On 12/09/2014 09:27 AM, Robert Marcano wrote:
What I see frequently are applications that are installed from outside the Fedora repositories, that can be forced to behave like Fedora packaging rules, with secure defaults before sharing, being installed and the user that don't know much about firewall settings but understand that the firewall is active, then think: I feel "secure" because I know the firewall is blocking external requests.
that should be a "that can't be forced" not "can" ...
This is no open port, but shows that packages can have bugs and something that is closed by default today, can in the future be pulled as an update and start sharing things. Those are bugs, true, but the idea of opening the firewall entirely defeats the measure of defense already in place. To me it sounds like disabling SELinux on workstation because people find it difficult and decide to disable it instead.
and before someone say that SELinux is a server thing that should not bother user, Never had user NetworkManager openvpn plugin that require certificates to have the corresponding SELinux label inside ~/.cert, and than when you move you backed up certificates, they will not be read because move doesn't change labels. I can make the same assumption that SELinux is difficult and the user always prefer to disable it
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
