On 8/27/2019 4:01 PM, Adam Williamson wrote:
On Tue, 2019-08-27 at 15:06 +0200, Jiri Eischmann wrote:
> mcatanzaro(a)gnome.org píše v Út 27. 08. 2019 v 15:07 +0300:
>> On Tue, Aug 27, 2019 at 4:22 AM, John Harris <johnmh(a)splentity.com>
>> wrote:
>>> No, that is not how this works, at all. First, let's go ahead and
>>> address the
>>> idea that "if the firewall blocks it, the app breaks, so it's the
>>> firewall's
>>> fault": It's not. If the firewall has not been opened, that just
>>> means it
>>> can't be accessed by remote systems until you EXPLICITLY open that
>>> port, with
>>> the correct protocol, on your firewall. That's FINE. That's how
>>> it's designed
>>> to work. There's nothing wrong with that.
>>>
>>> This means that the system administrator (or owner, if this is
>>> some
>>> individual's personal system) must allow the port to be accessed
>>> remotely,
>>> before the app can be reached remotely, increasing the security of
>>> the system.
>> You've already lost me here. Sorry, but we do not and will not
>> install a firewall GUI that exposes complex technical details like
>> port numbers. Expecting users to edit firewall rules to use their
>> apps is ridiculous and I'm not really interested in debating it.
> Yeah, when you ask users questions they're not qualified to answer,
> you're just creating bad design.
> I always imagine my mom (who BTW has been a Fedora user for years) how
> she'd deal with that and I can't really imagine her opening/closing
> firewall ports. She'd be puzzled even by "Do you trust this network?"
> and would probably just click "Yes" to make it go away. No additional
> security, just annoying UX.
However, Fedora Workstation is an edition. Which means it has a
*policy-defined* target audience. That target audience is defined here:
https://fedoraproject.org/wiki/Workstation/Workstation_PRD#Target_Audience
Case 1: "Engineering/CS student"
Case 2: "Independent Developer"
Case 3: "Small Company Developer"
Case 4: "Developer in a Large Organization"
Are those people we believe do not understand the concepts associated
with firewalls?
The term "Workstation" itself has a long pedigree and is laden with a
variety of connotations. The failure here may be that that term has been
conflated with "Desktop". Your mother surfing Facebook may benefit from
a "Linux Desktop" (maybe.), but she's probably not the target for a
"Linux Workstation" unless
https://xkcd.com/327/ is likely to happen.
"Fedora as a Distro" could do a better job of articulating this
distinction. Perhaps a user vs. poweruser split is viable at
install/config time, or perhaps Desktop and Workstation would warrant
separate Editions.
"Fedora as a Project", OTOH, seems to be reaching a point where so many
downstream users have varying needs (and I'm including Editions, Atomic,
Container folks, EPEL as a side project, and RHEL/CentOS/SL here) that a
fundamental project re-architecture is getting to be warranted.
-jc