Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, August 27, 2019 6:06:24 AM MST Jiri Eischmann wrote:
> mcatanzaro@xxxxxxxxx píše v Út 27. 08. 2019 v 15:07 +0300:
> 
> > On Tue, Aug 27, 2019 at 4:22 AM, John Harris <johnmh@xxxxxxxxxxxxx>
> > wrote:
> > 
> > > No, that is not how this works, at all. First, let's go ahead and
> > > address the 
> > > idea that "if the firewall blocks it, the app breaks, so it's the
> > > firewall's 
> > > fault": It's not. If the firewall has not been opened, that just
> > > means it 
> > > can't be accessed by remote systems until you EXPLICITLY open that
> > > port, with 
> > > the correct protocol, on your firewall. That's FINE. That's how
> > > it's designed 
> > > to work. There's nothing wrong with that.
> > > 
> > > This means that the system administrator (or owner, if this is
> > > some 
> > > individual's personal system) must allow the port to be accessed
> > > remotely, 
> > > before the app can be reached remotely, increasing the security of
> > > the system.
> > 
> > 
> > You've already lost me here. Sorry, but we do not and will not
> > install a firewall GUI that exposes complex technical details like
> > port numbers. Expecting users to edit firewall rules to use their
> > apps is ridiculous and I'm not really interested in debating it.
> 
> 
> Yeah, when you ask users questions they're not qualified to answer,
> you're just creating bad design.
> I always imagine my mom (who BTW has been a Fedora user for years) how
> she'd deal with that and I can't really imagine her opening/closing
> firewall ports. She'd be puzzled even by "Do you trust this network?"
> and would probably just click "Yes" to make it go away. No additional
> security, just annoying UX.
> 
> Jiri 
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> Archives:
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

In that case, let me be clear:

Users are NOT qualified to select the GNOME spin, as they don't even know it 
disables the firewall.

This is why you'd just implement sane defaults like the KDE spin, instead of 
opening literally every port on the system to the world.

-- 
John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx>
Splentity
https://splentity.com/

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux