Sujet : Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
De : mm+usenet-es (at) *nospam* dorfdsl.de (Marco Moock)
Groupes : news.admin.hierarchies news.software.nntpDate : 27. Sep 2024, 16:25:47
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vd6ips$ou6o$1@dont-email.me>
References : 1
On 26.09.2024 um 22:17 Uhr Dan Mahoney wrote:
However, as ISC also offers support contracts for BIND and Kea, and
those customers have their own due diligence policies, we are often
subject to scrutiny and audits about how our network runs, and even
for a venerable URL
like ftp.isc.org, we get questions from auditors like "did you know
you have a public FTP server on your network! Why!?"
Why is that a problem for your customers?
FTP is unencrypted, but the stuff on the ftp server is public.
I know that some people hate this protocol and want everybody to use
HTTPS, but HTTPS has some vast disadvantages compared to FTP.
We also no longer live in the world where a copy of curl/wget that
supports modern ciphers is not available everywhere.
ftp supports a standardized directory listing. HTTP doesn't. One big
reason for not using HTTP.
Ergo, it seems to be a simple enough matter to tell people who fetch
those usenet control files via anonymous FTP to simply switch to
HTTPS. As a benefit, this also allows us to use the CDN provider we
already use for downloads.isc.org.
Is there that much traffic that a CDN is needed?
I like the distributed concept of the internet and I see a big
disadvantage in sourcing that out to only a small amount of CDN
operators.
We do not have a specific date yet (this depends on specific feedback
from the community), but on the order of a month or two sounds
reasonable.
This will most likely break many usenet servers because I don't think
every newsmaster will have a look at such stuff that often.
If any software, such as INN, ships with the "ftp"
protocol baked-in, this gives enough time for people to put out new
releases and docs that point at the change, or at least add the
change to their README's, and the like.
Might be true, but be aware that most systems run on operating systems
that don't always have the latest upstream packages. Systems like
Debian have package versions that are sometimes older than 1 or 2 years
with security backports.
If there are objections or considerations, please feel free to reply
here or contact me directly.
I don't see a real reason to shut down the ftp server. If some of your
customers don't like the FTP protocol, they don't need to use it.
-- kind regardsMarcoSend spam to 1727381856muell@cartoonies.org
ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
