1. Forum
  2. Usenet
  3. NEWS.ADMIN.HIERARCHIES

  • ISC will likely be shutting down FTP access to ftp.isc.org soon (https

    From Dan Mahoney@21:1/5 to All on Thu Sep 26 22:17:36 2024
    XPost: news.software.nntp

    All,

    ISC is the operator of the F-root DNS server as well as the makers of
    BIND, ISC DHCP, Kea, as well as historic other pieces of software. We
    also have had a long relationship with the team that makes INN. For
    largely historical reasons, ISC also works with those same authors to
    publish a canonical list of newsgroups over at ftp.isc.org.

    However, as ISC also offers support contracts for BIND and Kea, and those customers have their own due diligence policies, we are often subject to scrutiny and audits about how our network runs, and even for a venerable
    URL like ftp.isc.org, we get questions from auditors like "did you know
    you have a public FTP server on your network! Why!?"

    FTP is also unencrypted, (ftps really never gained any traction as a url scheme), and in the modern internet, a push for SSL everywhere feels
    reasonable as well. The days of hosting mirrors of other FTP sites seem
    to belong to a bygone era, and I've disabled the generation of old-school
    files like MIRRORED.BY and ls-lr.gz.

    We also no longer live in the world where a copy of curl/wget that
    supports modern ciphers is not available everywhere.

    ===

    Ergo, it seems to be a simple enough matter to tell people who fetch
    those usenet control files via anonymous FTP to simply switch to HTTPS.
    As a benefit, this also allows us to use the CDN provider we already use
    for downloads.isc.org. The url would remain ftp.isc.org, and the pathing
    would remain the same. We'd still sync the data from Russ as we already
    do).

    We do not have a specific date yet (this depends on specific feedback from
    the community), but on the order of a month or two sounds reasonable. If
    any software, such as INN, ships with the "ftp" protocol baked-in, this
    gives enough time for people to put out new releases and docs that point
    at the change, or at least add the change to their README's, and the like.

    If/when this happens I'd likely also make a quick post to a few other
    network operator places, and suggestions as to where to do so are welcome.

    If there are objections or considerations, please feel free to reply here
    or contact me directly.

    Regards,

    -Dan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)