technical spec for the workstation up for review

Christian Schaller cschalle at redhat.com
Thu Feb 20 09:29:17 UTC 2014





----- Original Message -----
> From: "Lennart Poettering" <mzerqung at 0pointer.de>
> To: "Discussions about development for the Fedora desktop" <desktop at lists.fedoraproject.org>
> Sent: Wednesday, February 19, 2014 6:57:57 PM
> Subject: Re: technical spec for the workstation up for review
> 
> On Wed, 19.02.14 12:40, Bastien Nocera (bnocera at redhat.com) wrote:
> 
> > 
> > 
> > ----- Original Message -----
> > > Hi,
> > > I ended up calling the firewalld maintainer to understand the state of
> > > things
> > > and there is this concept in firewalld called zones that we should be
> > > able to
> > > use to create a better user experience, yet at the same time keep the
> > > firewall
> > > working when people connect with their laptop at an internet cafe for
> > > instance.
> > 
> > Right. But firewalld can't a Fedora-only solution, otherwise no application
> > developer
> > will want to integrate with it.
> > 
> > We'd also need designs based around that, and see if firewalld is indeed
> > the right
> > technical solution.
> > 
> > Right now, we don't even know whether a firewall is required, or it's just
> > a
> > work-around for applications that aren't integrated.
> 
> I fully agree with Bastien here. I don't think a firewall brings any
> benefit on th desktop, and particularly not in the implementation of
> firewalld. There are better ways to make sure the local system is not
> vulnerable, and in its current state firewalld just creates problems and
> slows down the boot immensly (it's the number 1 slowest component on
> Fedora, right now.)
> 
> Lennart
> 
Well they are re-implementing firewalld in C++ now, so hopefully the
new implementation will be less slow on boot.

Christian





More information about the desktop mailing list