Am 08.12.2014 um 13:02 schrieb Aleksandar Kurtakov:
----- Original Message -----
> From: "Reindl Harald" <h.reindl(a)thelounge.net>
> To: devel(a)lists.fedoraproject.org
> Sent: Monday, December 8, 2014 1:26:29 PM
> Subject: Re: "Workstation" Product defaults to wide-open firewall
>
> Am 08.12.2014 um 12:22 schrieb Bastien Nocera:
>>> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
>>>>> Well, I'll understand these aspects.
>>>>>
>>>>> But when I think about Linux, especially about Fedora, I'm
thinking
>>>>> about the freedom to make decisions. This means to me, to customize
>>>>> and take advantage of my computer and in this case my operating
system.
>>>>
>>>> You're free to select another firewall zone
>>>
>>> so why do you not make secure defaults and say "You're free to
select
>>> another (more unsecure) firewall zone"?
>>
>> 1) It is secure enough and Eclipse listening to a port by default is a bug
>> (and I have the firewall specialists at Red Hat/Fedora to back me up)
>> 2) Good defaults
>
> again: the *purpose* of a Firewall is to protect from application bugs
> or unintentional user faults - frankly the early KDE4 setups in 2008 had
> a ton of 0.0.0.0 listenining high ports, that where indeed a bug and
> hence a firewall to protect the user against such bugs
>
> it is not a bug that "ZendStudio" is listening on a high UDP port for
> license verification (only one instance in the same network via broadcasts)
>
> it is intentional by the software
I'm not going to comment what is good, what is intentional and etc.
All I'm asking for is for precise wording aka when something is done by ZendStudion
or any other Eclipse plugin is to name it unless it's something that Eclipse
Platform/RCP does.
As both Fedora and upstream Eclipse platform developer I really care about negative press
we get because of such statements. "Eclipse listens on some port by default"
translates into "Eclipse is insecure" and etc. is entirely not-true. We have a
very strict privacy policy (
http://www.eclipse.org/legal/privacy.php and
http://wiki.eclipse.org/Policies/Uploading_and_Downloading_from_Eclipse_S...)
so I sincerely ask people to not spread false statements like the one.
the point is not Eclipse
it was just an example of "netstat -l" as user and that the purpose of
an OS is *not* to have defaults only sane in a default install
any application running as user can open a high port
that's the purpose of non-privileged ports
that means finally *any* bad piece of code with the current settings can
open a listening port and contacted from a botnet *directly* instead
open a active connection to the outside (which is bad enough)
spammer will love that opportunity because they need no longer to rely
on single points easy taken offline where the bot-nodes connect to, no
they just need to send their commands directly to the machines