[development] What to do with Drupal FTP?

Victor Kane victorkane at gmail.com
Wed Jun 11 16:18:05 UTC 2008 

Are you taking into account, since this is still open for discussion, the
Joomla "callback" method: sites FTP placed in database, called by central
server...? Of course, that would require push from the Drupal side... or
from somewhere...

Victor Kane
http://awebfactory.com.ar

On Wed, Jun 11, 2008 at 1:12 PM, Aaron Winborn <winborn at advomatic.com>
wrote:

> Had a discussion with Thomas_Zahreddi1 in irc, and I suspect there may be
> more demand for the functionality than I'd suspected. But also got to
> thinking that Media Mover might be a better solution as well, in general,
> for most of what might be achieved with Drupal FTP. (I'd have to look at
> that module again; not sure how well it handles FTP already, assuming it
> does.)
>
>
> Aaron Winborn wrote:
>
>> Regarding Drupal FTP at http://drupal.org/project/drupal_ftp
>>
>> I just had a conversation with chx in irc about the status of Drupal FTP,
>> and its possible uses (if completed) for malware, and possible security
>> holes. Particularly in light of the SoC project Plugin Manager, and that I
>> stopped work on the project a year ago, I'm happy to drop the module.
>>
>> However, the concept itself does have some merit, and there are many other
>> uses I can think of other than what's planned for the Plugin Manager.
>> Additionally, I've had a few queries over the months that indicate some
>> developers are actually using the module, although I imagine they're in the
>> minority. The project itself came partly out of the poor file handling that
>> Drupal has had in the past (but will hopefully be fixed with
>> http://drupal.org/node/142995 hint hint...)
>>
>> So my question is what is the best course of action at this point?
>> Currently, the module works, although is incomplete from its original goals.
>> It does currently store the u/p of its designated FTP server, which is a
>> weakness, although it would have to be developed beyond how it is to exploit
>> that weakness.
>>
>> I have no intention in the near term of continuing development of the
>> project, don't plan to upgrade it to Drupal 6, and believe a better approach
>> for remote file handling will emerge for Drupal 7.
>>
>> Should I entirely remove the project? Officially abandon it? Amend or
>> replace the project page with a warning, in case people are actually using
>> it? Ask for a security team audit if we decide to keep it?
>>
>> Thanks,
>> Aaron Winborn
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20080611/1c14eb09/attachment-0001.htm

More information about the development mailing list