Eric Sandeen wrote:
> Sure, removing firewalls & selinux would be a serious enhancement
> of functionality.
>
> For malware botnets & spam hosts, especially...
That would mean that all the distributions that do not enable SELinux (nor
AppArmor) by default are all owned by botnets, not to mention the many
people who disable those "features". Yet, the only machines that get hit are
those that have not been updated for months if not years (often running
ancient EOL distributions, but not even having the last updates provided for
those). SELinux is by no means necessary to protect your machine (especially
a firewalled non-server machine). The firewall can be of some use (and I'm
not advocating dropping that by default), though ideally we shouldn't have
servers trying to listen to non-local connections by default in the first
place!
Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
