<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 6 March 2014 14:54, Reindl Harald <span dir="ltr"><<a href="mailto:h.reindl@thelounge.net" target="_blank">h.reindl@thelounge.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Am 06.03.2014 22:43, schrieb Stephen Gallagher:<br>
<div class="">> On 03/06/2014 04:28 PM, Reindl Harald wrote:<br>
><br>
>> Am 06.03.2014 22:13, schrieb Miloslav Trmač:<br>
>>> 2014-03-06 22:03 GMT+01:00 Simo Sorce <<a href="mailto:simo@redhat.com">simo@redhat.com</a><br>
>>> <mailto:<a href="mailto:simo@redhat.com">simo@redhat.com</a>>>: Sorry I do not understand what you are<br>
>>> saying here.<br>
>>><br>
>>> $ fedora-role-deploy postgresql # Huh, it is refusing<br>
>>> connections? # Ah, firewall... $ fedora-role-deploy<br>
>>> --open-firewall-ports potgresql # That's how it is done in<br>
>>> Fedora, then. Good to know.<br>
><br>
>> right direction<br>
><br>
>>> # Time passes...<br>
>>><br>
>>> $ fedora-role-deploy freeipa # Huh, this is already accessible?<br>
><br>
>> that must not happen<br>
><br>
>> * not from usability point of view * not from security point of<br>
>> view - *no* open ports *never ever* as default<br>
><br>
> The debate here is where you draw the line as to "what is default".<br>
> Deploying a role is *NOT* the same as just installing a package. For<br>
> package installs, I absolutely agree that we should never be poking<br>
> holes in the firewall.<br>
<br>
</div>i draw the line *strict*<br>
<br>
if i deploy whatever role nobody than me is responsible to open<br>
firewall ports because nobody than me can know if it is sane<br>
to do so or what i have planned after the depolyment before<br>
go in production<br>
<br></blockquote><div><br></div><div>Then in this case, you wouldn't want to use Roles in any form as they aren't going to help you any. You aren't the target audience for them.. trying to make you the target audience would only work in your environment and no one elses. </div>
<div> </div></div><div><br></div>-- <br><div dir="ltr">Stephen J Smoogen.<br><br></div>
</div></div>