Because I trust my (European) ISP significantly more than I trust big
US companies? Yes, I have a pretty good idea what Cloudflare, Google
etc have said about the queries they receive. I still don't see a
reason to trust them, given their actions in other areas.
Bert Hubert has written much better then I can about moving everything
to DoH/DoT:
https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the freebsd-stable
mailing list