On Tue, Apr 15, 2014 at 11:18 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > > Am 15.04.2014 11:01, schrieb Jaroslav Reznik: >> = Proposed System Wide Change: Workstation: Disable firewall = >> https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall >> >> Change owner(s): Matthias Clasen <mclasen@xxxxxxxxxx> >> >> The firewalld service will not be enabled by default in the workstation >> product. >> >> == Detailed Description == >> The current level of integration into the desktop and applications does not >> justify enabling the firewalld service by default. Additionally, the set of >> zones that we currently expose is excessive and not user-friendly. Therefore, >> we will disable the firewall service while we are working on a more user- >> friendly way to deal with network-related privacy issues. >> >> It will of course still be possible to enable the firewall manually. >> >> == Scope == >> * Proposal owners/Other developers: Add a Workstation-specific service >> configuration (preset ?) to the firewalld package that disables firewalld for >> the Workstation product >> * Release engineering: No action required >> * Policies and guidelines: No action required > >>> User Experience >>> Applications that are using sharing protocols such as DAAP or >>> UPnP will work out of the box, without the need to tweak or >>> disable the firewall service > > seriously going the Apple way and back to where WiNXP before SP3 was? strawman. > users running applications which opening a high port in the background > like license checks and so on (as example ZendStudio) will be really > thankful that as default these ports are open on the WAN Why does it listen on a port for license checks? It should just contact the server and not the other way. Besides no one is stopping you from enabling the firewall. > honestly whoever proposes such a change has to understand that these > days it is not uncommon to have diretly to the WAN exposed machines > with no safety NAT/router between (UMTS/3G sticks, untrusted WLAN) > independent of whatever product a new installed system has not > to open any port by default I agree to that but the point is "open by default". But if the user chooses to open it it share a file or whatever it should "just work". >- anybody proposing the opposite > is careless and ignorant if it comes to security > do "we" really want to go the way of dangerous defaults without ... "dangerous" ? So install the workstation package set. Boot it up. Disable the firewall. Which kind of vulnerabilities are able to find? Which ports are accessible? What can you do with them? > at least two buttons "secure defaults" and "i don't care" due > the installation? No that's dumb. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
