Am 15.04.2014 18:38, schrieb Mateusz Marzantowicz: > On 15.04.2014 11:40, Reindl Harald wrote: >> >> it is not a point of *what i can do and do* >> it is a point what the ordinary 08/15 user does which assumes >> to have a by default secure system after install > > Fedora is not for ordinary users. Fedora is for geeks and > developers that like to experiment with a new software ok, now i need hardly to censor myself may i ask you to be quiet until you read and understand the proposal linked in the start-message of that thread as well as the target audience for "Fedora Workstation"? the whole point of that thread and the Workstation prodcut is to satisfy the ordinary user and let nor firewall stand in his way if it would be only for geeks or developers they would simply open the needed ports and knwoing what they are doing - they don't need firewalld > Ordinary users use Windows and iOS (sometimes RHEL) which is better for them if we start to ship Fedora with > Averedge Fedora user should be able to enable/disable firewall *then this thread would not exist and it would still be enabled* > and justify if he needs such thing. So this decision about disabling > fw be default is complitelly not important from security point of > view. You can alway drop some iptables rules to your rc.local script STOP THAT: if you setup a fresh install and your machine is in a untrustable network or directly connected to the WAN you have no chance to enable the firewall from the moment on one of the by default started services like Avahi has a critical bug nobody oculd have imagined before and you are fucked due the first boot as it happened to WinXP in the past do we really want to enter that road to hell?
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
