Sujet : Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
De : nobody (at) *nospam* dizum.com (Nomen Nescio)
Groupes : news.admin.hierarchies news.software.nntpDate : 04. Dec 2024, 07:26:26
Autres entêtes
Organisation : dizum.com - The Internet Problem Provider
Message-ID : <19ceb2a0f72f32564e467071659b1f43@dizum.com>
References : 1 2
On 26 Sep 2024, "Adam H. Kerman" <
ahk@chinet.com> posted some
news:vd4oqj$dd1r$1@dont-email.me:
Dan Mahoney <dmahoney@isc.org> wrote:
All,
ISC is the operator of the F-root DNS server as well as the makers of
BIND, ISC DHCP, Kea, as well as historic other pieces of software. We
also have had a long relationship with the team that makes INN. For
largely historical reasons, ISC also works with those same authors to
publish a canonical list of newsgroups over at ftp.isc.org.
However, as ISC also offers support contracts for BIND and Kea, and
those customers have their own due diligence policies, we are often
subject to scrutiny and audits about how our network runs, and even
for a venerable URL like ftp.isc.org, we get questions from auditors
like "did you know you have a public FTP server on your network!
Why!?"
It saddens me that people who should know better think that the mere
existence of the FTP server potentially compromises security on other
hosts in the network.
I'm sorry you were pressured here.
. . .
Ergo, it seems to be a simple enough matter to tell people who fetch
those usenet control files via anonymous FTP to simply switch to
HTTPS. As a benefit, this also allows us to use the CDN provider we
already use for downloads.isc.org. The url would remain ftp.isc.org,
and the pathing would remain the same. We'd still sync the data from
Russ as we already do).
Switching to https is not so simple. Those of us who use it regularly
want to see directory listings. I get these automatically using an ftp
client but not when I use a browser. With a browser, subdirectories
are listed but Russ's README is not (I think there are three of them).
Every single directory, then, requires a frequently regenerated
index.html file that's literally a directory listing, both files and
subdirectories.
We do not have a specific date yet (this depends on specific feedback
from the community), but on the order of a month or two sounds
reasonable. If any software, such as INN, ships with the "ftp"
protocol baked-in, this gives enough time for people to put out new
releases and docs that point at the change, or at least add the change
to their README's, and the like.
If/when this happens I'd likely also make a quick post to a few other
network operator places, and suggestions as to where to do so are
welcome.
If there are objections or considerations, please feel free to reply
here or contact me directly.
I don't think there is a problem to solve, but it's too late for the
pebbles to vote. I sort of expected this to happen years ago.
This is the modern world of smartphone retards. We fire them every 27
days.
ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
