[development] What to do with Drupal FTP?

Aaron Winborn winborn at advomatic.com
Wed Jun 11 15:07:10 UTC 2008

Regarding Drupal FTP at http://drupal.org/project/drupal_ftp

I just had a conversation with chx in irc about the status of Drupal 
FTP, and its possible uses (if completed) for malware, and possible 
security holes. Particularly in light of the SoC project Plugin Manager, 
and that I stopped work on the project a year ago, I'm happy to drop the 

However, the concept itself does have some merit, and there are many 
other uses I can think of other than what's planned for the Plugin 
Manager. Additionally, I've had a few queries over the months that 
indicate some developers are actually using the module, although I 
imagine they're in the minority. The project itself came partly out of 
the poor file handling that Drupal has had in the past (but will 
hopefully be fixed with http://drupal.org/node/142995 hint hint...)

So my question is what is the best course of action at this point? 
Currently, the module works, although is incomplete from its original 
goals. It does currently store the u/p of its designated FTP server, 
which is a weakness, although it would have to be developed beyond how 
it is to exploit that weakness.

I have no intention in the near term of continuing development of the 
project, don't plan to upgrade it to Drupal 6, and believe a better 
approach for remote file handling will emerge for Drupal 7.

Should I entirely remove the project? Officially abandon it? Amend or 
replace the project page with a warning, in case people are actually 
using it? Ask for a security team audit if we decide to keep it?

Aaron Winborn

More information about the development mailing list