----- Original Message ----- > From: "Stephen Gallagher" <sgallagh@xxxxxxxxxx> > To: devel@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Tuesday, April 22, 2014 1:40:05 PM > Subject: Re: F21 System Wide Change: Workstation: Disable firewall > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/22/2014 05:43 AM, Christian Schaller wrote: > > > > > > > > > > ----- Original Message ----- > >> From: "Thomas Woerner" <twoerner@xxxxxxxxxx> To: > >> devel@xxxxxxxxxxxxxxxxxxxxxxx Sent: Tuesday, April 22, 2014 > >> 11:23:46 AM Subject: Re: F21 System Wide Change: Workstation: > >> Disable firewall > >> > >> On 04/21/2014 12:22 AM, drago01 wrote: > >>> On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald > >>> <h.reindl@xxxxxxxxxxxxx> wrote: > >>> > >>>> * there are network services enabled by default > >>> > >>> Again that's a bug and a viloation of the guidelines. Which > >>> services are you talking about? Please file bugs. > >>> > >>>> * avahi is one of them > >>> > >>> You keep listing this as an example but avahi is not only > >>> installed and enabled by default but also allowed configured to > >>> work in the default firewall setup since F18 [1] ... > >>> > >>> So the current default firewall won't protect you against avahi > >>> flaws. > >>> > >> This has been added only because of a FESCo decision: > >> > >> https://fedoraproject.org/wiki/Features/AvahiDefaultOnDesktop > >> > > > > Thank you for digging that ticket up Thomas. I think that ticket > > mentions something maybe a bit overlooked in this thread so far, > > "Real world security". I recommend everyone following this thread > > to watch this video of a talk by Russ Doty from Red Hat at this > > years DevConf in Brno. His talk is about real world security, > > especially in the context of enterprise computing, but the issues > > he articulate forms the underlaying challenges of this thread too. > > > > I think if everyone here see this talk we could hopefully move this > > thread into a more constructive format. > > > Since you missed the link: https://www.youtube.com/watch?v=jYGgVUYjXQ8 oops, thanks for that, I had the link ready to be pasted, but forgot to actually paste it :) Christian -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
