Re: philosophy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/23/2016 04:31 PM, George N. White III wrote:
On Wed, Mar 23, 2016 at 7:57 PM, François Patte
<francois.patte@xxxxxxxxxxxxxxxxxxxx
<mailto:francois.patte@xxxxxxxxxxxxxxxxxxxx>> wrote:

    Bonsoir,

    I am wondering what is in mind of packagers.... I have just fought for a
    couple of days to have  the printing service working on a fresh fc23
    install.

    1- cups-browser.service is not enabled by default. cups.service is
    enabled but you cannot add printers. ok! With a little work, you can
    find why you cannot add printer.

    2- Once this service is enabled, you can add your printer: your network
    printer is found without any problem, you can find the right driver in
    the default printer list.... So far so good! Then you test your install
    sending a test page and.... "filter failed"! What does that mean?

    3- googleling gives you tons of results and none of them give a
    solution: filter failed, filter failed.... What is this filter? driver?
    Is my printer too old and none of the new drivers will work? Must I buy
    a new printer?.....

    4- A light comes to you: "and if it was a firewall problem?"    Hurrah!
    You have found the solution....

    Will it be so difficult in the install process to enable the browser
    cups service at the same time the cups service is enabled (and it is
    enabled by default)? Is it so difficult to add an accept rule for port
    631 to iptables if cups service is enabled or, at least, send a warning
    when cups is enabled in order to remember to root to enable port 631 in
    iptables rules?


I had much the same experience this week with SL7 and apcupsd.

Fedora exists because there are many such issues that make the
difference between a robust distribution and a collection of packages.
When (nearly) all issues like this are solved you have RHEL..

The two of us really should file bug reports against cups and apcupsd
packages with the proposed firewall configuration details.  I would have
done this, but the system in question is off net which adds enough
extra hassle that I probably won't get around to filing a bug report.

This is a security issue. Automatically opening your firewall to permit
ipp and such could be inviting attacks from the outside world.
Obviously, if your machine is behind another firewall protecting you
from the big, bad Internet then yeah, there's really no problem with
opening up ipp and such on your _machine's_ firewall.

The gotcha here is that there is no way for dnf or the package
maintainers to know how _your_ network is structured. Consequently,
they should (and do) take the safe approach and don't touch the
firewall, assuming that you (as the sysadmin) will tweak it if you deem
it safe. Perhaps they should make it clearer that they don't touch your
firewall settings, but AFAIK no package tells you that.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-                 Dyslexics of the world: UNTIE!                     -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux