----- Original Message ----- > On 5.1.2015 15:57, Bastien Nocera wrote: > > ----- Original Message ----- > >> Björn Persson wrote: > >>> I bet! I worry that the questions would quickly become annoying. But if > >>> ports are going to be blocked by default, then there needs to be some > >>> way for non-sysadmin users to open them. > >> > >> No, why? The ports just need to be closed, period. Non-sysadmin users > >> shouldn't be allowed to open any ports. > > > > Which leads to users being frustrated at the default firewall, which leads > > to > > them throwing in the towel and disabling the firewall altogether, leading > > to > > worse security. > > Many people claim this AFAIK nobody posted link to an article/any hard data > about this. (I'm not saying that this statement is not correct, I'm saying > that I don't have reason to believe it without hard data.) I don't claim to have hard data on this, this is the result of discussions with my co-workers, Fedora developers that use GNOME, and Fedora users. Evidence of this is always going to be circumstantial but when I hear of other GNOME developers that end up using GNOME on Ubuntu with all the problems it brings rather than deal with SELinux or Fedora's firewall, alarm bells start ringing. > IMHO solution to this problem is what Stephen Gallagher proposed in other > part > of this thread: > > I'd argue that something similar to the SELinux Troubleshooter would be > > a useful solution here, if interfaces could be added to support it. The SELinux Troubleshooter is positively awful UI for anyone that didn't go read SELinux introductory articles. It's also a bug reporting tool, not an authorisation request as a (bad) firewall UI would need to be. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
