Am Donnerstag, den 21.08.2014, 15:56 -0400 schrieb Owen Taylor: > > Having something in the default install to me means two things: first, > we think that the activity it enables is something that a large > percentage of users will want to do. Are you sure about that? We include a settings panel to change the language, even though hardly anybody will do it. Most people will just set the language during install and stick to if for the rest of the time. > Second we want to actively > encourage the user to stumble on the application, start it up, find what > it does. I think this is true for firewall-config. firewalld and it's tools are pretty new and Fedora is probably the only installation to ship it, or at least to have it in it's default install. If something is unique to Fedora and was engineered by Fedora people, we certainly want users to stumble upon it. > If you start firewall-config I don't think it meets the second objective > - you get prompted for authentication before it even loads, and you are > immediately confronted with a pretty complex UI that depends on > understanding concepts (zones, runtime vs. static config, trusted vs. > untrusted services, etc.) that most technical users probably won't > understand without some study. I guess I'm too technical then. ;) > But if we need firewall-config for the first objective - if a large > fraction of users will need to use it, then the right response to the > complexity is to try and make it friendly for non-firewall-experts, > rather than removing it from the default install. I partly agree. While I agree it's better to improve than to remove something, I believe that some things cannot and should be simplified. Security is a complex issue and if we just simplify it, people will stop thinking about it and be I recently had a very similar discussion on a cryptoparty. A teacher argued that people will never use encryption because GPG is too complex. The guy from our LUG responded that the t > The *idea* here is > that that's not the case as of Fedora Workstation 21 - the average > developer won't need to configure their firewall - e.g., when developing > a web app, a developer will almost always be running on a high port. I am working on various web apps and use KVM all the time. Setting up port redirects to well-known ports is a standard use case. With firewall-config it's dead-simple, but with firewall-cmd it requires some reading. > Not-in-the-default install is not a penalty box - it's rather a > consideration of how we want users to find and interact with some piece > of software. I can subscripe to that. But for me, the piece of software is iptables and firewalld, so the question becomes: Do we want workstation users to interact with it through firewall-cmd or firewall-config. I think we want the latter, that's why I object the removal of firewall-config. Best regards, Christoph -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
