On 12/08/2014 10:50 AM, Bastien Nocera wrote:
----- Original Message -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We don't need open or preconfigured high ports.
What we really need is a user notification with options to allow or
deny like we do with SELinux.
That would be a appropriate solution for a workstation.
No it wouldn't be, because users don't like being asked security questions,
even less so when they don't have the skills to understand the consequences
of their choices.
The changes were vouched for by the Fedora and GNOME designers, as well as
the firewalld maintainers.
This zone was not proposed by firewalld maintainers. We had to accept
this zone - it was the Workstation team decision.
Additionally there was a request to pin down the zone in Workstation
that the user would not be able to change zones. But we denied this
request, because it would have been a big code change in firewalld to
remove one of its key features.
Additionally firewall-applet and firewall-config are not installed by
default in Gnome. All this was the decision of the Workstation team. I
asked then to leave the firewall UI there, but ...
Thomas
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
