Issue 497420: ftplib: ftp anonymous password (original) (raw)

I've seen that ftplib sends the user name when doing ANONYMOUS ftp gets. I see a lot of problems:

• Sending the user name if the user doesn't know that it's sent doesn't protect the user state of ANONYMOUS
• Spyware is not a good idea, most users don't like it.
• Sending the user name helps SPAM instead of stopping it. Many ftp sites use this information to send you unsolicited email.
• Sending the user name doesn't help ftp sites to know who the cracker is, crackers are not stupid to send their email address.
• Sending the user name can be used to discriminate the user.

By all of these reasons I argue that ftplib to don't send the user email by default.

Some time ago two very important ftp clients wget and lftp stopped sending the user name as password based on my input.

As more and more ftp clients are moving to this anonymous@ password (for example the kde kio ftp, qt3, gnome-xml, Net::FTP) I recommend you to apply the patch.

I send you the bugfix.