Removing firewall-config from the default install of Fedora Workstation

Christoph Wickert christoph.wickert at gmail.com
Fri Aug 29 15:30:33 UTC 2014 

Sorry,

I thought this had been sent out already last week, but it was still in
my drafts folder. When I just sent it, I sent it too fast, one paragraph
was not finished.

Am Freitag, den 29.08.2014, 17:18 +0200 schrieb Christoph Wickert:
> Am Donnerstag, den 21.08.2014, 15:56 -0400 schrieb Owen Taylor:
> > 
> 
> > But if we need firewall-config for the first objective - if a large
> > fraction of users will need to use it, then the right response to the
> > complexity is to try and make it friendly for non-firewall-experts,
> > rather than removing it from the default install.
> 
> I partly agree. While I agree it's better to improve than to remove
> something, I believe that some things cannot and should be simplified.
> Security is a complex issue and if we just simplify it, people will stop
> thinking about it and be 

less secure. So this is counterproductive.

> I recently had a very similar discussion on a cryptoparty. A teacher
> argued that people will never use encryption because GPG is too complex.
> The guy from our LUG responded that the 

that security is complex and you have to think about it. If you just
make it a click-through wizard, nobody will pay attention.

As the discussion continued, the teacher wanted to install Linux in
VirtualBox, so he downloaded both. While the Linux ISO was still
downloading, he was already installing VirtualBox. During the
installation, the installer asks if it can interrupt the network
connection to install a virtual network device. The teacher did not pay
any attention to that question but simply clicked "OK". The next thing
he did was to complain about his broken download. The guy from the LUG
was like "See, this is what happens if you don't read but
click-through."

Long story short: Firewalling is complex and so is firewall-config's UI.
Could it be more polished? Certainly!
Could it be simplified? Probably.
But we must not simplify it to a level of Ubuntu's firwall config that
basically just say "On" and "of" because that will make it unusable. 

We should improve the current UI instead of removing the app altogether.

Best regards,
Christoph

More information about the desktop mailing list