[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: website & ftp downloads update
From: |
Daniel Boyd |
Subject: |
Re: website & ftp downloads update |
Date: |
Sun, 22 Oct 2023 09:38:07 -0500 |
I’m very much in favor of protesting the unnecessary obsolescence of perfectly
good technologies, but FTP is a pretty terrible protocol. Securing an FTP
server properly is a bit of a minefield, particularly if you need to
accommodate active mode. Of course, many tools and methods exist to do that,
but it’s kind of silly to think how much collective effort the open source
community has put into working around the flaws and limitations of FTP :)
Sent from my iPhone
> On Oct 22, 2023, at 09:33, Richard Frith-Macdonald
> <richard@frithmacdonald.me.uk> wrote:
>
>
>
>>> On 22 Oct 2023, at 15:16, Riccardo Mottola <riccardo.mottola@libero.it>
>>> wrote:
>>>
>>> Hi Marco,
>>>
>>> Marco Cawthorne wrote:
>>> I was wondering about the download links on the page. They still use
>>> the ftp:// protocol which has regrettably been phased out by every
>>> major browser.
>>
>> well, ftp support is intentional, since it is traditional. Every major
>> browser... you mean every chrome-clone, since Chrome dropped support for it?
>> If Google is too ignorant to distinguish between a hyper-text (transfer
>> protocol) and a file... I don't know...
>> But I guess it is evil that spreads like URL part and protocol hiding, https
>> enforcement for pages that don't need it at all, etc, etc.
>
> I think ftp is (like telnet) being dropped in most places because of it's
> lack of security, and in general I'm in favour of the trend to always use
> encrypted communications.
>
> What seems regrettable is that browsers have dropped ftp:// without
> implementing sftp:// as a replacement, though to be fair, support for large
> file download over https:// is normally fine nowadays.
> So I guess there's no compelling need for sftp://