[development] What to do with Drupal FTP?

Aaron Winborn winborn at advomatic.com
Wed Jun 11 16:12:53 UTC 2008

Had a discussion with Thomas_Zahreddi1 in irc, and I suspect there may 
be more demand for the functionality than I'd suspected. But also got to 
thinking that Media Mover might be a better solution as well, in 
general, for most of what might be achieved with Drupal FTP. (I'd have 
to look at that module again; not sure how well it handles FTP already, 
assuming it does.)

Aaron Winborn wrote:
> Regarding Drupal FTP at http://drupal.org/project/drupal_ftp
> I just had a conversation with chx in irc about the status of Drupal 
> FTP, and its possible uses (if completed) for malware, and possible 
> security holes. Particularly in light of the SoC project Plugin 
> Manager, and that I stopped work on the project a year ago, I'm happy 
> to drop the module.
> However, the concept itself does have some merit, and there are many 
> other uses I can think of other than what's planned for the Plugin 
> Manager. Additionally, I've had a few queries over the months that 
> indicate some developers are actually using the module, although I 
> imagine they're in the minority. The project itself came partly out of 
> the poor file handling that Drupal has had in the past (but will 
> hopefully be fixed with http://drupal.org/node/142995 hint hint...)
> So my question is what is the best course of action at this point? 
> Currently, the module works, although is incomplete from its original 
> goals. It does currently store the u/p of its designated FTP server, 
> which is a weakness, although it would have to be developed beyond how 
> it is to exploit that weakness.
> I have no intention in the near term of continuing development of the 
> project, don't plan to upgrade it to Drupal 6, and believe a better 
> approach for remote file handling will emerge for Drupal 7.
> Should I entirely remove the project? Officially abandon it? Amend or 
> replace the project page with a warning, in case people are actually 
> using it? Ask for a security team audit if we decide to keep it?
> Thanks,
> Aaron Winborn

More information about the development mailing list