5tFTW: Fedora 21, 22, and 19, firewall discussion, and holiday break

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reposted from <http://fedoramagazine.org/5tftw-2014-12-17/>.


Fedora is a big project, and it’s hard to keep up with everything that
goes on. This series highlights interesting happenings in five
different areas every week. It isn’t comprehensive news coverage — just
quick summaries with links to each. Here are the five things for
December 17th, 2014:


Fedora 21 Retrospective: What was awesome? What wasn’t?
-------------------------------------------------------

While Fedora 22 is already rolling into the target zone, we do want to
make sure we look back at this previous cycle and identify things we
can improve — ideally, specific and actionable changes. In the end, we
came out with (another!) great release, but there is always something
to learn. In particular, we ended _yet again_ in a last minute scramble
to get a release we could feel good about signing off on out before the
holidays, and next time around it would be nice to put less stress on
all of our contributors (including the quality assurance team and the
developers needed to make those late fixes.)

There will be more to it than this, but to get started, we have a F21
Retrospective wiki page, to help collect comments and ideas.

  * https://fedoraproject.org/wiki/Fedora_21_Retrospective


Fedora 22: Coming up fast!
--------------------------

FESCo (the Fedora Engineering Steering Committee, the elected
organization which oversees technical decisions in the project) has
indicated that we’re back to aiming for the traditional May/October
Fedora release cycle, and although the F22 schedule isn’t finalized yet,
we have a tentative plan calling for a release about 6 months from
now. When you work back from that, it means that there’s really not much
time to think about change proposals for F22, especially if we
subtract out holiday time. So, if you’re thinking of working on
something big, please start getting your proposal formalized — the
tentative deadline is January 20th, 2015.



Fedora 19: End of Life
----------------------

And on the other end of the cycle: it’s time to say farewell to Fedora
19. If you’re running this release, please plan to update before January
6th, 2015, when the last updates will go out. After that, there will be
no further security fixes. The good news is that Fedora 20 was a great
release, and Fedora 21 is *even better*, and I think you’ll be happy
with the upgrade.

* http://fedoramagazine.org/fedora-19-eol-01-06-2015/


Fedora Workstation firewall discussion
--------------------------------------

This week’s big devel-list thread concerned the default firewall
settings in Fedora Workstation. The Fedora Workstation Working Group was
not happy with the user experience offered by blocking incoming “high
ports” by default. Out of the box, nothing is listening on these, but if
one installs software that expects to, it won’t work, and because we
don’t have a good way yet to tie *attempts* to access ports to listening
applications and communicate that to the user, the resulting failure is
invisible.

On the other hand, if you install something and it starts listening and
you didn’t know that, that’s *also* invisible. So, pretty much everyone
recognizes this as a not ideal situation. Everyone involved in the
discussion also is concerned with enhancing user security in practice —
the question is just how to best get there from an imperfect state.
Originally, the Workstation WG asked to disable the firewall entirely.
FESCo asked instead that it be left available, possibly with a
less-restrictive out-of-the-box configuration — the path taken for F21.

If you’re not running Workstation, this doesn’t affect you. If you are,
and would like a different configuration, run the firewall configuration
tool and either edit the Fedora Workstation zone or change the default
zone. (There’s a long list of options, but “public” is a
generally-restrictive choice.)

You can also change the per-network zone. Unfortunately currently wired
networks are all considered as one per interface, but wireless networks
are distinguished individually. This can be done in a number of ways,
but the easiest is to run the network configuration tool (in GNOME
control center — press the overview key and start typing “network”),
select the wifi network in question, press the little gear icon next to
it, go down to Identity (?!), and choose the appropriate firewall zone.
(Again, there’s a long list — go back to the firewall config tool to see
exactly what they all do.)

This is clearly, not the most friendly approach; it’s my understanding
that the desktop designers, network tools team, and security team are
going to work together to develop a better overall solution for Fedora
22 and beyond.

Overall, the mailing list thread stayed relatively positive and
constructive and avoided personal attacks, although there were some
accusations of bad faith actions which do not seem warranted based on
the actual history. It is, however, a case where more transparent
discussion and communication could have helped; that’s something we’re
continually working at making better and might make for a good component
of the F21 retrospective mentioned above.

* https://lists.fedoraproject.org/pipermail/devel/2014-December/205010.html


Christmas break
---------------

Of course things in Fedora never really stop, but it’s vacation time for
many of us. Before I was a Red Hat employee, I was used to seeing
extended days off as ideal for getting in some serious work on Fedora.
Now, things are strangely inverted, and I’m going to use the time to
unplug a bit. I’ll be back in January all recharged, and will catch up
with everything that’s happened in the meantime — FtFTW will resume the
week of January 15th — or possibly the week before, but let’s save the
hard-to-keep resolutions for New Year’s Day. :)

Check out the Fedora vacation calendar to see who else will be away,
and make sure to add yourself if you will be too. (There's even a
Fedora badge for doing so!)

* https://apps.fedoraproject.org/calendar/vacation/
* https://badges.fedoraproject.org/badge/vacation



-- 
Matthew Miller            mattdm@xxxxxxxxxx             <http://mattdm.org/>
Fedora Project Leader  mattdm@xxxxxxxxxxxxxxxxx  <http://fedoraproject.org/> 
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux