On 8/27/2019 4:01 PM, Adam Williamson wrote:
On Tue, 2019-08-27 at 15:06 +0200, Jiri Eischmann wrote:
mcatanzaro@xxxxxxxxx píše v Út 27. 08. 2019 v 15:07 +0300:
On Tue, Aug 27, 2019 at 4:22 AM, John Harris <johnmh@xxxxxxxxxxxxx>
wrote:
No, that is not how this works, at all. First, let's go ahead and
address the
idea that "if the firewall blocks it, the app breaks, so it's the
firewall's
fault": It's not. If the firewall has not been opened, that just
means it
can't be accessed by remote systems until you EXPLICITLY open that
port, with
the correct protocol, on your firewall. That's FINE. That's how
it's designed
to work. There's nothing wrong with that.
This means that the system administrator (or owner, if this is
some
individual's personal system) must allow the port to be accessed
remotely,
before the app can be reached remotely, increasing the security of
the system.
You've already lost me here. Sorry, but we do not and will not
install a firewall GUI that exposes complex technical details like
port numbers. Expecting users to edit firewall rules to use their
apps is ridiculous and I'm not really interested in debating it.
Yeah, when you ask users questions they're not qualified to answer,
you're just creating bad design.
I always imagine my mom (who BTW has been a Fedora user for years) how
she'd deal with that and I can't really imagine her opening/closing
firewall ports. She'd be puzzled even by "Do you trust this network?"
and would probably just click "Yes" to make it go away. No additional
security, just annoying UX.
However, Fedora Workstation is an edition. Which means it has a
*policy-defined* target audience. That target audience is defined here:
https://fedoraproject.org/wiki/Workstation/Workstation_PRD#Target_Audience
Case 1: "Engineering/CS student"
Case 2: "Independent Developer"
Case 3: "Small Company Developer"
Case 4: "Developer in a Large Organization"
Are those people we believe do not understand the concepts associated
with firewalls?
The term "Workstation" itself has a long pedigree and is laden with a
variety of connotations. The failure here may be that that term has been
conflated with "Desktop". Your mother surfing Facebook may benefit from
a "Linux Desktop" (maybe.), but she's probably not the target for a
"Linux Workstation" unless https://xkcd.com/327/ is likely to happen.
"Fedora as a Distro" could do a better job of articulating this
distinction. Perhaps a user vs. poweruser split is viable at
install/config time, or perhaps Desktop and Workstation would warrant
separate Editions.
"Fedora as a Project", OTOH, seems to be reaching a point where so many
downstream users have varying needs (and I'm including Editions, Atomic,
Container folks, EPEL as a side project, and RHEL/CentOS/SL here) that a
fundamental project re-architecture is getting to be warranted.
-jc
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx