Sujet : Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
De : vallor (at) *nospam* cultnix.org (vallor)
Groupes : news.admin.hierarchies news.software.nntpDate : 29. Sep 2024, 04:57:57
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vdaj84$1fa7h$2@dont-email.me>
References : 1 2
User-Agent : Pan/0.160 (Toresk; 54aa2a97; Linux-6.11.0)
On Thu, 26 Sep 2024 22:56:19 -0000 (UTC), "Adam H. Kerman"
<
ahk@chinet.com> wrote in <
vd4oqj$dd1r$1@dont-email.me>:
Dan Mahoney <dmahoney@isc.org> wrote:
All,
ISC is the operator of the F-root DNS server as well as the makers of
BIND, ISC DHCP, Kea, as well as historic other pieces of software. We
also have had a long relationship with the team that makes INN. For
largely historical reasons, ISC also works with those same authors to
publish a canonical list of newsgroups over at ftp.isc.org.
However, as ISC also offers support contracts for BIND and Kea, and
those customers have their own due diligence policies, we are often
subject to scrutiny and audits about how our network runs, and even for
a venerable URL like ftp.isc.org, we get questions from auditors like
"did you know you have a public FTP server on your network! Why!?"
It saddens me that people who should know better think that the mere
existence of the FTP server potentially compromises security on other
hosts in the network.
I'm sorry you were pressured here.
. . .
Ergo, it seems to be a simple enough matter to tell people who fetch
those usenet control files via anonymous FTP to simply switch to HTTPS.
As a benefit, this also allows us to use the CDN provider we already use
for downloads.isc.org. The url would remain ftp.isc.org, and the
pathing would remain the same. We'd still sync the data from Russ as we
already do).
Switching to https is not so simple. Those of us who use it regularly
want to see directory listings. I get these automatically using an ftp
client but not when I use a browser. With a browser, subdirectories are
listed but Russ's README is not (I think there are three of them).
Every single directory, then, requires a frequently regenerated
index.html file that's literally a directory listing, both files and
subdirectories.
This turns out not to be the case. Apache can be configured
to provide directory indexes, and that's what the site appears to
be doing now.
However, some files may be named in such a way that they aren't
being picked up by the directory indexing code. That could be
rectified, and I hope they do so.
And thanks to Dan for posting.
-- -v
ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
