Re: What I HATE about F11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 14, 2009 at 10:52:49AM -0700, Arjan van de Ven wrote:
> On Sun, 14 Jun 2009 18:34:52 +0100
> > 
> > I think this is actually a problem that needs solving. We have
> > several network services that are either installed by default or
> > might be expected to be part of a standard setup, but which don't
> > work because of the default firewall rules. The Anaconda people have
> > (sensibly, IMHO) refused to simply add further exceptions to the
> > firewall policy.
> 
> there is an interesting issue;
> if you poke a hole in your firewall for all the ports that are listening
> automatically..... you might as well not have a firewall in the first
> place...

Well, not exactly. For instance, making it part of package management 
policy means that runtime user-level compromises can't poke holes. It 
could be tied to packages with recognised signatures. There's various 
ways that it could be tied down in such a way that the firewall still 
provides a benefit without leaving users in the current situation of "I 
installed nss-mdns and I still can't look up my media server".

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux