On Sun, Apr 20, 2014 at 10:15 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > > Am 20.04.2014 20:19, schrieb drago01: >> On Sun, Apr 20, 2014 at 6:53 PM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: >>> Christian Schaller wrote: >>>> where we at the same time need to allow each user to have any port they >>>> desire opened for traffic to make sure things like DLNA or Chromecast >>>> works. >>> >>> Such things MUST NOT be enabled by default. >> >> No one suggested that. Currently the user enables them and they do not >> work until after he/she disables the firewall > > wrong - until he *configures* the firewall If that knowledge is present sure. If it isn't then either "this shit does not work" or the user will somehow find out that it is caused by the firewall and try to disable it. > to open the needed ports > if that can't be half-automated with confirmation in any case > > even open the ports full automated should be strongly prohibited The user did chose to share data ... configure the firewall to allow it automatically should not be "strongly prohibited" because the user have chosen to share the data. Showing him information that the data would be shared to everyone on this network is fine but as soon as you go into implementation details and talk about ports you lost the user and he/she will just click "yes/ok/continue" ... > because taking away the users control is *not* why Linux as > project was staretd Again strawman .. its not about taking control from the user (you still can control the firewall settings), but let the computer do work in an automated way for the user i.e "why computers have been created". > i doubt that *any* software on this planet needs the firewall to be > completly disbaled and if such crap was written because using random > ports for no good reason it has no existence authority No it does indeed not *need* to be completely disabled but apps should not open random ports without any reason to begin with (we should not ship those and we have a rule to not enable network facing services by default despite of the firewall). -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
