Re: Deprecation of the ftp support in pkg

From: Jan Bramkamp <>
Date: Mon, 24 Jan 2022 15:05:02 UTC
On 24.01.22 10:56, Helge Oldach wrote:
> Jose Quinteiro wrote on Mon, 24 Jan 2022 07:40:03 +0100 (CET):
>> On 1/23/22 13:12, Helge Oldach wrote:
>>> Stefan Esser wrote on Sun, 23 Jan 2022 21:08:30 +0100 (CET):
>>>> Am 23.01.22 um 18:12 schrieb Jose Quinteiro:
>>>>> On 1/23/22 09:06, tech-lists wrote:
>>>>>> On Sun, Jan 23, 2022 at 08:55:09AM -0800, Jose Quinteiro wrote:
>>>>>>> You can run HTTP on a non-standard port. For example, 8080 is commonly
>>>>>>> used. As an added bonus, this means that the HTTP server need not run as
>>>>>>> root.
>>>>>> Unless I'm mistaken, there is no web server in base. There is though, an
>>>>>> ftp server.
>>>>> Touche. I wouldn't mind having Thttpd in base.
>>>> An interesting idea, we have it as a port in www/thttpd.
>>> Does thttpd support SSL in the meantime? I suspect that is an option people would ask for instantly.
>> It does not. This is by design. It is really meant to be as small and
>> simple as possible.
> www/webfs is significantly simpler and smaller (5k LOC compared to
> thttpd's 17k) and lacks SSL as well.
> I'd say importing NetBSD's or OpenBSD's httpd would be the better option
> then - www/obhttpd is in ports already. Apart from serving pkg purposes
> (as discussed here) it will bring in a resonable http server and feature
> parity with *BSD.

Can the OpenBSD httpd be relied on to work with the OpenSSL version 
included in base? One of the problems with OpenBSD daemons is that an 
ever increasing number of them dropped support for the complex and error 
prone OpenSSL API and replaced them with the simpler libtls API calls 
only available as part of LibreTLS. There is also a trend among recently 
(re-)written daemons to rely heavily on pledge() and unveil() for 
security going as far as replacing the elaborate priv-sep designs used 
previously by OpenBSD for their daemons.