From nobody Thu Aug 12 08:15:54 2021 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1B2E6174FB1E for ; Thu, 12 Aug 2021 08:15:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Glfdk09Q2z3vwd for ; Thu, 12 Aug 2021 08:15:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E20351F44D for ; Thu, 12 Aug 2021 08:15:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 17C8FrfQ089264 for ; Thu, 12 Aug 2021 08:15:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 17C8FrQm089263 for ports-bugs@FreeBSD.org; Thu, 12 Aug 2021 08:15:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 257767] Mk/bsd.sites.mk: Disable ftp protocol for fetch MASTER_SITES Date: Thu, 12 Aug 2021 08:15:54 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Ports Framework X-Bugzilla-Version: Latest X-Bugzilla-Keywords: needs-patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: danfe@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: portmgr@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D257767 Alexey Dokuchaev changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |danfe@FreeBSD.org --- Comment #5 from Alexey Dokuchaev --- (In reply to Loic from comment #0) > The FTP protocol is no longer supported in Firefox, Chrome & Co. which ma= kes > it not user-friendly to verify links in the ports. One does not verify distfiles' links with the browser, there are more suita= ble tools for that purpose, from fetch(1) or wget(1) to `ports-mgmt/distilator'. > Finally, the FTP protocol is not secure (not encrypted, which exposes it = to > interceptions or attacks) It does not have to be secure for the purpose of distributing distfiles, th= eir authenticity is ensured by SHA256 hashes which are checked on the receiving end. > and does not have any good maintenance in the source code. This is simply not true, there are plenty of FTP servers which are actively maintained as of today. FTP is old and cumbersome, but still has its users, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256840#c4 for example. > To this end, I think it would be nice to be able to no longer support the= FTP > protocol in the ports How exactly removing a feature, even not very popular one, is *nice* to the users of the Ports Collection? --=20 You are receiving this mail because: You are on the CC list for the bug.=