Setting the default firewall configuration (was Re: Attention, dependency fighters)
Matthew Miller
mattdm at fedoraproject.org
Wed Nov 14 12:43:53 UTC 2012
On Wed, Nov 14, 2012 at 11:34:56AM +0100, Miloslav Trmač wrote:
> AFAIK the major things for our usual use cases are covered, at least
> going by the F17 criteria. Sure, there may be more things missing.
Adam asked to keep those other things to the other thread, so I'll just
touch on the dependency bloat issue here. I think there are other reasons it
is harmful to Fedora to go ahead before this is ready, though, which I'll
continue to address separately.
> Looking at hour original warning flag: Squeezing every last megabyte
> out of the running system for cloud is a really new thing that we
> haven't historically required. Sure, it would be great to make
> firewalld smaller (and rewriting firewalld to C is one of those things
> that have been promised a long time ago and never happened), but I
> don't really see that as a blocker.
Making it absolutely minimal isn't a blocker, but pulling X libraries into
the minimal install is. I think that will be resolved, reducing this
particular issue to being something for future improvement. If that can't be
resolved, then it alone should be sufficient cause to postpone the feature.
> We _cannot_ have two different firewalls equally supported, each with
> its own command line and API. Applications won't support both
> equally, documentation won't support both equally, QA won't cover both
> equally, users will be confused.
I agree. That's why I'm so concerned that firewalld needs to be ready for
all reasonable cases before we switch to it. Again, more on that in the
other thread.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the devel
mailing list