Am 28.04.2014 19:27, schrieb Miloslav Trmač: > 2014-04-28 19:13 GMT+02:00 Reindl Harald: > > Well if the users' expectations were that the firewall doesn't "interfere" with Fedora applications, why > would they > > expect it to "interfere" with non-Fedora applications? > > do i really need to explain that? > > you can make signed fedora packages trusted and allow them > at install or first start to interact with firewalld > > I can't; ptrace() doesn't make such a distinction. than that needs to be improved or the current status no open ports at all without user confirmation unchanged > > And doesn't every malware know to make an _outgoing_ connection to an IRC server nowadays? > > Stopping malware by blocking incoming connections is fairly illusory IMHO > > i find it pervert that such basics need to be discussed > > * you can't reach 100% security, never, in no way > > Still, the combined measures need to mitigate at least, say, 75% of cases, > otherwise we're not really having enough impact in a perfect world yes, even more than 75% in reality: only *the one an donly* case which affects me untila update is released we need the > 75% because we don't know what is needed when but even if we reach only 25% it's better than 0% by giving up and drop the firewall it makes me really sad that anybody ever can come to an idea disable the firewall as default because it makes things harder and that it needs discussions after 1st of April - are such people payed by the NSA and sent out to destory sceurity everywhere?
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
