Path: ...!Xl.tags.giganews.com!local-4.nntp.ord.giganews.com!news.giganews.com.POSTED!not-for-mail
NNTP-Posting-Date: Thu, 26 Sep 2024 22:17:40 +0000
Newsgroups: news.admin.hierarchies,news.software.nntp
Date: Thu, 26 Sep 2024 22:17:36 +0000
From: Dan Mahoney <dmahoney@isc.org>
Subject: ISC will likely be shutting down FTP access to ftp.isc.org soon
 (https will remain)
Message-ID: <1f19a554-8a81-ce8c-8ac6-7ab1e053a632@isc.org>
X-OpenPGP-Key-ID: 0xE919EC51
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Lines: 47
X-Usenet-Provider: http://www.giganews.com
X-Trace: sv3-pHirEW0T4OGT5QYvo3z3u0VxJUZT0yvsBYp1h8mTJa+g5PVFLmh5Utwu0sjwpMEnWhQzhzuJxPRIRBJ!W2QLZOTe4ubPscFpVAQ3DL4WRFSuJcDza1/8PRmp2gXKPbxo2DNPxjmFe/8jzEFS67d3uhGR
X-Complaints-To: abuse@giganews.com
X-DMCA-Notifications: http://www.giganews.com/info/dmca.html
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
Bytes: 3226

All,

ISC is the operator of the F-root DNS server as well as the makers of 
BIND, ISC DHCP, Kea, as well as historic other pieces of software.  We 
also have had a long relationship with the team that makes INN.  For 
largely historical reasons, ISC also works with those same authors to 
publish a canonical list of newsgroups over at ftp.isc.org.

However, as ISC also offers support contracts for BIND and Kea, and those 
customers have their own due diligence policies, we are often subject to 
scrutiny and audits about how our network runs, and even for a venerable 
URL like ftp.isc.org, we get questions from auditors like "did you know 
you have a public FTP server on your network!  Why!?"

FTP is also unencrypted, (ftps really never gained any traction as a url 
scheme), and in the modern internet, a push for SSL everywhere feels 
reasonable as well.  The days of hosting mirrors of other FTP sites seem 
to belong to a bygone era, and I've disabled the generation of old-school 
files like MIRRORED.BY and ls-lr.gz.

We also no longer live in the world where a copy of curl/wget that 
supports modern ciphers is not available everywhere.

===

Ergo, it seems to be a simple enough matter to tell people who fetch 
those usenet control files via anonymous FTP to simply switch to HTTPS.  
As a benefit, this also allows us to use the CDN provider we already use 
for downloads.isc.org.  The url would remain ftp.isc.org, and the pathing 
would remain the same.  We'd still sync the data from Russ as we already 
do).

We do not have a specific date yet (this depends on specific feedback from 
the community), but on the order of a month or two sounds reasonable.  If 
any software, such as INN, ships with the "ftp" protocol baked-in, this 
gives enough time for people to put out new releases and docs that point 
at the change, or at least add the change to their README's, and the like.

If/when this happens I'd likely also make a quick post to a few other 
network operator places, and suggestions as to where to do so are welcome.

If there are objections or considerations, please feel free to reply here 
or contact me directly.

Regards,

-Dan