On Wednesday, August 28, 2019 3:33:48 AM MST Jiri Eischmann wrote: > Adam Williamson píše v Út 27. 08. 2019 v 16:01 -0700: > > > On Tue, 2019-08-27 at 15:06 +0200, Jiri Eischmann wrote: > > > > > mcatanzaro@xxxxxxxxx píše v Út 27. 08. 2019 v 15:07 +0300: > > > > > > > On Tue, Aug 27, 2019 at 4:22 AM, John Harris < > > > > johnmh@xxxxxxxxxxxxx> > > > > wrote: > > > > > > > > > No, that is not how this works, at all. First, let's go ahead > > > > > and > > > > > address the > > > > > idea that "if the firewall blocks it, the app breaks, so it's > > > > > the > > > > > firewall's > > > > > fault": It's not. If the firewall has not been opened, that > > > > > just > > > > > means it > > > > > can't be accessed by remote systems until you EXPLICITLY open > > > > > that > > > > > port, with > > > > > the correct protocol, on your firewall. That's FINE. That's how > > > > > it's designed > > > > > to work. There's nothing wrong with that. > > > > > > > > > > This means that the system administrator (or owner, if this is > > > > > some > > > > > individual's personal system) must allow the port to be > > > > > accessed > > > > > remotely, > > > > > before the app can be reached remotely, increasing the security > > > > > of > > > > > the system. > > > > > > > > > > > > You've already lost me here. Sorry, but we do not and will not > > > > install a firewall GUI that exposes complex technical details > > > > like > > > > port numbers. Expecting users to edit firewall rules to use their > > > > apps is ridiculous and I'm not really interested in debating it. > > > > > > > > > Yeah, when you ask users questions they're not qualified to answer, > > > you're just creating bad design. > > > I always imagine my mom (who BTW has been a Fedora user for years) > > > how > > > she'd deal with that and I can't really imagine her opening/closing > > > firewall ports. She'd be puzzled even by "Do you trust this > > > network?" > > > and would probably just click "Yes" to make it go away. No > > > additional > > > security, just annoying UX. > > > > > > However, Fedora Workstation is an edition. Which means it has a > > *policy-defined* target audience. That target audience is defined > > here: > > https://fedoraproject.org/wiki/Workstation/Workstation_PRD#Target_Audience > > > > > > Case 1: "Engineering/CS student" > > Case 2: "Independent Developer" > > Case 3: "Small Company Developer" > > Case 4: "Developer in a Large Organization" > > > > Are those people we believe do not understand the concepts associated > > with firewalls? > > > And the same document says: > "While our focus is on creating a top-class developer workstation, our > developer focus will not compromise the aforementioned goal to be a > polished and user friendly system that appeals to a wide general > audience." > > Having a target audience in mind doesn't mean we have to make bad > design for everyone else. In addition their preferences could be > actually the same. Just look at macOS, it's made easy for our moms and > dads and very popular with developers at the same time. > > Jiri > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List > Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List > Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Essentially disabling the firewall falls under having a "bad design for everyone else". Disabling the firewall is something that could be considered hostile to the user. I fail to see how the comparison to MacOS applies here. MacOS is not a FLOSS project, nor is it some standard. I know GNOME folks seem to think MacOS is great and all, to the point that they copy stuff from MacOS and throw it in, calling it a "feature", but this is not a feature. If you want something that's both easy for "our moms and dads", and something that keeps them safe, because both are certainly possible at once, you can just move back to the default firewall config. -- John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx> Splentity https://splentity.com/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx