Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, August 27, 2019 4:49:03 PM MST Japheth Cleaver wrote:
> On 8/27/2019 4:01 PM, Adam Williamson wrote:
> 
> > On Tue, 2019-08-27 at 15:06 +0200, Jiri Eischmann wrote:
> > 
> >> mcatanzaro@xxxxxxxxx píše v Út 27. 08. 2019 v 15:07 +0300:
> >> 
> >>> On Tue, Aug 27, 2019 at 4:22 AM, John Harris <johnmh@xxxxxxxxxxxxx>
> >>> wrote:
> >>> 
> >>>> No, that is not how this works, at all. First, let's go ahead and
> >>>> address the
> >>>> idea that "if the firewall blocks it, the app breaks, so it's the
> >>>> firewall's
> >>>> fault": It's not. If the firewall has not been opened, that just
> >>>> means it
> >>>> can't be accessed by remote systems until you EXPLICITLY open that
> >>>> port, with
> >>>> the correct protocol, on your firewall. That's FINE. That's how
> >>>> it's designed
> >>>> to work. There's nothing wrong with that.
> >>>>
> >>>>
> >>>>
> >>>> This means that the system administrator (or owner, if this is
> >>>> some
> >>>> individual's personal system) must allow the port to be accessed
> >>>> remotely,
> >>>> before the app can be reached remotely, increasing the security of
> >>>> the system.
> >>> 
> >>> You've already lost me here. Sorry, but we do not and will not
> >>> install a firewall GUI that exposes complex technical details like
> >>> port numbers. Expecting users to edit firewall rules to use their
> >>> apps is ridiculous and I'm not really interested in debating it.
> >> 
> >> Yeah, when you ask users questions they're not qualified to answer,
> >> you're just creating bad design.
> >> I always imagine my mom (who BTW has been a Fedora user for years) how
> >> she'd deal with that and I can't really imagine her opening/closing
> >> firewall ports. She'd be puzzled even by "Do you trust this network?"
> >> and would probably just click "Yes" to make it go away. No additional
> >> security, just annoying UX.
> > 
> > However, Fedora Workstation is an edition. Which means it has a
> > *policy-defined* target audience. That target audience is defined here:
> > https://fedoraproject.org/wiki/Workstation/Workstation_PRD#Target_Audience
> > 
> >
> >
> >
> > Case 1: "Engineering/CS student"
> > Case 2: "Independent Developer"
> > Case 3: "Small Company Developer"
> > Case 4: "Developer in a Large Organization"
> >
> >
> >
> > Are those people we believe do not understand the concepts associated
> > with firewalls?
> 
> 
> The term "Workstation" itself has a long pedigree and is laden with a 
> variety of connotations. The failure here may be that that term has been 
> conflated with "Desktop". Your mother surfing Facebook may benefit from 
> a "Linux Desktop" (maybe.), but she's probably not the target for a 
> "Linux Workstation" unless https://xkcd.com/327/ is likely to happen.
> 
> "Fedora as a Distro" could do a better job of articulating this 
> distinction. Perhaps a user vs. poweruser split is viable at 
> install/config time, or perhaps Desktop and Workstation would warrant 
> separate Editions.
> 
> "Fedora as a Project", OTOH, seems to be reaching a point where so many 
> downstream users have varying needs (and I'm including Editions, Atomic, 
> Container folks, EPEL as a side project, and RHEL/CentOS/SL here) that a 
> fundamental project re-architecture is getting to be warranted.
> 
> -jc
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> Archives:
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

"Workstation" literally means a station to work at. Any computer you can do 
work on is a workstation. My workstation is an X200 Tablet running Fedora KDE 
Spin, for example.

If there is to be a Desktop edition, I vote KDE is the default DE of it.

-- 
John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx>
Splentity
https://splentity.com/

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux