On Tue, Aug 27, 2019 at 10:26 PM Christopher <ctubbsii@xxxxxxxxxxxxxxxxx> wrote: > > On Tue, Aug 27, 2019 at 9:27 PM Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > > > The Workstation technical specification document says in part: > > Where is the full technical specification document, so one can read it > not in part, but in full? https://fedoraproject.org/wiki/Workstation/Technical_Specification The discussion and decision to not include firewall-config (GUI configuration application for firewalld) by default, five years ago https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx/thread/QROJ6LHGT5UUMNTBXEIJTPHPI3IWGFRY/ What's changed since then? It's fine to have purposeful re-evaluation of any requirements or specification, but someone or a group need to look through the prior history, and clearly articulate why that history is obsolete, and produce a compelling case why this should be re-evaluated. > > A firewall in its default configuration may not interfere with the > > normal operation of programs installed by default. > > Using "public" as the zone default instead of "FedoraWorkstation" > would satisfy this and provide much more reasonable secure defaults. You've tested all of the default applications with this zone active? If some significant number of popular/important applications that aren't installed by default are effectively silently broken upon installation, I wouldn't be inclined to support enabling an aggressive firewall policy out of the box. This needs to be assessed, we can't just set the default zone to public without testing an understanding how this impacts the user experience. And also, these arguments should separate between firewall-config being installed by default, versus what zone to enable by default. That includes a hypothetical v2 of FedoraWorkstation zone. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
