On Thu, 2014-08-21 at 15:11 -0400, Josh Boyer wrote: > On Thu, Aug 21, 2014 at 3:03 PM, Elad Alfassa <elad@xxxxxxxxxxxxxxxxx> wrote: > > Hello. > > > > I propose we remove firewall-config (the graphical firewall configuration > > utility) from the default install of Fedora Workstation. > > Rationale: > > > > * The default Workstation zone file allows incoming connection to non-root > > ports. This means most of the common usecases will "just work" out of the > > box. Thus, most users will not need to touch their Firewall settings. > > > > * People who do need it will be able to install it from GNOME Software quite > > easily. Just search for "Firewall". There will be no confusion as this is > > the only firewall configuration tool shown in GNOME Software. > > > > * In general, we should avoid having app launchers for things that are > > configuration utilities in the default install. > > > > Unless there's major objection to this change in the following few days, > > I'll remove it from the gnome-desktop group in comps. > > I object for now. I'd like to hear more from Matthias, Christian, and > the firewalld contributors first. We already discussed this a while > ago and there has been work to make it more Workstation appropriate. > I don't think we should remove it without consensus from everyone that > has already been discussing this. That's why the list was mailed ... to get some discussion and build consensus :-) One main idea of putting a lot of work into GNOME Software is to reduce the difference between "installed by default" and "not installed by default" - there are a ton of things that we want to allow a user to do easily with Fedora that we can't have in the default install. Having something in the default install to me means two things: first, we think that the activity it enables is something that a large percentage of users will want to do. Second we want to actively encourage the user to stumble on the application, start it up, find what it does. If you start firewall-config I don't think it meets the second objective - you get prompted for authentication before it even loads, and you are immediately confronted with a pretty complex UI that depends on understanding concepts (zones, runtime vs. static config, trusted vs. untrusted services, etc.) that most technical users probably won't understand without some study. But if we need firewall-config for the first objective - if a large fraction of users will need to use it, then the right response to the complexity is to try and make it friendly for non-firewall-experts, rather than removing it from the default install. The *idea* here is that that's not the case as of Fedora Workstation 21 - the average developer won't need to configure their firewall - e.g., when developing a web app, a developer will almost always be running on a high port. Not-in-the-default install is not a penalty box - it's rather a consideration of how we want users to find and interact with some piece of software. - Owen -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
