<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Hello,<br>2014-04-15 11:01 GMT+02:00 Jaroslav Reznik <span dir="ltr"><<a href="mailto:jreznik@redhat.com" target="_blank">jreznik@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">= Proposed System Wide Change: Workstation: Disable firewall =<br>
<a href="https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall" target="_blank">https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall</a><br>
<br>
== Detailed Description ==<br>
The current level of integration into the desktop and applications does not<br>
justify enabling the firewalld service by default.</blockquote><div><br></div><div>This line of argument doesn't make any sense to me. Enabling a firewall is justified by <i>needing a firewall</i>, not any kind, or level, of integration into other software.<br>
<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> Therefore,<br>
we will disable the firewall service while we are working on a more user-<br>
friendly way to deal with network-related privacy issues.<br></blockquote><div><br></div><div>(combined with...)<br><br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
== Benefit to Fedora ==<br>The Workstation will boot faster, and the firewall will not interfere with sharing protocols such as DAAP, UPnP and others.<br></blockquote><br></div><div>So this actually means "we will disable the firewall, <i>explicitly intending to allow exposing user's data over DAAP and the like</i>", <u>now</u>, and "be working on... the privacy issues" [not as a part of this Change], i.e. <u>later</u>?<br>
<br></div><div>I do hope I'm misunderstanding the proposal, because this reads like a <i>highly irresponsible</i> and <i>completely unacceptable</i> transition plan.<i> </i>If the users needs to share data and have control over whether/how it is shared, we just can't take away that control now, and promise to return it sometime later[1].<br>
<br></div><div>(I could actually see a good case for not having a restrictive firewall on the Workstation by default, assuming some conditions were met; but if the <i>explicit intent</i> is to give up on users' control over their data like that, there's really no point in discussing the detailed requirements because the underlying intent is unacceptable and needs to be revisited.)<br>
</div><div> Mirek<br><br>[1] Actually, we can't even credibly promise to return it later—if we haven't had time or interest to develop the better controls now, why should the users trust us that we'll develop them later when without the firewall "things work correctly for the intended use case" and the work on better firewall integration is now even less urgent?<br>
</div></div></div></div>