On Mon, Dec 6, 2010 at 16:25, Jesse Keating <jkeating(a)redhat.com> wrote:
On 12/06/2010 12:18 PM, Tom Lane wrote:
> Jesse Keating <jkeating(a)redhat.com> writes:
>> The argument of default firewall or not would probably quiet down quite
>> a bit if we had any sort of decent UI to help users get the firewall out
>> of their way when they're really trying to do something.
>
> +1. In today's environment, not having a firewall by default is an
> incredibly stupid idea. What we need to do is fix the UI problems,
> not bypass them by dramatically reducing security.
>
> regards, tom lane
I keep seeing claims of "incredibly stupid", and at the same time saying
we need to make it easier to open up ports when they need them. What is
the default firewall protecting me from, if I'm allowed and hand held
through opening up ports on demand?
Ports that you don't know are open to the network but are somehow available.
Let us put this conversation slightly different... how many of us
remember password-less package install? It all sounded like a good
idea with people who are going to be on the system already being able
to do what they want so why ask for a password. However how did it get
seen in the end? Fedora comes RootKit enabled and other fluff.
I am trying to think how this one will play out:
"Ten years ago, Linux distros were cutting edge by coming with a
firewall enabled. Now Fedora is going to cut the edge in a new way...
no firewall wanted."
Yes there are a lot of good ideas and reasons.. I think that first
though a tool to deal with firewalls and THEN we can talk about what
firewalls need to be removed.
[And no I am not trying for 2 weeks of LWN quotes as tempting it will
be. (alright alright I am .. it is just so addicting)]
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren