On Thu, Mar 10, 2022 at 6:41 AM Paul Howarth <paul(a)city-fan.org> wrote:
On Thu, 10 Mar 2022 12:26:54 +0100
Vitaly Zaitsev via devel <devel(a)lists.fedoraproject.org> wrote:
> On 10/03/2022 11:55, Alex wrote:
> > May I suggest to leave at least the telnet protocol in curl-minimal
> > for debugging purposes.
> Telnet is an extremely vulnerable protocol. It must be disable.
> If you need it, you can always install libcurl-full.
I wonder, do you have the "telnet" program installed on your machine(s)?
"netcat" or "nc" is a much better, more scriptable tool than telnet.
There is no reason for the telnet binary. And the telnet daemon,
itself, is profoundly deprecated.
I'd be surprised if anyone using curl's telnet *client*
aware that it was sending plain text over the network, possibly
including any credentials that were being used. A telnet client is,
however, a very useful debugging tool for various other network
protocols, not just the telnet protocol itself. That is, I believe,
what Alex was advocating for, since the curl tool's presence is
well-nigh universal and hence always available for debugging some
curl rather than netcat is simply not being aware of a better tool. Enjoy.