... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.os.linux.misc

Linux-specific topics not covered by oth

135,536 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 134,842 of 135,536

Carlos E.R. to Richard Kettlewell

=?UTF-8?Q?Re=3A_=E2=80=9C7_deprecated_Li

16 Jan 26 13:48:24

   From: robin_listas@es.invalid   
      
   On 2026-01-16 09:35, Richard Kettlewell wrote:   
   > Nuno Silva  writes:   
   >> On 2026-01-15, Lawrence D’Oliveiro wrote:   
   >>> Eli the Bearded wrote:   
   >>>> On a foundation of sand.   
   >>>   
   >>> I go by the docs. The docs show that scp has been fixed to stop using   
   >>> the old, deprecated protocol (at least by default). There is no   
   >>> mention that the command itself is going to be deprecated any time   
   >>> soon. Therefore, it must be safe to continue using. QED.   
   >>   
   >> No, that is not a logical conclusion.   
   >>   
   >> It does invalidate what the article claims, but you cannot conclude that   
   >> it "must be safe". No offense meant to the programmers involved, I   
   >> merely mean that you cannot prove the absence of vulnerabilities.   
   >   
   > I’m not sure what the argument against scp is here or what the supposed   
   > foundation of sand is.   
      
   The article says it clearly:   
      
   scp -- wrong. rsync, scp and sftp are all different ways of   
   transferring files securely over SSH. scp did use to use its own   
   protocol at one point, but it has been upgraded to use the same   
   underlying protocol as sftp, so it’s perfectly fine to continue using   
   the same command, if that’s what you’re used to. There is no sign that   
   the scp command itself is going to be deprecated at any point, though   
   no doubt the option to fall back to the old protocol for   
   compatibility’s sake is likely to be removed eventually.   
      
   >   
   > * scp is better suited to scripting and ad-hoc single-file transfers   
   >    than the interactive sftp command is; the two commands are optimized   
   >    for slightly different sets of use cases.   
   >   
   > * Historically scp’s bizarre transfer protocol meant it had trouble with   
   >    spaces in filenames. Today its use of the SFTP protocol resolves that,   
   >    so there is no relevant difference from the sftp command there.  (You   
   >    can tell it to revert to the old way if you want to see the   
   >    difference.)   
   >   
   > * You can’t prove the sftp command, sftp server or rsync free of   
   >    vulnerabilities either, so there is no relevant difference there   
   >    either.   
   >   
   > So what is the argument against scp? Or is this all just a bit of   
   > pointless nit-picking?   
   >   
      
      
   --   
   Cheers, Carlos.   
   ES🇪🇸, EU🇪🇺;   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]