From: invalid@invalid.invalid   
      
   Nuno Silva  writes:   
   > On 2026-01-15, Lawrence D’Oliveiro wrote:   
   >> Eli the Bearded wrote:   
   >>> On a foundation of sand.   
   >>   
   >> I go by the docs. The docs show that scp has been fixed to stop using   
   >> the old, deprecated protocol (at least by default). There is no   
   >> mention that the command itself is going to be deprecated any time   
   >> soon. Therefore, it must be safe to continue using. QED.   
   >   
   > No, that is not a logical conclusion.   
   >   
   > It does invalidate what the article claims, but you cannot conclude that   
   > it "must be safe". No offense meant to the programmers involved, I   
   > merely mean that you cannot prove the absence of vulnerabilities.   
      
   I’m not sure what the argument against scp is here or what the supposed   
   foundation of sand is.   
      
   * scp is better suited to scripting and ad-hoc single-file transfers   
     than the interactive sftp command is; the two commands are optimized   
     for slightly different sets of use cases.   
      
   * Historically scp’s bizarre transfer protocol meant it had trouble with   
     spaces in filenames. Today its use of the SFTP protocol resolves that,   
     so there is no relevant difference from the sftp command there.  (You   
     can tell it to revert to the old way if you want to see the   
     difference.)   
      
   * You can’t prove the sftp command, sftp server or rsync free of   
     vulnerabilities either, so there is no relevant difference there   
     either.   
      
   So what is the argument against scp? Or is this all just a bit of   
   pointless nit-picking?   
      
   --   
   https://www.greenend.org.uk/rjk/   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)