On Thu, 10 Mar 2022 11:41:15 +0000 Paul Howarth <paul@xxxxxxxxxxxx> wrote: > On Thu, 10 Mar 2022 12:26:54 +0100 > Vitaly Zaitsev via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > On 10/03/2022 11:55, Alex wrote: > > > May I suggest to leave at least the telnet protocol in curl-minimal > > > for debugging purposes. > > > > Telnet is an extremely vulnerable protocol. It must be disable. > > > > If you need it, you can always install libcurl-full. > > I wonder, do you have the "telnet" program installed on your machine(s)? > > I'd be surprised if anyone using curl's telnet *client* support wasn't > aware that it was sending plain text over the network, possibly > including any credentials that were being used. A telnet client is, > however, a very useful debugging tool for various other network > protocols, not just the telnet protocol itself. That is, I believe, > what Alex was advocating for, since the curl tool's presence is > well-nigh universal and hence always available for debugging some > network issues. Thanks Paul, that's exactly my point. I agree that Telnet should not be offered as a service to the outside world, but for debugging is it very helpfully. Let me try to explain what the "telnet://" means for me. ``` With the telnet protocol in curl is a TCP Socket connection created and therefore can be tested if a TCP connection to a remote destination can be successful created. ``` Here a example test. I know that this could be also done with https but it's a understandable example, IMHO. ``` echo -e 'GET / HTTP/1.1\r\nHost: www.google.com\r\n\r\n'|curl --ipv4 \ -vso /dev/null --ssl --tlsv1.3 telnet://www.google.com:443 * Trying 172.217.19.132:443... * TCP_NODELAY set * Connected to www.google.com (172.217.19.132) port 443 (#0) * Closing connection 0 ``` > Paul. > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List > Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
