On Sat, December 17, 2005 2:39 pm, Jesse Keating said: > > yes and no. Those that open their own ports to be forwarded are rather > insiduous. They don't rely on an established/related communication, so > any data can come down that forward into the client, not just that which > is expected. This is no different than if the ports are opened manually though. Anyone who has to open them manually is likely to leave them open when they shut down their bit torrent client as well. So really UPnP is more secure because the ports are only forwarded while the application is active. > > And the folks that don't understand the evils of upnp are the folks that > are going to leave it open. Secure by default, let users hang > themselves w/ the rope that is provided in options. The risk seems very minimal and the reward rather large. > Every bit of little risk adds up into a platform that is risky by > default, and folks have to spend effort to 'secure' it after > installation. This is a path I would _not_ like to see Fedora go down. Well almost everything adds a bit of risk; letting a user log into the machine is risky, yet we want our computers to be usable, not just locked in a box with no power cord attached. And in this case using the UPnP facility actually can mitigate some risk as well since the ports are properly closed when not in use. On top of that it makes life easier for users. Sean -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
