Am 15.04.2014 11:01, schrieb Jaroslav Reznik: > = Proposed System Wide Change: Workstation: Disable firewall = > https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall > > Change owner(s): Matthias Clasen <mclasen@xxxxxxxxxx> > > The firewalld service will not be enabled by default in the workstation > product. > > == Detailed Description == > The current level of integration into the desktop and applications does not > justify enabling the firewalld service by default. Additionally, the set of > zones that we currently expose is excessive and not user-friendly. Therefore, > we will disable the firewall service while we are working on a more user- > friendly way to deal with network-related privacy issues. > > It will of course still be possible to enable the firewall manually. > > == Scope == > * Proposal owners/Other developers: Add a Workstation-specific service > configuration (preset ?) to the firewalld package that disables firewalld for > the Workstation product > * Release engineering: No action required > * Policies and guidelines: No action required >> User Experience >> Applications that are using sharing protocols such as DAAP or >> UPnP will work out of the box, without the need to tweak or >> disable the firewall service seriously going the Apple way and back to where WiNXP before SP3 was? users running applications which opening a high port in the background like license checks and so on (as example ZendStudio) will be really thankful that as default these ports are open on the WAN honestly whoever proposes such a change has to understand that these days it is not uncommon to have diretly to the WAN exposed machines with no safety NAT/router between (UMTS/3G sticks, untrusted WLAN) independent of whatever product a new installed system has not to open any port by default - anybody proposing the opposite is careless and ignorant if it comes to security do "we" really want to go the way of dangerous defaults without at least two buttons "secure defaults" and "i don't care" due the installation?
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
