PSA: lpd/lpr will be removed from FreeBSD

[T-Aoki]

It is a standard, POSIX.

So deleting it from base should NOT be an option.

Need fix, or need replacing with secure and BSD-compatibully-licensed implementation.

FYI: Some work seems to be ongoing.

 

[kent_dorfman766]

what a weirdly condescending reply, considering you dont even know how old we are, or the kind of old software we keep running outside of this forum. but ok. sounds like you'd rather complain than contribute, you do you.

perception is usually everything. Given the difference in avatars, I think it's entirely reasonable to assume a generational gap. LOL For instance, when you see a stone head that looks like a grouchy Karl Marx so you think of someone born post-y2k? or do you add 50 years onto that?

 

[atax1a]

perception is usually everything. Given the difference in avatars, I think it's entirely reasonable to assume a generational gap. LOL For instance, when you see a stone head that looks like a grouchy Karl Marx so you think of someone born post-y2k? or do you add 50 years onto that?

unfortunately for those concerned, we don't exactly experience linear causality, and so cannot answer the question as asked.

 

[cracauer@]

If you hang around the open source world, or really computers in general long enough, you'll have favorite pieces of software that get discontinued for one reason or another. If you're lucky, it can be run in an emulator or container, for most of the time that I've been using computers that wasn't a viable option.

Weeell, hold on a second.

Some of us use open source software specifically because this cannot happen against the will of a sufficient fanbase of such software. You can never really take it away.

The issue at hand here is that software with security issues is not "finished" and needs such a sufficient fanbase to code on it. That is an entirely different matter from kicking out software that is finished for some time and does not pose a risk.

 

[hedwards]

Weeell, hold on a second.

Some of us use open source software specifically because this cannot happen against the will of a sufficient fanbase of such software. You can never really take it away.

The issue at hand here is that software with security issues is not "finished" and needs such a sufficient fanbase to code on it. That is an entirely different matter from kicking out software that is finished for some time and does not pose a risk.

Sort of, any software that doesn't have DRM tied into a server can potentially be used forever. The open source stuff offers more options in terms of keeping it going longer, but nothing is permanent. But looking at what's been happening with Linux being increasingly held hostage by key packages that are deliberately not compatible, I wouldn't just assume that open source doesn't mean that there can't be serious issues that result anyways.

I don't think that you can really separate not finished from the security issues that can come later on that so cleanly. Especially in a time when so many software packages use various libraries that have various degrees of security and doneness involved.

That being said, I do think that there should be a considerable amount of caution in terms of removing things if there isn't an obvious security or other issue to trigger it. But, that being said, ensuring that it's at least somewhat secure isn't free. It's just cheap these days.

 

[kpedersen]

was there this much handwringing when they removed telnetd

This one was a little crap in my opinion.

Sure, SSH is kind of the secure alternative but if you have ever tried to log into a truly ancient machine, it simply fails because the different encryption methods no longer align.
A more resilient choice is to keep telnetd, or have a standardized "null encryption" for SSH. Did telnetd need to be maintained? Not really, its a simple daemon it could simply idle there and not be removed.

That said, ldp and telnetd are not part of POSIX / SUS so it isn't *too* terrible. (Though they are part of BSD heritage).