Am 21.04.2014 00:59, schrieb drago01: > On Mon, Apr 21, 2014 at 12:39 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > >>> There have been other suggestions in this thread that are helpful like >>> the network zones thing (but we still have too many zones) or enabling >>> services should make them work i.e >>> just enable the firewall rules. >> >> which make sense > > Oh finally you seem to understand what this is all about (a few mails > ago this was supposed to be "strongly prohibited" ...) if we talk about security business it is still wrong but somehow acceptable - the problem you refuse to understand is that install and start a service does not mean it should be reachable from the network without confirmation if somebody installs httpd on his developer workstation it does not mean he wants to open the service for any machine but localhost as example - the opposite is true because due development it's most likely unsecure whatever runs there > Now please goolge for "Psychological Acceptability and Security" you > will find tons of scientific papers (read them) explaining about why > it is wrong to silently break stuff or ask "yes / no" question or > arguing with "this is not a blackbox the user should learn" nonsense. that's not nonsense - that's the truth you can accept that or put your head in the sand at the end of the day any user pulling a network cable into his machine or connect to a open WLAN will sooner or later get troubles - the question is not if, the only question is how much time it takes > There is difference between a software developer, a sysadmin and a > user that simply wants to share his music with his family and since you don't know who is on front of a new installed machine the defaults needs to be secure > The latter should not have to learn about computer security to do it i doubt he will be thankful for sharing his music to the whole internet by default after he get jailed > while for the former it does not matter that much as you said because > they ought to know what to do or where to get that information from. but they may make decisions based on "this distribution has insane and insecure defaults, better take a different one" > As for filling bugs because its broken even if it is not (obviously) > exploitable because security mechanisms (firewall, selinux, nx, ...) > are in place does not mean that we should not fix them surely we should fix them but your "because security mechanisms (firewall)" is pervert in a thread with the subject "disable firewall" for me personally that all as most of other Fedora decisions don't matter because i get paied for secure networks and invent network wide defaults with no care what the distributions ones are - but that's not the typical users and that is why i refuse to understand such insane proposals like "we don't know how to handle usability and firewall and so we disable the firewall"
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
