Removing firewall-config from the default install of Fedora Workstation

Christoph Wickert christoph.wickert at gmail.com
Thu Sep 4 16:17:11 UTC 2014 

Am Freitag, den 29.08.2014, 13:14 -0500 schrieb Michael Catanzaro:
> On Fri, 2014-08-29 at 17:30 +0200, Christoph Wickert wrote:
> > > I partly agree. While I agree it's better to improve than to remove
> > > something, I believe that some things cannot and should be
> > simplified.
> > > Security is a complex issue and if we just simplify it, people will
> > stop
> > > thinking about it and be 
> > 
> > less secure. So this is counterproductive.
> 
> Hm, that's interesting. This is actually the complete opposite of how we
> think about security in GNOME. 

Please note that this is the Fedora workstation, not GNOME. I think our
target audience is different from the general GNOME users.

> Our approach is that if a security
> features requires configuration or technical knowledge, then the user is
> not going to use it properly, so we should simplify as much as possible.

Agreed, but the question is: How much can we simplify something without
loosing it's functionality? Of course we could argue how much
functionality users need, but for the target audience of the Fedora
workstation, something like port forwards are not rocket science abut
actually a use case.

I think GNOME has a bad history of over-simplifying things. When I was
no longer able to configure the display brightness on battery
independently from the brightness on AC, I had to ditch
gnome-power-manager in favor of xfce4-power-manager. Needing a brighter
display on the train than at home is not exactly an exotic use case,
still too exotic for gnome-power-manager.

> For example, today someone objected to the removal of firewall-config on
> Google+. His argument was basically this: "how else will I be able to
> turn off the firewall?" I read that as: "I need to turn off my firewall
> because it is too complicated for me, and I won't be able to do
> something otherwise." Now he's less secure. (That's not an argument in
> favor of removing firewall-config, but one in favor of the new
> permissive Workstation firewall configuration.)

I don't think so. Reasonably defaults are certainly a starting point,
but as soon as they don't match the users need, they will need to adjust
the settings. And at this point disabling the firewall is certainly
worse than opening a port.

> > > I recently had a very similar discussion on a cryptoparty. A teacher
> > > argued that people will never use encryption because GPG is too
> > complex.
> > > The guy from our LUG responded that the 
> > 
> > that security is complex and you have to think about it. If you just
> > make it a click-through wizard, nobody will pay attention.
> 
> GPG is a good example of how not do design a security feature. It was
> never successful because it requires complex technical knowledge and
> configuration. If email encryption is going to be widely-used, it will
> need to be dead simple to set up.

But dead simple also means paying no attention, and if you pay no
attention, you are insecure. In fact you are *less* secure than before
because you have a wrong sense of security that is actually not
guaranteed.

Best regards,
Christoph

More information about the desktop mailing list