On Tuesday, August 27, 2019 5:07:39 AM MST mcatanzaro(a)gnome.org wrote:
On Tue, Aug 27, 2019 at 4:22 AM, John Harris
<johnmh(a)splentity.com>
wrote:
> No, that is not how this works, at all. First, let's go ahead and
> address the
> idea that "if the firewall blocks it, the app breaks, so it's the
> firewall's
> fault": It's not. If the firewall has not been opened, that just
> means it
> can't be accessed by remote systems until you EXPLICITLY open that
> port, with
> the correct protocol, on your firewall. That's FINE. That's how it's
> designed
> to work. There's nothing wrong with that.
>
> This means that the system administrator (or owner, if this is some
> individual's personal system) must allow the port to be accessed
> remotely,
> before the app can be reached remotely, increasing the security of
> the system.
You've already lost me here. Sorry, but we do not and will not install
a firewall GUI that exposes complex technical details like port
numbers. Expecting users to edit firewall rules to use their apps is
ridiculous and I'm not really interested in debating it.
If the user is capable of editing firewall rules and wants to do so,
that user can surely also change the policy to not open all these
ports. Yes?
That port numbers are now "technical details" is fairly concerning, and I
can't imagine why you think users shouldn't be able to configure their
firewall. You realize we have a GTK firewall configuration program?
Right now, the average user isn't even aware that they, essentially, don't
have a running firewall. Most users are assuming we're shipping Fedora with
secure defaults.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/