Removing firewall-config from the default install of Fedora Workstation

Sat Aug 23 09:03:03 UTC 2014

Just to avoid people talking past each other here. As I understand Elads 
proposal it is not to drop the config tool from the Fedora repository. 
It is just to not have it installed by default. So it will still be available for
devs who need it even if we drop it from being installed on every system 
by default.

Regardless of if we keep it by default or not we should make sure the tool has a proper appdata file etc., 
so that it becomes easily discovable/managable in the Software installer.

Christian

----- Original Message -----
> From: "Thomas Woerner" <twoerner at redhat.com>
> To: "Firewalld development list" <firewalld-devel at lists.fedorahosted.org>, "Discussions about development for the
> Fedora desktop" <desktop at lists.fedoraproject.org>
> Sent: Friday, August 22, 2014 1:50:29 PM
> Subject: Re: Removing firewall-config from the default install of Fedora	Workstation
> 
> Hello,
> 
> On 08/21/2014 09:03 PM, Elad Alfassa wrote:
> > Hello.
> >
> > I propose we remove firewall-config (the graphical firewall
> > configuration utility) from the default install of Fedora Workstation.
> > Rationale:
> >
> > * The default Workstation zone file allows incoming connection to
> > non-root ports. This means most of the common usecases will "just work"
> > out of the box. Thus, most users will not need to touch their Firewall
> > settings.
> >
> 
> thank you for reaching out here on the firewall-devel mailing list. I
> really appreciate that you keep us in the loop regarding this request
> for Fedora Workstation.
> 
> I am a bit surprised by this request, because from what I recall about
> Fedora Workstation, the idea was to focus on server and client
> application developers as a target audience, right?
> 
> At least according to http://fedoraproject.org/wiki/Workstation:
> 
> "The system will primarily be aimed at providing a platform for
> development of server side and client applications that is attractive to
> a range of developers - from hobbyists and students to developers
> working in corporate environments."
> 
> So that means that server application developers without the firewall
> configuration tool would have to either use the command line or even
> completely disable the firewall in order to develop networked services
> that use privileged ports, right?
> 
> And that would in my humble opinion be a really bad user experience for
> server application developers trying to use Fedora Workstation.
> 
> > * People who do need it will be able to install it from GNOME Software
> > quite easily. Just search for "Firewall". There will be no confusion as
> > this is the only firewall configuration tool shown in GNOME Software.
> >
> 
> Searching for a firewall configuration tool and the need to install it
> over the network would not be a good user experience in my opinion.
> Additionally it would not be possible for the user to configure the
> firewall with a graphical configuration tool according to the security
> requirements of the environment before going on line.
> 
> > * In general, we should avoid having app launchers for things that are
> > configuration utilities in the default install.
> >
> To have a system without being able to configure it before actively
> searching for configuration tools is hopefully not the goal.
> 
> > Unless there's major objection to this change in the following few days,
> > I'll remove it from the gnome-desktop group in comps.
> >
> 
> I would personally strongly recommend to keep the firewall configuration
> utility in Fedora Workstation to allow server application developers and
> also others to have an easy way to configure their firewall settings
> according to their needs.
> 
> Would you mind if we continue this discussion on fedora-devel as I
> strongly believe that the broader community should give more input to
> this decision.
> 
> > Thanks,
> > --
> > -Elad Alfassa.
> >
> >
> > _______________________________________________
> > firewalld-devel mailing list
> > firewalld-devel at lists.fedorahosted.org
> > https://lists.fedorahosted.org/mailman/listinfo/firewalld-devel
> >
> 
> Regards,
> Thomas
> --
> desktop mailing list
> desktop at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/desktop