[tahoe-lafs-trac-stream] [tahoe-lafs] #2097: deprecate FTP in favor of SFTP?
tahoe-lafs
trac at tahoe-lafs.org
Sun Nov 3 18:54:23 UTC 2013
#2097: deprecate FTP in favor of SFTP?
-------------------------------------------------+-------------------------
Reporter: zooko | Owner: daira
Type: defect | Status: new
Priority: normal | Milestone: 1.11.0
Component: unknown | Version: 1.10.0
Keywords: ftpd sftp forward-compatibility | Launchpad Bug:
brians-opinion-needed |
-------------------------------------------------+-------------------------
There are major limitations to the LAFS-FTPd implementation—starting with
the fact that mutable files just don't work—and there is no intent to fix
these limitations, because the Tahoe-LAFS developers think that the SFTP
protocol is better, the LAFS-SFTP implementation already works better, and
we think everyone should switch from FTP to SFTP. There are more details
about this here, in addition to the obvious issue that FTP lacks
confidentiality and integrity: [source:trunk/docs/frontends/FTP-and-
SFTP.rst] .
However, I've observed that people continue to use FTP because:
* They think that the only difference between the two is that SFTP is
encrypted, and
* They are accessing it over localhost only, anyway, or they otherwise
aren't worried about attackers snooping on or altering their files in
flight, and
* Setting up LAFS-SFTPd requires an extra step more than setting up LAFS-
FTPd to create a keypair.
In other words, I've observed that people are unaware of the limitations
and problems in the FTP protocol and the LAFS-FTPd implementation,
mentioned above and documented in [source:trunk/docs/frontends/FTP-and-
SFTP.rst], even though we've documented them from the beginning. This is a
lesson we've learned many times: it doesn't matter what the documentation
says, people will continue to use a feature as long as it *appears* to
work.
The most recent example of this pattern is the choice of Stig Atle
Steffensen to use LAFS-FTPd even though I already told him that there were
relevant limitations notes in the FTP-and-SFTP.rst document. Apparently he
didn't read it, didn't notice the limitations part, or thinks those
limitations are irrelevant to his use case. (Which I guess could be true
for him, if he uses only ASCII filenames, only immutable files, doesn't
have servers-of-happiness failures on his grid, etc.)
This ticket proposes to deprecate and then remove the LAFS-FTPd
implementation in favor of LAFS-SFTPd. The justification is that LAFS-FTPd
lacks important functionality, like mutable files, error reporting, and
non-ASCII filenames, not to mention confidentiality and integrity, and we
have no plans to add it, because the FTP protocol can't support some of
those features, and because we've already implemented all of that in LAFS-
SFTPd and we think anyone who uses LAFS-FTPd could (with only a *little*
added effort) switch to LAFS-SFTPd.
I'm marking this with the tag {{{forward-compatibility}}} and putting it
into Milestone 1.11 because if we want to leave the deprecated LAFS-FTPd
functionality in place for a full major release, then ''not'' doing the
deprecation notice in 1.11 will obligate us to keep LAFS-FTPd
functionality running in 1.12.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2097>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list