From: noel <deletethis@invalid.lan>
Subject: Re: ISC will likely be shutting down FTP access to ftp.isc.org soon (https will remain)
Newsgroups: news.admin.hierarchies,news.software.nntp
References: <1f19a554-8a81-ce8c-8ac6-7ab1e053a632@isc.org>
X-No-Archive: Yes
User-Agent: Pan/0.141 (Tarzan's Death; 168b179 git.gnome.org/pan2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
NNTP-Posting-Host: news.ausics.net
Message-ID: <66f787ad$1@news.ausics.net>
Date: 28 Sep 2024 14:35:57 +1000
Organization: Ausics - https://newsgroups.ausics.net
Lines: 61
X-Complaints: abuse@ausics.net
Path: ...!news-out.netnews.com!s1-2.netnews.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!news.ausics.net!not-for-mail
Bytes: 3664

On Thu, 26 Sep 2024 22:17:36 +0000, Dan Mahoney wrote:

> All,
> 
> ISC is the operator of the F-root DNS server as well as the makers of
> BIND, ISC DHCP, Kea, as well as historic other pieces of software.  We
> also have had a long relationship with the team that makes INN.  For
> largely historical reasons, ISC also works with those same authors to
> publish a canonical list of newsgroups over at ftp.isc.org.
> 
> However, as ISC also offers support contracts for BIND and Kea, and
> those customers have their own due diligence policies, we are often
> subject to scrutiny and audits about how our network runs, and even for
> a venerable URL like ftp.isc.org, we get questions from auditors like
> "did you know you have a public FTP server on your network!  Why!?"
> 
> FTP is also unencrypted, (ftps really never gained any traction as a url
> scheme), and in the modern internet, a push for SSL everywhere feels
> reasonable as well.  The days of hosting mirrors of other FTP sites seem
> to belong to a bygone era, and I've disabled the generation of
> old-school files like MIRRORED.BY and ls-lr.gz.
> 
> We also no longer live in the world where a copy of curl/wget that
> supports modern ciphers is not available everywhere.
> 
> ===
> 
> Ergo, it seems to be a simple enough matter to tell people who fetch
> those usenet control files via anonymous FTP to simply switch to HTTPS.
> As a benefit, this also allows us to use the CDN provider we already use
> for downloads.isc.org.  The url would remain ftp.isc.org, and the
> pathing would remain the same.  We'd still sync the data from Russ as we
> already do).
> 
> We do not have a specific date yet (this depends on specific feedback
> from the community), but on the order of a month or two sounds
> reasonable.  If any software, such as INN, ships with the "ftp" protocol
> baked-in, this gives enough time for people to put out new releases and
> docs that point at the change, or at least add the change to their
> README's, and the like.
> 
> If/when this happens I'd likely also make a quick post to a few other
> network operator places, and suggestions as to where to do so are
> welcome.
> 
> If there are objections or considerations, please feel free to reply
> here or contact me directly.
> 
> Regards,
> 
> -Dan

Lot of hogwash, so ISC don't have a spine... I wont go into how comical 
the excuses are, others have more than adequately stated how silly they 
are.

But we known ISC wont change their mind and you are just going through 
the "appearances" process, thanks for pre warning us the mirrors will 
soon fail and start sending us errors notices, I have directed my mirrors 
maintainer to kill off ISC's mirror as of October 31.