On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > * there are network services enabled by default Again that's a bug and a viloation of the guidelines. Which services are you talking about? Please file bugs. > * avahi is one of them You keep listing this as an example but avahi is not only installed and enabled by default but also allowed configured to work in the default firewall setup since F18 [1] ... So the current default firewall won't protect you against avahi flaws. > * you nor i can say for sure avahi never ever get a critical security update See above. > * you nor i can be sure that there is not another network-service is running > * even if it is not running by intention it may be running by mistake as default > * so after you installed a new system avahi is running and the firewall down See above. > * how do you genius install the updates without a network > and to *not* have to consider what is safe and what you have to stop after > a fresh install before you can plug your machine to the network for install > security relevant updates a firewall has to be enabled by default Again you 1) assume that we enable random services by default and the firewall is the only thing that protects freshly installed systems 2) that given the user options that do not work and force him to learn about computer networks to do basic tasks is how things should work both are false. Sure disabling the firewall is not the only way to solve 2) but the "silently make things not work" i.e the status quo or "ask a user questions that he does not understand" are no solutions. There have been other suggestions in this thread that are helpful like the network zones thing (but we still have too many zones) or enabling services should make them work i.e just enable the firewall rules. > honestly it's good that you are out of this discussion because you seem > to not have you clue about security nor understand the implications of > "who knows hat he is doing and why the one who don't need sane defaults" No the reason is simply that talking to you is very annoying .. you resort to baseless attacks (like the this one) and strawmans. 1: http://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
