Jon Stanley wrote:
On Mon, Mar 17, 2008 at 5:49 PM, Johann B. Gudmundsson <johannbg@xxxxx> wrote:
See bugs
https://bugzilla.redhat.com/show_bug.cgi?id=437811
https://bugzilla.redhat.com/show_bug.cgi?id=136289
https://bugzilla.redhat.com/show_bug.cgi?id=147557
In my books this fails QA bigtime and poses a MAJOR security risk for
the end user(s).
Your book is not everyone's, nor probably even the majority of
people's. I for one use sshd on *every* machine that I own (yes, I
even login to my desktop remotely - that's how I IRC).
As I said I needed to know who were the target audience were
and I see it's not desktop users thats why Ubuntu succeeded were Fedora
should
have long ago ( yes I have had high hopes for a long time )...
Thanks for making that one clear I have actually been waiting for some
one to give me a straight
answer regarding that matter and this just proves that Fedora will never
be dominating the world :) .
That kinda also explains all this whole RTFM for the end users and he
has to be and is expected to be
an "Linux Guru " attitude that still exists here ( Bug 436227 for
example )...
And I who apparently is so ignorant and foolish in thinking our main
goal was to let Fedora grow and our main target was the home/desktop user
and expecting those who are gonna use it for server or other things
actually would know how to setup Fedora to do so silly me...
Either a respins with this *feature* needs to be done or a
reintroduction of Desktop/Server install
with the server install enabling this feature..
Nah, it's a sane default. If you wanna go down this road, choose
something that has *actual* security implications (beyond someone
possibly brute-forcing a poorly chosen password - users can shoot
themselves in the foot via many means. Anaconda even warns of a
poorly chosen rootpw now).
I would say leaving sshd running with punch hole in a firewall poses a
great security risk
If a noob users clicks next next ok done through out the installation
process and ends up
leaving himself open to brute force attacks which his machine then can
be used to attack other machines ( M$ )
but hey apparently that's just me..
I would actually think this "not a security risk" should be mentioned
each time somebody hands out a Fedora DVD.
or somebody that walks passed the Fedora booth and graps one.
But if it is one of Fedora objectives to distribute easy rootable boxes
to the internet fine...
It's good that some one in QA board can contact Fedora Security team and
get their input on this issue.
QA Board??? I didn't know such a thing existed. I nominate myself :)
Seriously, Jeremy would be about the closest thing that you come to
that (Will and Jesse as well).
Will was the one I actually thought were a member of that board and
kinda the "Head of the QA department,"( sorry Jeremy or Jesse or Bill )
( I Actually thought there were a QA Board, Testers reporting to the board
and QA board coordinating tests/bug hunts logic right..).
Hence I reopen reassigned status and was waiting for them to step in..
Since there is none I suggest one is created to address
issue like this which consist of not only developers.
There can be more conflicts like this..
Are we targeting Desktop/Home user or not?
Along with many other segments.
If we are targeting a whole bunch of "segments" then we should
release specifically tuned to those "segments"
M$ has a server version Mac OS X has a server version
there is a reason for it!
<whisper>Even Redhat has few *versions*....
So why cant Fedora release a server version?
This whole TRY TO PLEASE ALL concept is flawed..
If so then we have to make it hard for them to accidentally shoot them
self in foot security wize...
Users can shoot themselves in the foot via lots of methods. I don't
see this one being particularly egregious.
I said it once and I say it again only service that are needed for
"running system + networking"
should be enabled by default the rest should the user configure on
firstboot!
Even filed an RFE for this!
I mean a noob user accidentally turned of his firewall during install
with the current default installation options leaves
him open to how many security risks? ( none is the right answer )...
Well, that's no longer a default installation then, is it? Should we
disable CUPS too? (that at least has a recent history of issues).
YES ALONG WITH AVAHI BLUETOOTH AND MORE...
until the system can proparly detect HW and enable services on demand...
Fedora cant be tuned to everybody's needs!
The end user should be making that chose not Fedora trying to make
"guesses" on how
he's gonna setup his system.
We should be delivering a solid secure product then it's on the users
hands if he messes it up
not us delivering it already unsecure.
Since this is the whole attitude why are we shipping Fedora with SElinux
enabled since users
are already good enought to shoot them selves in the foot????
I'm gonna reopen this mark Anaconda as FAILED_QA then after this has
had a proper discussion
with input from Fedora-Security-Team a QA board member can CLOSE this or
it will be FIXED.
It is already CLOSED NOTABUG, and should remain that way.
I still strongy disagree not that it matters my efforts are in vain....
Best regards
Johann B.
You win some, you lose some....
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list