Re: Fedora Workstation and disabled by default firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Aug 31, 2019 at 7:04 PM John Harris <johnmh@xxxxxxxxxxxxx> wrote:
>
> On Friday, August 30, 2019 5:16:25 AM MST Nico Kadel-Garcia wrote:
> > > On Aug 29, 2019, at 9:41 PM, John Harris <johnmh@xxxxxxxxxxxxx> wrote:
> > >
> > >
> > >> On Thursday, August 29, 2019 8:12:22 AM MST Dan Book wrote:
> > >> I would agree, but people do install multiple desktops after installing
> > >> a
> > >> spin. Such a use case needs to be considered (not sure if it matters,
> > >> though).
> > >
> > >
> > > This is definitely not the ideal scenario, especially not from the case of
> > > the  installer for the GNOME spin. I don't know if there's really any
> > > reason to consider it, as the user is taking things into their own hands
> > > at that point.
> >
> > Let us not try to outsmart what people *must have wanted*, and err on the
> > side of not leaving their neckties hanging out the window for yanking by
> > passing pranksters.  Leave firewalls up by default.
>
> I don't think you understand what I meant. Please allow me to clarify. The
> suggestion was that we should set the default in such a way that would work
> regardless of what the user installs after the installation of Workstation
> itself. We have no way of doing that. We cannot just guess what the user means
> to install while we're in Anaconda. Unfortunately, mind reading hardware isn't
> there yet.
>
> I would agree, leave firewalls up by default.

If 30 years in DevOps and system security in both large and small
networks count for anything, this makes *complete* sense. The
distinction between a "Workstation" deployment and a "Server" or
"Everything" deployment should not include leaving the Workstation
completely vulnerable to the most casual script kiddie attacks after
they install *any* services, especially including MySQL, DNS, Samba,
or Tomcat, Jenkins, or anything else.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux