Re: Setting the default firewall configuration (was Re: Attention, dependency fighters)
On Wed, Nov 14, 2012 at 11:34:56AM +0100, Miloslav Trmač wrote:
AFAIK the major things for our usual use cases are covered, at least
going by the F17 criteria. Sure, there may be more things missing.
Adam asked to keep those other things to the other thread, so I'll just
touch on the dependency bloat issue here. I think there are other reasons it
is harmful to Fedora to go ahead before this is ready, though, which I'll
continue to address separately.
Looking at hour original warning flag: Squeezing every last megabyte
out of the running system for cloud is a really new thing that we
haven't historically required. Sure, it would be great to make
firewalld smaller (and rewriting firewalld to C is one of those things
that have been promised a long time ago and never happened), but I
don't really see that as a blocker.
Making it absolutely minimal isn't a blocker, but pulling X libraries into
the minimal install is. I think that will be resolved, reducing this
particular issue to being something for future improvement. If that can't be
resolved, then it alone should be sufficient cause to postpone the feature.
We _cannot_ have two different firewalls equally supported, each
with
its own command line and API. Applications won't support both
equally, documentation won't support both equally, QA won't cover both
equally, users will be confused.
I agree. That's why I'm so concerned that firewalld needs to be ready for
all reasonable cases before we switch to it. Again, more on that in the
other thread.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm(a)fedoraproject.org>