On Tuesday, August 27, 2019 12:32:26 AM MST mcatanzaro(a)gnome.org wrote:
On Tue, Aug 27, 2019 at 5:59 AM, Christopher
<ctubbsii(a)fedoraproject.org> wrote:
> The current status is that the Workstation WG never came up with a
> solution in 5 years, and new people are finding this default
> configuration and getting upset about the failure of Fedora
> Workstation to meet basic security expectations.
>
> Since Workstation WG has not come up with any better solution over the
> course of 10 Fedora releases / 5 years, and the default insecure
> status persists, I think it's reasonable to conclude that FESCo's
> trust in the Workstation WG's ability to come up with a satisfactory
> solution was misplaced. I would strongly urge the current FESCo
> require Worksation to adopt the same secure default configuration as
> Server, until such a time as Workstation WG comes up with a solution
> for Workstation that can *honestly* clear the change proposal process.
To be clear, we have never had any plans to work on this.
If there is a separate team of firewall developers that would be
interested in writing a new style of firewall, then I'm sure the WG
would be happy to reopen discussion of the issue, including a
discussion of requirements, etc. But I highly doubt anybody will be
interested in this effort to reenable a stricter firewalld
configuration. This doesn't seem like a serious effort to think about
how a firewall could be useful, it just seems like an effort to break
software.
Please consider the security aspect of this. This is a critical vulnerability.
Please, don't make us look like the Linux Mint folks. If Workstation is to be
a viable product, especially if it's going to be advertised prominently, as
the primary download for Fedora, this needs to be fixed.
Just imagine if this were done on RHEL!
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/