I propose deprecating the ftpd currently included in the base system before FreeBSD 14, and opened review D26447 (https://reviews.freebsd.org/D26447) to add a notice to the man page. I had originally planned to try to do this before 13.0, but it dropped off my list. FTP is not nearly as relevant now as it once was, and it had a security vulnerability that secteam had to address. I'm happy to make a port for it if anyone needs it. Comments?
On Sat, Apr 3, 2021 at 2:40 PM Ed Maste <emaste at freebsd.org> wrote:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments? >I already use one of the ports ftpd's for my needs, so this is fine by me. I'm agnostic about whether we need a port for what was in base, but suspect that's likely the path of least resistance. Warner
04.04.2021 3:39, Ed Maste wrote:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments?I'm strongly against remove of stock ftpd. FTP is fastest protocol for both testing and daily file transfer for trusted isolated segments, and even for WAN wrapped in IPSec. Our stock ftpd has very short backlog of security issues comparing with other FTP server implementations, mostly linked with libc or other libraries and not with ftpd code itself. Please don't fix what ain't broken. Please.
I'm actually in shock that you would propose such a thing! Many wysiwyg web builders still use ftp as their publishing mechanism. I'd bet that most freebsd servers out there have ftpd enabled, but of course that's just my opinion. I really wish it would do secure ftp, but that's another discussion... My vote is don't remove it from base. On Sat, Apr 3, 2021 at 1:40 PM Ed Maste <emaste at freebsd.org> wrote:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments? > _______________________________________________ > freebsd-stable at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org" >-- Mike Lempriere, Perennial Vintners 206-780-2146 Vintners.net/cell/txt 206-200-5902
On Sat, 2021-04-03 at 16:39 -0400, Ed Maste wrote:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it > dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments? >I would find the removal of ftpd to be very inconvenient unless there was a port/pkg to install it from. If there is a port, it would only be useful if I could set PREFIX=/usr when building/installing it, so that its behavior when installed as a port/pkg would be identical to how it was when it was part of base (in terms of where its config files are located). -- Ian
On 03/04/2021 22:39, Ed Maste wrote:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments?I am on FreeBSD for more than 20 years, running FTP service on almost all our servers but it never was ftpd from base. I saw other comments against removing it but from my point of view ftpd in base is useless for me. And I don't see much cases where FTP service is needed before any other package / port can be installed. As always there will be at least two groups of users one for, one against. Kind regards Miroslav Lachman
On Sun, 4 Apr 2021 at 08:40, Ed Maste <emaste at freebsd.org> wrote:> > I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address.I vote for leaving it on the system. I have a small basic system on a portable hard drive; no installed ports. Just enough to carry in a USB key, and to plug into any computer on a network. Having FTP out-of-the-box makes the system usable as a server immediately without having to search around for an ftp-package. Cheers. -- Jonathan Chen <jonc at chen.org.nz>
My vote is for no. Reasoning is simple... at what point does it stop?? By continuously moving stuff from base to ports, FreeBSD slowly becomes just a Kernel. ? On 4/3/2021 4:39 PM, Ed Maste wrote:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments? > _______________________________________________ > freebsd-stable at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org" >-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4571 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20210404/5645ec39/attachment.bin>
> On 3 Apr 2021, at 22:39, Ed Maste <emaste at freebsd.org> wrote: > > I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments?Make it a port It is time to deprecate ftp altogether, and any other protocols that embed protocol information in layer 7, thus hurting any #IPv6 migration and deployment technology (SIIT-DC e.g). Hopefully the IETF can put up a deprecation notice, just as was done for e.g. TLS 1.0. Then we move onward to the self regulating capacity of the community, warning each other on ?you have ftp? running. ftp, a protocol not using TLS protection but by adding it a netadmin needs to manage the port range in their firewalls too because clients behind nat can?t use passive mode with TLS as NAT can?t map things around ?\_(?)_/? It is not worth the time and the hassle. Keep FTP(s) for legacy and internal, serve anyone else with https Best Regards, Ruben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20210405/11f979b8/attachment.sig>
In message <CAPyFy2AbP2X339zbemZ9Y8edjNKdyygnR9mH48Q78nxwDtOBAg at mail.gmail.c om> , Ed Maste writes:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address.I think this is an excellent start. My shopping list includes: - remove ftp(1) - remove ftpd(8) - remove telnet(1) - remove telnetd(8) - remove ftp:// and http:// from libfetch. This is 2021 and we should all use https://. - replace DNS lookups with DoH and/or DoT. Why let your ISP see your DNS traffic?> > I'm happy to make a port for it if anyone needs it. Comments?I've started working on splitting ftp and ftpd into an external git repo. The problem I've encountered is that though only ftp and ftpd are left the resultant repo is still 1.2 GB. If my last attempt fails, there is a choice between a 1.2 GB repo and burning ftp forever then the choice is clear: burn it forever. Adding the following as an option: Also note that the tnftp ports are the NetBSD ftp and ftpd. The FreeBSD ftp and ftpd are simply copies of tnftp and tnfpd. Would it make more sense to share our customizations with NetBSD and we simply reply on NetBSD for the client and server in our ports? This last option might be simpler than creating a port. Personally, I'd suggest we remove the ftpd server *AND* ftp client and rely on ports. Having worked on UNIX, Internet security, and firewalls over the last 3/5 of my almost 50 year career, I have lamented the existence of the FTP protocol back in 1995 and I hate the FTP protocol with greater a passion today. Let's simply remove all vestiges of FTP from the base system, including libfetch, sooner than later. We don't need it now that we have HTTPS and POST; and sftp. I think we should make it our goal to remove any and all unencrypted protocols from FreeBSD by 2025. -- Cheers, Cy Schubert <Cy.Schubert at cschubert.com> FreeBSD UNIX: <cy at FreeBSD.org> Web: https://FreeBSD.org NTP: <cy at nwtime.org> Web: https://nwtime.org The need of the many outweighs the greed of the few.
Hi all,> Am 03.04.2021 um 22:39 schrieb Ed Maste <emaste at freebsd.org>: > I'm happy to make a port for it if anyone needs it. Comments?A bit late to the party, but my take is: please just don't. I absolutely freaked out when Apple removed the telnet and ftp clients from Mac OS and I needed to reinstall them via MacPorts. People who manage any larger collection of networking gear *depend* on these outdated but simple services. Client and server side alike. TFTP is not going away, neither is FTP. I'm dead serious. Remote media via Supermicro IPMI in 2021? SMB1. Firmware updates for my UPS? FTP. Scanner/printer/fax all-in-one thingy? Uploads received fax transmissions via FTP. PBX? Uploads usage reports via FTP. This stuff is here to stay. In local networks, of course. But still even on "the Internet", FTP is the most used method for customers of static website hosting. You cannot teach these people what an SSH key is. Just my experience, but backed by a load of customer interactions over more than 20 years ... Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info at punkt.de AG Mannheim 108285 Gesch?ftsf?hrer: J?rgen Egeling, Daniel Lienert, Fabian Stein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Message signed with OpenPGP URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20210405/ade219b6/attachment.sig>
On Sat, 3 Apr 2021 at 16:39, Ed Maste <emaste at freebsd.org> wrote:> > I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page.I posted this as a proposal for community feedback, and there's clearly a strong objection to removing the base system ftpd. So, I'm not going to pursue this any further.
Speaking for myself, like some others here, I would find the removal of ftp inconvenient, and if it is removed, please could we have it in an easy to install and configure port. We have a number of apps that transfer data, and legacy issues mean that it's hard to transfer to another protocol. It's not sensitive data so the security concerns aren't an issue to us. thanks, Gerald, On Sat, Apr 3, 2021 at 9:40 PM Ed Maste <emaste at freebsd.org> wrote:> I propose deprecating the ftpd currently included in the base system > before FreeBSD 14, and opened review D26447 > (https://reviews.freebsd.org/D26447) to add a notice to the man page. > I had originally planned to try to do this before 13.0, but it dropped > off my list. FTP is not nearly as relevant now as it once was, and it > had a security vulnerability that secteam had to address. > > I'm happy to make a port for it if anyone needs it. Comments? > _______________________________________________ > freebsd-stable at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org" >