On Tuesday, August 27, 2019 4:58:15 PM MST Chris Murphy wrote:
On Tue, Aug 27, 2019 at 5:02 PM Adam Williamson
<adamwill(a)fedoraproject.org> wrote:
>
>
> However, Fedora Workstation is an edition. Which means it has a
> *policy-defined* target audience. That target audience is defined here:
>
https://fedoraproject.org/wiki/Workstation/Workstation_PRD#Target_Audience
>
>
>
>
> Case 1: "Engineering/CS student"
> Case 2: "Independent Developer"
> Case 3: "Small Company Developer"
> Case 4: "Developer in a Large Organization"
>
>
>
> Are those people we believe do not understand the concepts associated
> with firewalls?
This is exactly what I was alluding to upthread with "developers are a
large target audience, in particular for Workstation"
They're clearly safer with FedoraWorkstation zone (default) enabled
than with the firewall disabled. I can't estimate how much safer.
I definitely do not want to pester developers, or make their day to
day life difficult. If there's no satisfactory GUI right now to manage
it, it's difficult to even experiment with different policies. The
original firewalld proposal considered the graphical tool the main way
of interacting with the firewall, and it was the cli tool that came
later, yet as far as I recall, Workstation never shipped with this GUI
tool.
--
Chris Murphy
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines List
Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
The default zone essentially disables the firewall, without disabling it. It
doesn't provide any real security.
I don't want to pester devs either, which is something fixing this would have
little effect on.
https://xkcd.com/1172/
There IS a satisfactory GUI to manage the firewall. If I recall correctly,
it's literally called "firewall-gui".
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/