FYI: https://fedorahosted.org/fesco/ticket/1372
When responding to this ticket, please keep the discussion impersonal and objective as possible. We should plan to have a couple people at the FESCo meeting next week if this is on the agenda.
I cannot figure out how to get access to the ticket. I am also not sure I am interested in yet another such account. I have more than enough accounts and subscriptions already spamming my mailbox. So I hope it is OK that I reply in this mail thread instead.
If I understand the discussion, it was a decision in an early stage of Fedora 21 Desktop development that it should not have a User Interface for firewall configuration. And I think this is the basic problem and mistake. I cannot see how usability and security can be achieved at the same time without it Even though it is not a server platform, you may still want to run server programs on it (typicaly for access by other systems on local network). I can think of (at least): * a test or learning instance of any database server * all sorts of file servers * media streaming services .. and they will all require the port where the server listens to be open.
I think a very simple User Interface for firewall configuration should be added. It could be as simple as just allowing for opening of specific ports. I also don't think it will cause problems. People can manage firewall(s) in Windows. Dont' assume that users are more helpless than they are (that is/was Ubuntu's mistake IMO).
(and as a final remark the security issue is close to NULL for al the people running FD21 in a virtualized environment or behind a router. They will have the protection from the host OS or the router. But some people still use various types of modems and not routers of course)
-- Peter
On Fri, Dec 12, 2014 at 3:09 PM, Paul W. Frields stickster@gmail.com wrote:
FYI: https://fedorahosted.org/fesco/ticket/1372
When responding to this ticket, please keep the discussion impersonal and objective as possible. We should plan to have a couple people at the FESCo meeting next week if this is on the agenda.
-- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com -- desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
Just forgot one detail here: if it becomes a rquirement that connections to services installed on Fedora Desktop are tunneled through SSH, I believe that this will create much more difficulties for users than managing a firewall would.
-- Peter (again-agan)
On Fri, Dec 12, 2014 at 8:28 PM, Peter Laursen jazcyk@gmail.com wrote:
I cannot figure out how to get access to the ticket. I am also not sure I am interested in yet another such account. I have more than enough accounts and subscriptions already spamming my mailbox. So I hope it is OK that I reply in this mail thread instead.
If I understand the discussion, it was a decision in an early stage of Fedora 21 Desktop development that it should not have a User Interface for firewall configuration. And I think this is the basic problem and mistake. I cannot see how usability and security can be achieved at the same time without it Even though it is not a server platform, you may still want to run server programs on it (typicaly for access by other systems on local network). I can think of (at least):
- a test or learning instance of any database server
- all sorts of file servers
- media streaming services
.. and they will all require the port where the server listens to be open.
I think a very simple User Interface for firewall configuration should be added. It could be as simple as just allowing for opening of specific ports. I also don't think it will cause problems. People can manage firewall(s) in Windows. Dont' assume that users are more helpless than they are (that is/was Ubuntu's mistake IMO).
(and as a final remark the security issue is close to NULL for al the people running FD21 in a virtualized environment or behind a router. They will have the protection from the host OS or the router. But some people still use various types of modems and not routers of course)
-- Peter
On Fri, Dec 12, 2014 at 3:09 PM, Paul W. Frields stickster@gmail.com wrote:
FYI: https://fedorahosted.org/fesco/ticket/1372
When responding to this ticket, please keep the discussion impersonal and objective as possible. We should plan to have a couple people at the FESCo meeting next week if this is on the agenda.
-- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com -- desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
-- Hilsen / Regards
Peter Laursen
+ 'remote desktop' servers (VPC, VPN etc.)
On Fri, Dec 12, 2014 at 8:36 PM, Peter Laursen jazcyk@gmail.com wrote:
Just forgot one detail here: if it becomes a rquirement that connections to services installed on Fedora Desktop are tunneled through SSH, I believe that this will create much more difficulties for users than managing a firewall would.
-- Peter (again-agan)
On Fri, Dec 12, 2014 at 8:28 PM, Peter Laursen jazcyk@gmail.com wrote:
I cannot figure out how to get access to the ticket. I am also not sure I am interested in yet another such account. I have more than enough accounts and subscriptions already spamming my mailbox. So I hope it is OK that I reply in this mail thread instead.
If I understand the discussion, it was a decision in an early stage of Fedora 21 Desktop development that it should not have a User Interface for firewall configuration. And I think this is the basic problem and mistake. I cannot see how usability and security can be achieved at the same time without it Even though it is not a server platform, you may still want to run server programs on it (typicaly for access by other systems on local network). I can think of (at least):
- a test or learning instance of any database server
- all sorts of file servers
- media streaming services
.. and they will all require the port where the server listens to be open.
I think a very simple User Interface for firewall configuration should be added. It could be as simple as just allowing for opening of specific ports. I also don't think it will cause problems. People can manage firewall(s) in Windows. Dont' assume that users are more helpless than they are (that is/was Ubuntu's mistake IMO).
(and as a final remark the security issue is close to NULL for al the people running FD21 in a virtualized environment or behind a router. They will have the protection from the host OS or the router. But some people still use various types of modems and not routers of course)
-- Peter
On Fri, Dec 12, 2014 at 3:09 PM, Paul W. Frields stickster@gmail.com wrote:
FYI: https://fedorahosted.org/fesco/ticket/1372
When responding to this ticket, please keep the discussion impersonal and objective as possible. We should plan to have a couple people at the FESCo meeting next week if this is on the agenda.
-- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com -- desktop mailing list desktop@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/desktop
-- Hilsen / Regards
Peter Laursen
-- Hilsen / Regards
Peter Laursen
On 12/12/2014 02:28 PM, Peter Laursen wrote:
I cannot figure out how to get access to the ticket. I am also not sure I am interested in yet another such account. I have more than enough accounts and subscriptions already spamming my mailbox. So I hope it is OK that I reply in this mail thread instead.
FWIW, you log in to Fedora Hosted using your FAS account, no need to create a new account.
regards, ryanlerch
If I understand the discussion, it was a decision in an early stage of Fedora 21 Desktop development that it should not have a User Interface for firewall configuration. And I think this is the basic problem and mistake. I cannot see how usability and security can be achieved at the same time without it Even though it is not a server platform, you may still want to run server programs on it (typicaly for access by other systems on local network). I can think of (at least):
- a test or learning instance of any database server
- all sorts of file servers
- media streaming services
.. and they will all require the port where the server listens to be open.
I think a very simple User Interface for firewall configuration should be added. It could be as simple as just allowing for opening of specific ports. I also don't think it will cause problems. People can manage firewall(s) in Windows. Dont' assume that users are more helpless than they are (that is/was Ubuntu's mistake IMO).
(and as a final remark the security issue is close to NULL for al the people running FD21 in a virtualized environment or behind a router. They will have the protection from the host OS or the router. But some people still use various types of modems and not routers of course)
-- Peter
On Fri, Dec 12, 2014 at 3:09 PM, Paul W. Frields <stickster@gmail.com mailto:stickster@gmail.com> wrote:
FYI: https://fedorahosted.org/fesco/ticket/1372 When responding to this ticket, please keep the discussion impersonal and objective as possible. We should plan to have a couple people at the FESCo meeting next week if this is on the agenda. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com -- desktop mailing list desktop@lists.fedoraproject.org <mailto:desktop@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/desktop
-- Hilsen / Regards
Peter Laursen
desktop@lists.fedoraproject.org