Stephen John Smoogen wrote:
1) I do not feel that countless programs will or want to accept
patches to open ports twice. I expect them to actually open a port
once and if they want to work with firewalld or some other firewall
daemon signal on dbus that they are looking to have a port open using
a predefined and open protocol. The port will be open like it always
was and the firewall will be closed if they don't use it, and possibly
open if they do (depending on the top level policy of whatever
firewall management program is there).
Fine, so they wouldn't be patches to open ports twice, they'd be
patches to ask FirewallD to open the firewall in addition to opening
ports. Whatever. The point is that a lot of programs would have to be
patched to do a Fedora-specific thing, and the patches would either
have to be accepted upstream or carried in Fedora, or else the programs
wouldn't work on Fedora.
3) glibc is meant to work on multiple OS's and distributions.
Fedora
and even Red Hat are not important enough to force through a change
that isn't in the interests of other distributions. Which is where the
vague politics comes up. This sort of change would require working
with other distributions, other OS's and other organizations to get
their consensus on how it should work. That takes a long amount of
meetings, talking with people, showing them why it would be
worthwhile, figuring out all the corner cases and seeing if they are
fixable, etc. And it would see if it breaks various 'promises' like
POSIX compliance and such that the glibc team work actively to keep.
All of that is true, but I don't see how it would be an argument for
signaling FirewallD from many places rather than from one place. Most
of the programs are also meant to work on multiple OSes and
distributions, and I doubt that their developers would be happy to
implement multiple distribution-specific protocols for opening
firewalls. It would still require lots of discussions to get all of
those distributions, OSes and organizations to agree on a single
firewall-opening protocol, regardless of whether that protocol would
then be used from GlibC of from each program individually.
--
Björn Persson