# What's wrong with pkg over ftp ?



## Alain De Vos (Jan 25, 2022)

.


----------



## SirDice (Jan 25, 2022)

It's going to be removed some time soon.


----------



## Cthulhux (Jan 25, 2022)

That does not explain the "what's wrong with it?" part.


----------



## SirDice (Jan 25, 2022)

Re: service management and upgrades
		


There's nothing "wrong" with it. It just takes a lot of effort, code and support to keep it.


----------



## zirias@ (Jan 25, 2022)

I'd rather ask what *isn't* wrong with FTP. It's one of the oldest protocols still (rarely) used, and it's full of unnecessary complexity and weirdness. Using two connections is just _one_ of them...

For downloads only, a REALLY long time ago FTP was the way to go because HTTP often didn't use 8bit transfers and didn't support "range requests" yet, allowing to resume some download. Well, I'd say not any more for 10 to 15 years now.

For generic remote file access, you want something secure anyways (and just wrapping FTP in TLS doesn't fit the bill here because of that clumsy protocol design). There's SFTP instead working via SSH.


----------



## Cthulhux (Jan 25, 2022)

Zirias said:


> I'd rather ask what *isn't* wrong with FTP.



The relatively small protocol overhead. Admittedly, transferring multiple files at the same time leads to quite some TCP communication though.


----------



## Alain De Vos (Jan 25, 2022)

Can i say that ftp & svn are becoming old protocols and that http & git are the future ?


----------



## Cthulhux (Jan 25, 2022)

Subversion is not a protocol and I still prefer SVN over Git (license, user experience, quality of the community). That's not the point of this thread.


----------



## covacat (Jan 25, 2022)

if restricted to anonymous + passive only is not that bad


----------



## ralphbsz (Jan 26, 2022)

Alain De Vos said:


> Can i say that ftp & svn are becoming old protocols and that http & git are the future ?


For FTP, I would agree. In the last ~5 years, I've not seen any serious use of it in a professional setting, except for some ancient legacy systems that use it internally.

For Subversion: A lot of people still use it. And git is not the only alternative; in freeware distributed version control, Mercurial still has a large following (probably similar to Subversion). A lot of people actually still use CVS, and Perforce still has a very significant market share (in the part of the market where people pay to get a good and supported product). I know that even ClearCase (the old Atria/Rational/IBM product) still sells well enough to have a large support and development organization (I know some personally). Just looked it up: Perforce still has a paid staff of about 250 people. Personally, I no longer use git at all, neither personally (where I have switched to Mercurial, with occasional CVS) nor at work.

So, no git is not "the future"; it is just the most popular free source control system, with a lot of followers nipping at its heels.


----------



## Crivens (Jan 26, 2022)

ralphbsz said:


> So, no git is not "the future"; it is just the most popular free source control system *at this moment*


I think you forgot this.


----------



## zirias@ (Jan 26, 2022)

covacat said:


> if restricted to anonymous + passive only is not that bad


Sure, this works. But it's a very small subset of FTP. Restricted to that, it doesn't offer anything HTTP can't do just as well, so there's no need for it any more.


----------



## unitrunker (Jan 26, 2022)

Cthulhux said:


> Subversion is not a protocol


I'm picking nits here but, yeah it is.






						svnserve
					






					www.freebsd.org


----------



## SKull (Jan 26, 2022)

Alain De Vos said:


> Can i say that ftp & svn are becoming old protocols and that http & git are the future ?


That statement has been true for decades now.


----------



## SirDice (Jan 27, 2022)

[_Mod: Removed a bunch of bickering about VCS software._]


----------



## tux2bsd (Jan 27, 2022)

FTP is bonkers as a protocol.  I look forward to it being a "was".


----------



## SirDice (Jan 27, 2022)

I wouldn't lose any sleep over it, that's for sure. But keep in mind this is only the FTP support on pkg(8) that's likely to be removed. The FTP client and server that's included with the base OS isn't going anywhere. At least not any time soon.


----------



## tux2bsd (Jan 27, 2022)

FTP on the Internet should be discouraged.  The server component should be removed from the base OS and be optionally installed (pkg/whatever) if required.


----------



## SirDice (Jan 27, 2022)

tux2bsd said:


> FTP on the Internet should be discouraged.


Completely agree. It's been years since I actually implemented FTP anywhere (clients or server). 



tux2bsd said:


> The server component should be removed from the base OS and be optionally installed (pkg/whatever) if required.


People get really defensive when it comes to changes to the base OS. So I don't see this happening any time soon.


----------



## zirias@ (Jan 27, 2022)

I don't mind a base OS to include many (smaller, traditional) tools that aren't used that often. There are quite a few examples, e.g. inetd(8) is rarely used, cu(1) probably as well, still I need both of them and I'm glad they stay in base.

FTP might have its "ad hoc" uses in some local network as well.

I do agree though it should be avoided on the internet today.


----------



## drhowarddrfine (Jan 27, 2022)

But how do you transfer files using https in a manner similar to sftp/ftp?


----------



## zirias@ (Jan 27, 2022)

You just download them? For this, http is actually the simpler protocol (and still offers all the features necessary).

If you want full remote file access (and, of course, authentication), use SFTP. That's an _entirely_ different (and sane) protocol.


----------



## drhowarddrfine (Jan 27, 2022)

But didn't earlier it get mentioned that was being removed, also? 

EDIT: I think I read that on the mailing list


----------



## zirias@ (Jan 27, 2022)

What's going to be removed is FTP support _from pkg_. I don't think pkg ever supported SFTP, or _maybe_ that's part of the SSH support (which will stay).


----------



## drhowarddrfine (Jan 27, 2022)

I also don't understand how one would just download using https. You can't do that from the command line. Or upload either


----------



## zirias@ (Jan 27, 2022)

fetch(1). And uploading is out of scope for pkg.


----------



## drhowarddrfine (Jan 27, 2022)

Well, that's what I didn't understand. I was reading people saying don't use ftp, use http instead but you can't enter `https something` and have that work that way. I was taking their statement literally because that's how they wrote it.


----------



## zirias@ (Jan 27, 2022)

Any such statement was talking about protocols, not commands. And fetch(1) supports more than just one protocol...

Furthermore, that's just about sane practice. FTP tools won't be removed, as mentioned multiple times.


----------

