F21 System Wide Change: Workstation: Disable firewall

Reindl Harald h.reindl at thelounge.net
Tue Apr 15 14:08:28 UTC 2014


Am 15.04.2014 15:59, schrieb Michael Catanzaro:
> On Tue, 2014-04-15 at 14:35 +0200, Zbigniew Jędrzejewski-Szmek wrote:
>> What needs to be done to improve the firewall integration?
>>
>> Zbyszek
> 
> The rule in the Workstation technical spec is: "A firewall in its
> default configuration may not interfere with the normal operation of
> programs installed by default." [1] There's a discussion on the desktop
> list beginning at [2] that has some brainstorming and explanation as to
> why this would be hard.
> 
> [1]
> https://fedoraproject.org/wiki/Workstation/Technical_Specification#Firewall
> 
> [2]
> https://lists.fedoraproject.org/pipermail/desktop/2014-February/009142.html

that is all fine, but throw away security because it stands
in the way of comfort is a terrible step - security *always*
will affect usability - you can't have both perfect, never

but if you drop security for usability in 2014 after the last
3 years clearly showed that any application and library out
there was multiple vulerable in unexpected ways you will not
do a favour to your users and the possible damage to the
project if it comes to mass security flaws in "Fedora Workstation"
setups a few months after it's first release can never be repaired

if i say never then i mean never

having press articles with "this and that happened because they
dropped the firewall for more comfort" leaves a bad taste for
the future - and not only for the Workstation, also for other
products and the distribution because it is a hint for a general
attitude that security no longer counts - frankly that can even
damage other distributions "Linux goes the same way of unsecure
defaults"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140415/9bd6de06/attachment.sig>


More information about the devel mailing list