technical spec for the workstation up for review

[Christian Schaller]

Ended up discussing this issue with some people over lunch, so to clarify in the
trusted mode there is of course no reason why we couldn't simply not run the firewall
at all. Meaning that we start/stop the firewall depending on when you connect to a network
you have marked as not trusted. Should solve Lennarts concern about the firewall taking time
during boot also.

Christian



----- Original Message -----
> From: "Christian Schaller" <cschalle at redhat.com>
> To: "Discussions about development for the Fedora desktop" <desktop at lists.fedoraproject.org>
> Sent: Friday, February 21, 2014 10:49:20 AM
> Subject: Re: technical spec for the workstation up for review
> 
> 
> 
> 
> 
> ----- Original Message -----
> > From: "Bastien Nocera" <bnocera at redhat.com>
> > To: "Discussions about development for the Fedora desktop"
> > <desktop at lists.fedoraproject.org>
> > Sent: Friday, February 21, 2014 10:25:44 AM
> > Subject: Re: technical spec for the workstation up for review
> > 
> > 
> > 
> > ----- Original Message -----
> > > Hi,
> > <snip>
> > > In both cases we would ideally like the application developers to take
> > > some
> > > action in terms of how they deal with the situation.
> > 
> > There wasn't any usable APIs for applications when I first replied to this
> > thread, and there still isn't any.
> > 
> > Man "firewalld.dbus" will show you what app developers are supposed to work
> > with.
> 
> Well since the whole context of the discussion was that we can not expect
> developers to
> specifically code for firewall.d, I did not of course propose the do this
> using
> the firewall.d API. Transmission for instance includes functionality for
> testing if
> the port it wants to use is available (and I assume it is not doing that
> using the
> firewall.d API).
> 
> Of course I don't know if what Transmission does is done using 'non usable'
> APIs
> according to your definition.
> 
> 
> > > That said to me the request we would make of them in the firewall
> > > scenario
> > > seems easier to do generically than the option we would
> > > like them to take in the second option, and also less of a risk when some
> > > of
> > > the app devs will not do what we hope they
> > > will.
> > 
> > Certainly, because users will simply disable the firewall and be done with
> > it.
> > That's certainly what I do.
> 
> Well I guess you find a lot more value in sharing your photos over DLNA in
> the local
> internet cafe than most of us then :). Personally if my DLNA sharing silently
> failed
> due to me having chosen the internet cafe to be an untrusted area I would
> likely never
> realize as it is not a usecase I have ever cared about.
> 
> Christian
> 
> --
> desktop mailing list
> desktop at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/desktop