ftp down

Jacob Bachmeyer jcb62281 at gmail.com
Wed Aug 21 02:19:23 CEST 2024


Werner Koch wrote:
> On Tue, 20 Aug 2024 00:26, Jacob Bachmeyer said:
>
>   
>> I would encourage resuming FTP distribution, since I see no plausible
>> security benefit to omitting it.
>>     
>
> I agree with your arguments.  However, not providing FTP saves us from a
> lot of bike shedding discussions ;-)
>   

Like what?  Whether to provide FTP?  ;-)

> Another reason why we stopped FTP is that I currently don't anymore
> trust the oftpd we are using because it seems I have to maintain it
> myself.  Moving to Apache might be an option but that can only be done
> when we also move the web server to Apache.  We are still running Boa
> instances behind Pound on pretty old hardware.  This needs to be
> changed, I know.
>   

Admittedly, I was assuming currently-maintained software on the server.  
(Although FTP is simple enough that I would expect the exploitable bugs 
in *ftpd to have all been fixed by now.)  If you need to disable FTP for 
the time being until new software can be installed on the server, well, 
that is what it is.

I would suggest checking what ftpd Debian ships and using that.


-- Jacob




More information about the Gnupg-users mailing list