[tahoe-lafs-trac-stream] [tahoe-lafs] #2097: deprecate FTP in favor of SFTP?

tahoe-lafs trac at tahoe-lafs.org
Sun Nov 3 18:54:23 UTC 2013


#2097: deprecate FTP in favor of SFTP?
-------------------------------------------------+-------------------------
 Reporter:  zooko                                |          Owner:  daira
     Type:  defect                               |         Status:  new
 Priority:  normal                               |      Milestone:  1.11.0
Component:  unknown                              |        Version:  1.10.0
 Keywords:  ftpd sftp forward-compatibility      |  Launchpad Bug:
  brians-opinion-needed                          |
-------------------------------------------------+-------------------------
 There are major limitations to the LAFS-FTPd implementation—starting with
 the fact that mutable files just don't work—and there is no intent to fix
 these limitations, because the Tahoe-LAFS developers think that the SFTP
 protocol is better, the LAFS-SFTP implementation already works better, and
 we think everyone should switch from FTP to SFTP. There are more details
 about this here, in addition to the obvious issue that FTP lacks
 confidentiality and integrity: [source:trunk/docs/frontends/FTP-and-
 SFTP.rst] .

 However, I've observed that people continue to use FTP because:
 * They think that the only difference between the two is that SFTP is
 encrypted, and
 * They are accessing it over localhost only, anyway, or they otherwise
 aren't worried about attackers snooping on or altering their files in
 flight, and
 * Setting up LAFS-SFTPd requires an extra step more than setting up LAFS-
 FTPd to create a keypair.

 In other words, I've observed that people are unaware of the limitations
 and problems in the FTP protocol and the LAFS-FTPd implementation,
 mentioned above and documented in [source:trunk/docs/frontends/FTP-and-
 SFTP.rst], even though we've documented them from the beginning. This is a
 lesson we've learned many times: it doesn't matter what the documentation
 says, people will continue to use a feature as long as it *appears* to
 work.

 The most recent example of this pattern is the choice of Stig Atle
 Steffensen to use LAFS-FTPd even though I already told him that there were
 relevant limitations notes in the FTP-and-SFTP.rst document. Apparently he
 didn't read it, didn't notice the limitations part, or thinks those
 limitations are irrelevant to his use case. (Which I guess could be true
 for him, if he uses only ASCII filenames, only immutable files, doesn't
 have servers-of-happiness failures on his grid, etc.)

 This ticket proposes to deprecate and then remove the LAFS-FTPd
 implementation in favor of LAFS-SFTPd. The justification is that LAFS-FTPd
 lacks important functionality, like mutable files, error reporting, and
 non-ASCII filenames, not to mention confidentiality and integrity, and we
 have no plans to add it, because the FTP protocol can't support some of
 those features, and because we've already implemented all of that in LAFS-
 SFTPd and we think anyone who uses LAFS-FTPd could (with only a *little*
 added effort) switch to LAFS-SFTPd.

 I'm marking this with the tag {{{forward-compatibility}}} and putting it
 into Milestone 1.11 because if we want to leave the deprecated LAFS-FTPd
 functionality in place for a full major release, then ''not'' doing the
 deprecation notice in 1.11 will obligate us to keep LAFS-FTPd
 functionality running in 1.12.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2097>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list