On Tuesday, August 27, 2019 12:32:26 AM MST mcatanzaro@xxxxxxxxx wrote: > On Tue, Aug 27, 2019 at 5:59 AM, Christopher > > <ctubbsii@xxxxxxxxxxxxxxxxx> wrote: > > The current status is that the Workstation WG never came up with a > > solution in 5 years, and new people are finding this default > > configuration and getting upset about the failure of Fedora > > Workstation to meet basic security expectations. > > > > Since Workstation WG has not come up with any better solution over the > > course of 10 Fedora releases / 5 years, and the default insecure > > status persists, I think it's reasonable to conclude that FESCo's > > trust in the Workstation WG's ability to come up with a satisfactory > > solution was misplaced. I would strongly urge the current FESCo > > require Worksation to adopt the same secure default configuration as > > Server, until such a time as Workstation WG comes up with a solution > > for Workstation that can *honestly* clear the change proposal process. > > To be clear, we have never had any plans to work on this. > > If there is a separate team of firewall developers that would be > interested in writing a new style of firewall, then I'm sure the WG > would be happy to reopen discussion of the issue, including a > discussion of requirements, etc. But I highly doubt anybody will be > interested in this effort to reenable a stricter firewalld > configuration. This doesn't seem like a serious effort to think about > how a firewall could be useful, it just seems like an effort to break > software. Please consider the security aspect of this. This is a critical vulnerability. Please, don't make us look like the Linux Mint folks. If Workstation is to be a viable product, especially if it's going to be advertised prominently, as the primary download for Fedora, this needs to be fixed. Just imagine if this were done on RHEL! -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
