Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday, August 28, 2019 3:33:48 AM MST Jiri Eischmann wrote:
> Adam Williamson píše v Út 27. 08. 2019 v 16:01 -0700:
> 
> > On Tue, 2019-08-27 at 15:06 +0200, Jiri Eischmann wrote:
> > 
> > > mcatanzaro@xxxxxxxxx píše v Út 27. 08. 2019 v 15:07 +0300:
> > > 
> > > > On Tue, Aug 27, 2019 at 4:22 AM, John Harris <
> > > > johnmh@xxxxxxxxxxxxx>
> > > > wrote:
> > > > 
> > > > > No, that is not how this works, at all. First, let's go ahead
> > > > > and
> > > > > address the 
> > > > > idea that "if the firewall blocks it, the app breaks, so it's
> > > > > the
> > > > > firewall's 
> > > > > fault": It's not. If the firewall has not been opened, that
> > > > > just
> > > > > means it 
> > > > > can't be accessed by remote systems until you EXPLICITLY open
> > > > > that
> > > > > port, with 
> > > > > the correct protocol, on your firewall. That's FINE. That's how
> > > > > it's designed 
> > > > > to work. There's nothing wrong with that.
> > > > > 
> > > > > This means that the system administrator (or owner, if this is
> > > > > some 
> > > > > individual's personal system) must allow the port to be
> > > > > accessed
> > > > > remotely, 
> > > > > before the app can be reached remotely, increasing the security
> > > > > of
> > > > > the system.
> > > > 
> > > > 
> > > > You've already lost me here. Sorry, but we do not and will not
> > > > install a firewall GUI that exposes complex technical details
> > > > like
> > > > port numbers. Expecting users to edit firewall rules to use their
> > > > apps is ridiculous and I'm not really interested in debating it.
> > > 
> > > 
> > > Yeah, when you ask users questions they're not qualified to answer,
> > > you're just creating bad design.
> > > I always imagine my mom (who BTW has been a Fedora user for years)
> > > how
> > > she'd deal with that and I can't really imagine her opening/closing
> > > firewall ports. She'd be puzzled even by "Do you trust this
> > > network?"
> > > and would probably just click "Yes" to make it go away. No
> > > additional
> > > security, just annoying UX.
> > 
> > 
> > However, Fedora Workstation is an edition. Which means it has a
> > *policy-defined* target audience. That target audience is defined
> > here:
> > https://fedoraproject.org/wiki/Workstation/Workstation_PRD#Target_Audience
> > 
> > 
> > Case 1: "Engineering/CS student"
> > Case 2: "Independent Developer"
> > Case 3: "Small Company Developer"
> > Case 4: "Developer in a Large Organization"
> > 
> > Are those people we believe do not understand the concepts associated
> > with firewalls?
> 
> 
> And the same document says:
> "While our focus is on creating a top-class developer workstation, our
> developer focus will not compromise the aforementioned goal to be a
> polished and user friendly system that appeals to a wide general
> audience."
> 
> Having a target audience in mind doesn't mean we have to make bad
> design for everyone else. In addition their preferences could be
> actually the same. Just look at macOS, it's made easy for our moms and
> dads and very popular with developers at the same time.
> 
> Jiri 
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> Archives:
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

Essentially disabling the firewall falls under having a "bad design for 
everyone else". Disabling the firewall is something that could be considered 
hostile to the user.

I fail to see how the comparison to MacOS applies here. MacOS is not a FLOSS 
project, nor is it some standard. I know GNOME folks seem to think MacOS is 
great and all, to the point that they copy stuff from MacOS and throw it in, 
calling it a "feature", but this is not a feature.

If you want something that's both easy for "our moms and dads", and something 
that keeps them safe, because both are certainly possible at once, you can 
just move back to the default firewall config.

-- 
John M. Harris, Jr. <johnmh@xxxxxxxxxxxxx>
Splentity
https://splentity.com/

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux