Re: tls-ftp and GConf

From: Andy Hanton <andyhanton comcast net>
To: Alexander Larsson <alexl redhat com>
Cc: "gnome-vfs-list gnome org" <gnome-vfs-list gnome org>
Subject: Re: tls-ftp and GConf
Date: Mon, 08 Sep 2003 19:23:36 -0400

On Mon, 2003-09-08 at 07:15, Alexander Larsson wrote:
> I do have to point out that i'm not all that keen on the idea of gconf
> keys for vfs modules in general. These are either hidden settings that
> nobody will ever touch, or turns into really complicated UI in some
> control-center dialog.
> 
> Take the proposed key for instance (as given in this proposal). It
> clearly can't be on by default, since that means for many users the
> file-manager can just hang. However, if we disable it by default almost
> all users will continue to use the insecure code, which is not good.
> Furthermore, its often not really possible to set the preference to a
> value that works even for just your machine. Take a laptop for instace,
> which travels between different networks. Even if you're aware of this
> key and want to use secure logins you either have to keep switching it
> on/off depending on your location (or switch it off when things hang),
> or just keep it always off.
> 
> Since vfs modules are very hidden, very "automatic" pieces of code, with
> no user interface or visible user-model these kinds of settings just
> don't work that well. Unless they are really honest-to-god preferences,
> ie. do you prefer it this way or that way, everything still works
> whatever you decide.
> 
> A better way of handling this problem could be trying to detect when the
> firewall problem will happen, and reauth not using tls. I don't know how
> feasible this is, but we should at least look into it. At the very least
> if we chose to go with the gconf key route we need to handle timeouts in
> the ftp method so that we don't hang forever. (This is also needed in
> the http method btw. I looked at it once, and it didn't look that hard
> to add. Wasn't in time for 2.4 though.)

I think that retrying without TLS if opening the data connection times
out sounds good.  I really don't want the gconf key, but I couldn't
think of any other solution; obviously there is no way to tell in
advance that the firewall is going to drop the packet.  Thanks for the
suggestion.  

> Btw, Andy, you seem like an ftp-savvy guy. Any chance you could spend
> some more time working with the ftp vfs backend? What gnome-vfs could
> really need at the moment is people working on the various backends we
> have. None of them are really that solid unfortunately, but people seem
> much more interested in doing bizzare new vfs modules than making the
> current ones usable.

At the moment I am just trying to get the stuff I worked on over the
summer finished and committed.  I am not sure how much time I will have
to work on the ftp module during this semester.  I have already started
working on fixing the tar module.  I am going to submit a patch in a few
days for the inability to list files in the top level of a tar file.  

-- 
Andy Hanton <andyhanton comcast net>

References:
- tls-ftp and GConf
  - From: Andy Hanton
- Re: tls-ftp and GConf
  - From: Alexander Larsson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]