On 12/17/05, Callum Lerwick <seg@xxxxxxxxxx> wrote: > Not this flame war again. The only way P2P can *possibly* work is if you > poke holes through the firewall. If everyone were behind firewalls and > couldn't poke holes, there would be no P2P. If only a few people poke > holes, those nodes become solely responsible for uploading to the > firewalled nodes. The firewalled nodes still can't talk to each other. > > And another thing, the whole point of a firewall is to keep malicious > stuff out. With UPNP/NAT-PMP, port forwards can only be set up from > behind the firewall. And only to the machine asking for it. If you've > got malicious software and/or users behind your firewall, you've already > lost the security battle. Get over it. There's a big difference between users delibrately deciding to poke holes in their firewall, and having the operating system let any application automatically poke holes without authentication to allow the action. I'd be perfectly fine with a mechanism that applications could use which first request permissions to open ports from the user and notified the user as to which application was making the request, before ports were dynamically opened. -jef -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
