2014-04-28 19:13 GMT+02:00 Reindl Harald <h.reindl@xxxxxxxxxxxxx>:
Am 28.04.2014 19:04, schrieb Miloslav Trmač:
> 2014-04-28 18:59 GMT+02:00 Reindl Harald <h.reindl@xxxxxxxxxxxxx <mailto:h.reindl@xxxxxxxxxxxxx>>:
>do i really need to explain that?
> Am 28.04.2014 18:52, schrieb Miloslav Trmač:
> > No no no no no. If you want a firewall "integrated" /that/ way, you are really
> > better of uninstalling it or opening it up; it serves no purpose.
>
> no, even if that way is completly wrong it's better than no firewall
> as i have explained multiple times there may run software not from
> the Fedora repos which opens ports unintentionally from the users
> point of view and especially a user with no network expierience
> will not realize that - and yes that software matters because
> we are talking about a *operating system*
>
> Well if the users' expectations were that the firewall doesn't "interfere" with Fedora applications, why would they
> expect it to "interfere" with non-Fedora applications?
you can make signed fedora packages trusted and allow them
at install or first start to interact with firewalld
I can't; ptrace() doesn't make such a distinction.
> And doesn't every malware know to make an _outgoing_ connection to an IRC server nowadays?> Stopping malware by blocking incoming connections is fairly illusory IMHOi find it pervert that such basics need to be discussed
* you can't reahc 100% security, never, in no way
Still, the combined measures need to mitigate at least, say, 75% of cases, otherwise we're not really having enough impact.
Mirek
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
