technical spec for the workstation up for review

Christian Schaller cschalle at redhat.com
Fri Feb 21 09:05:55 UTC 2014 

Hi,
Well failing silently isn't helpful, but probably better than the alternative here.
Let me outline two scenarios (no firewall at all vs firewall feature as I suggested) as I see them.

Using your laptop at home (trusted network):
More or less identical behavior between the two options.

Using laptop at conference/internet cafe:
No firewall:
All your services and applications will just work

Downside:
Your private media and files might end up being made available to anyone on the network.
Bigger attack surface

What we would want applications to do:
Have the services listening on the network be stopped. 

With firewall as described:
If you choose the network to be trusted, all your services and applications will just work
If you choose the network to be not trusted, your services and applications will silently fail

Downside
If you choose the network to be trusted, same as the non-firewall scenario
If you choose the network to be not trusted, your services and applications will silently fail

What we would want applications to do:
Check if they can actually function and notify user if not

--------------
So to me it seems like we have a trade off between helping protect users privacy and security versus people might having
trouble correlating their choice of non-trusted network with DLNA sharing not working on the conference network. (Of course the
conference network might also be causing the problem depending on its configuration.) 

In both cases we would ideally like the application developers to take some action in terms of how they deal with the situation.
That said to me the request we would make of them in the firewall scenario seems easier to do generically than the option we would
like them to take in the second option, and also less of a risk when some of the app devs will not do what we hope they 
will.

Christian

----- Original Message -----
> From: "Matthew Garrett" <mjg59 at srcf.ucam.org>
> To: desktop at lists.fedoraproject.org
> Sent: Thursday, February 20, 2014 4:24:29 PM
> Subject: Re: technical spec for the workstation up for review
> 
> On Thu, Feb 20, 2014 at 10:21:50AM -0500, Christian Schaller wrote:
> > As I pointed out in the email you are responding to, there is no
> > application support requirement here.
> 
> Yes, there is. Applications need to be able to inform the user as to
> whether or not they're going to work in the current network environment,
> and they need to be able to tell the user what to do about that. Failing
> silently is unhelpful.
> 
> --
> Matthew Garrett | mjg59 at srcf.ucam.org
> --
> desktop mailing list
> desktop at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/desktop

More information about the desktop mailing list