Am Mon, 08 Dec 2014 23:31:42 +0000
schrieb devel-request(a)lists.fedoraproject.org:
Message: 7
Date: Mon, 08 Dec 2014 23:54:30 +0100
From: Alec Leamas <leamas.alec(a)gmail.com>
To: Development discussions related to Fedora
<devel(a)lists.fedoraproject.org>
Subject: Re: "Workstation" Product defaults to wide-open firewall
Message-ID: <54862C26.9020009(a)gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
On 08/12/14 16:33, Matthew Miller wrote:
> On Mon, Dec 08, 2014 at 02:31:58PM +0000, Ian Malone wrote:
>> There are three products: workstation, server, cloud. Workstation is
>> the one for desktop use. That leaves server to aim for the traditional
>> fedora user base, since cloud is (understandably) a very different
>> thing. So if you want a desktop system with a security focus where do
>> you look now?
>
> So, it's important to understand — here on the devel list, certainly —
> that these three are part of a marketing strategy, and in order for
> such a thing to be effective and not just fluffy talk, it does involve
> technical changes to match the plan.
I have no problems with this. However, besides the technical/marketing
trade-offs, here is also a process issue. Obviously, a lot of people
were surprised by Kevin's finding that the workstation firewall was
default open for ports > 1024.
Tracking this issue back we find [1] where the workstation group tried
to just disable the firewall. This started some threads. FESCO rejected
the change request.
For me, this issue then disappeared from my radar. It seems that after
FESCO turned down the wide-open system option the discussion was in the
workstation list, where they ended up opening all user ports (?) and
implemented this.
When a lot of people are surprised, isn't that a sign of a process
problem? Should we try to avoid surprises like this?. If so, how?
(I'm not trying to be argumentative or to blame anyone; if my pidgin
English gives that impression please ignore it).
Cheers!
--alec
Is it possisible that the real reason for this decision from gnome was to fix a long
outstanding bug in gnome-user-share?
see
https://bugzilla.redhat.com/show_bug.cgi?id=179187#c26
https://bugzilla.gnome.org/show_bug.cgi?id=336201#c6
realy amazing how gnome fix that bug ;)
Wolfgang