Removing firewall-config from the default install of Fedora Workstation

Michael Catanzaro mcatanzaro at gnome.org
Fri Aug 29 18:14:29 UTC 2014 

On Fri, 2014-08-29 at 17:30 +0200, Christoph Wickert wrote:
> > I partly agree. While I agree it's better to improve than to remove
> > something, I believe that some things cannot and should be
> simplified.
> > Security is a complex issue and if we just simplify it, people will
> stop
> > thinking about it and be 
> 
> less secure. So this is counterproductive.

Hm, that's interesting. This is actually the complete opposite of how we
think about security in GNOME. Our approach is that if a security
features requires configuration or technical knowledge, then the user is
not going to use it properly, so we should simplify as much as possible.

For example, today someone objected to the removal of firewall-config on
Google+. His argument was basically this: "how else will I be able to
turn off the firewall?" I read that as: "I need to turn off my firewall
because it is too complicated for me, and I won't be able to do
something otherwise." Now he's less secure. (That's not an argument in
favor of removing firewall-config, but one in favor of the new
permissive Workstation firewall configuration.)

> > I recently had a very similar discussion on a cryptoparty. A teacher
> > argued that people will never use encryption because GPG is too
> complex.
> > The guy from our LUG responded that the 
> 
> that security is complex and you have to think about it. If you just
> make it a click-through wizard, nobody will pay attention.

GPG is a good example of how not do design a security feature. It was
never successful because it requires complex technical knowledge and
configuration. If email encryption is going to be widely-used, it will
need to be dead simple to set up.

Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/desktop/attachments/20140829/8f3853ab/attachment.sig>

More information about the desktop mailing list