On Mon, Dec 6, 2010 at 16:25, Jesse Keating <jkeating@xxxxxxxxxx> wrote: > On 12/06/2010 12:18 PM, Tom Lane wrote: >> Jesse Keating <jkeating@xxxxxxxxxx> writes: >>> The argument of default firewall or not would probably quiet down quite >>> a bit if we had any sort of decent UI to help users get the firewall out >>> of their way when they're really trying to do something. >> >> +1. In today's environment, not having a firewall by default is an >> incredibly stupid idea. What we need to do is fix the UI problems, >> not bypass them by dramatically reducing security. >> >> regards, tom lane > > I keep seeing claims of "incredibly stupid", and at the same time saying > we need to make it easier to open up ports when they need them. What is > the default firewall protecting me from, if I'm allowed and hand held > through opening up ports on demand? > Ports that you don't know are open to the network but are somehow available. Let us put this conversation slightly different... how many of us remember password-less package install? It all sounded like a good idea with people who are going to be on the system already being able to do what they want so why ask for a password. However how did it get seen in the end? Fedora comes RootKit enabled and other fluff. I am trying to think how this one will play out: "Ten years ago, Linux distros were cutting edge by coming with a firewall enabled. Now Fedora is going to cut the edge in a new way... no firewall wanted." Yes there are a lot of good ideas and reasons.. I think that first though a tool to deal with firewalls and THEN we can talk about what firewalls need to be removed. [And no I am not trying for 2 weeks of LWN quotes as tempting it will be. (alright alright I am .. it is just so addicting)] -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
