|
Attention Debian Developers: I was recently thinking that there may be a possibility to migrate to Gopher all of the package archives hosted by Debian which currently use FTP. The Internet Gopher protocol was created in March 1993 by Bob Alberti, Farhad Anklesaria, Mark McCahill, Paul Lindner, David Johnson, and Daniel Torrey. Its goal was to provide a consistent organization of Internet resources by way of a file-and-folder metaphor. Though the Gopher protocol was almost outlasted by HTTP, some Gopher sites still exist today. However, the File Transfer Protocol, or FTP, was created in 1971 (no author information is available from RFC 114), almost specifically for the computers of then, which simply behaved as peers. FTP account passwords are sent in plain text, which can make them vulnerable from packet sniffing - which is a concern especially in this era after the revelations made by Edward Snowden. Also, plain-text files that contain critical, sensitive information, such as credit card numbers or bank securities - and are not encrypted with a strong-enough password or key - are also vulnerable from packet sniffing. But the security issues I know of in Gopher are only specific ones that exist in particular Gopher server implementations, not in the protocol itself. This should be implemented through the following procedure, if possible:
This should not directly affect mirrors or master archives of any operating system derived from Debian (including Ubuntu) or of any operating system from which Debian is itself derived. I would much appreciate your cooperation. Sincerely, Ryan Cunningham |