Deprecating base system ftpd?

Chris bsd-lists at bsdforge.com
Wed Apr 7 17:27:44 UTC 2021 

On 2021-04-05 11:27, Roger Leigh wrote:
> On 3 Apr 2021, at 22:21, Eugene Grosbein <eugen at grosbein.net> wrote:
>> 
>> 04.04.2021 3:39, Ed Maste wrote:
>> 
>>> I propose deprecating the ftpd currently included in the base system
>>> before FreeBSD 14, and opened review D26447
>>> (https://reviews.freebsd.org/D26447) to add a notice to the man page.
>>> I had originally planned to try to do this before 13.0, but it dropped
>>> off my list. FTP is not nearly as relevant now as it once was, and it
>>> had a security vulnerability that secteam had to address.
>>> 
>>> I'm happy to make a port for it if anyone needs it. Comments?
>> 
>> I'm strongly against remove of stock ftpd. FTP is fastest protocol for both 
>> testing
>> and daily file transfer for trusted isolated segments, and even for WAN 
>> wrapped in IPSec.
>> 
>> Our stock ftpd has very short backlog of security issues comparing with 
>> other FTP server implementations,
>> mostly linked with libc or other libraries and not with ftpd code itself.
>> 
>> Please don't fix what ain't broken. Please.
> 
> How would you draw the line between something that must be part of the base 
> system
> vs. something that would be better off as part of the ports tree?  What bar 
> should
> ftpd have to meet to warrant remaining in base vs moving to ports?
> 
> Personally, I’ve never enabled it nor had any desire to.  FTP is, at this 
> point in
> time, thoroughly obsolescent, and I cannot imagine that it is something that 
> most
> people enable, if they are even aware of its existence.  Why can’t it simply 
> be
> installed from the ports for the occasional user who still requires it?  Why
> should the base system contain obsolete stuff that few people will use?  
> Surely
> the ports tree serves this need better?
> 
> Can I ask, for those who do enable it, why isn’t “sftp” acceptable (or 
> “scp”)?
Sure. Because it's part of a one-time task. It might be part of a server 
setup. Or
might a task that must be done on thousands of machines. It needs to be 
available
out-of-the-box, and needs no overhead for setup (key exchange, config, 
etc...).
This scenario may also be on machines w/o any external sources/packages. IOW
everything should be available out of the box, with little to no additional
setup overhead. ftp(1), and ftpd(8) provide everything required at no 
additional
cost. :-)
> Both provide a similar function, securely, which also works with a basic
> installation without any ports.  SSHFXP, the protocol underlying sftp is 
> better
> specified, less ambiguous and more fault tolerant and safe than the FTP 
> protocol
> ever was.  The client is better than most ftp clients, and the server
> (/usr/libexec/sftp-server) is started on demand on a per-connection basis.  
> What
> makes FTP more desirable than a service over SSH which is (from a technical 
> and
> usability point of view) a better FTP than FTP ever was?
> 
> Kind regards,
> Roger
> 
--Chris

More information about the freebsd-stable mailing list