On Tuesday, August 27, 2019 7:14:20 AM MST Robert Marcano wrote: > On 8/27/19 10:03 AM, John Harris wrote: > > > On Tuesday, August 27, 2019 5:35:08 AM MST Robert Marcano wrote: > > > >> On 8/27/19 8:18 AM, mcatanzaro@xxxxxxxxx wrote: > >> > >> > >> > >>> On Tue, Aug 27, 2019 at 2:37 PM, Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> > >>> wrote: > >> > >> > >> > >>>> There's no need to write "a new style of firewall". It would be as > >>>> easy as asking the user once whether a new connection is trusted or > >>>> not. That's it. > >>> > >>> > >>> > >>> > >>> But, well, how do you do that? What do you show to the user? > >> > >> > >> > >> > >> Maybe, now that NetworkManager implements now its own DHCP client, if > >> the IP received is not an private address (RFC 1918 for IPv4, some other > >> consideration should be done for IPv6), Notify the user the connection > >> is in a secure mode with an option to disable the secure, temporarily or > >> permanently > >> > >> > >> > >> > > > > That wouldn't work. If you hop on public wifi, your IP will most likely be > > in a private rang, which would be wide open under this proposal. > > > Any new Wifi connection could be identified by their SSID, so it could > still be secure by default and ask for that specific connection to be > opened because you trust them. As I proposed on another email, bring > back the NetworkManager zones UI to GNOME Settings, simplified with > being an option to confine that connection to the public zone. > > The problem of identifying wired connections still remains and needs > more thinking. > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List > Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Why in the world would it need to be "simplified"? Just set the default zone names to something useful for users that don't know what zones are. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
