>>>>> "JvM" == Jeroen van Meeuwen <kanarip@xxxxxxxxxxx> writes: JvM> Is any outbound NEW connection supposed to be used from JvM> fedorapeople.org accept maybe for a few named sockets on trusted JvM> remote hosts? Well, some might think it reasonable to pull content to fedorapeople (wget, scp run on fedorapeople pulling from remote sites) instead of forcing content to be pushed. Which would argue for outbound http and ssh ports, I guess. Should be easy to just say no to that kind of thing, though, if the intent is to lock it down. I also wonder if mounting user-writable filesystems as noexec would be reasonable. - J< _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
