ftp down
Ineiev
ineiev at gnu.org
Fri Aug 23 06:36:35 CEST 2024
On Thu, Aug 22, 2024 at 07:12:37PM -0500, Jacob Bachmeyer via Gnupg-users wrote:
> > [...]
> > > I would encourage resuming FTP distribution, since I see no
> > > plausible security benefit to omitting it.
> >
> > For the download usecase, I see no plausible benefit to providing FTP
> > service in addition to HTTPS. A web server plus an FTP server will
> > always be a larger attack surface than only the web server. I recommend
> > leaving the FTP server off.
>
> FTP is a longstanding and simple protocol; accordingly, FTP servers were all
> hardened long ago. The incremental risk is slight, compared to the
> complexity of a modern httpd.
At the same time, FTP would provide redundancy. I don't think HTTPS
failures are absolutely uncommon these days.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240823/1e84a604/attachment.sig>
More information about the Gnupg-users
mailing list