On Tuesday, August 27, 2019 5:07:39 AM MST mcatanzaro@xxxxxxxxx wrote: > On Tue, Aug 27, 2019 at 4:22 AM, John Harris <johnmh@xxxxxxxxxxxxx> > > wrote: > > No, that is not how this works, at all. First, let's go ahead and > > address the > > idea that "if the firewall blocks it, the app breaks, so it's the > > firewall's > > fault": It's not. If the firewall has not been opened, that just > > means it > > can't be accessed by remote systems until you EXPLICITLY open that > > port, with > > the correct protocol, on your firewall. That's FINE. That's how it's > > designed > > to work. There's nothing wrong with that. > > > > This means that the system administrator (or owner, if this is some > > individual's personal system) must allow the port to be accessed > > remotely, > > before the app can be reached remotely, increasing the security of > > the system. > > You've already lost me here. Sorry, but we do not and will not install > a firewall GUI that exposes complex technical details like port > numbers. Expecting users to edit firewall rules to use their apps is > ridiculous and I'm not really interested in debating it. > > If the user is capable of editing firewall rules and wants to do so, > that user can surely also change the policy to not open all these > ports. Yes? That port numbers are now "technical details" is fairly concerning, and I can't imagine why you think users shouldn't be able to configure their firewall. You realize we have a GTK firewall configuration program? Right now, the average user isn't even aware that they, essentially, don't have a running firewall. Most users are assuming we're shipping Fedora with secure defaults. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
