F21 System Wide Change: Workstation: Disable firewall

Miloslav Trmač mitr at volny.cz
Thu Apr 17 21:44:32 UTC 2014


Hello,
2014-04-15 11:01 GMT+02:00 Jaroslav Reznik <jreznik at redhat.com>:

> = Proposed System Wide Change: Workstation: Disable firewall =
> https://fedoraproject.org/wiki/Changes/Workstation_Disable_Firewall
>
> == Detailed Description ==
> The current level of integration into the desktop and applications does not
> justify enabling the firewalld service by default.


This line of argument doesn't make any sense to me.  Enabling a firewall is
justified by *needing a firewall*, not any kind, or level, of integration
into other software.


Therefore,
> we will disable the firewall service while we are working on a more user-
> friendly way to deal with network-related privacy issues.
>

(combined with...)

== Benefit to Fedora ==
> The Workstation will boot faster, and the firewall will not interfere with
> sharing protocols such as DAAP, UPnP and others.
>

So this actually means "we will disable the firewall, *explicitly intending
to allow exposing user's data over DAAP and the like*", *now*, and "be
working on... the privacy issues" [not as a part of this Change], i.e.
*later*?

I do hope I'm misunderstanding the proposal, because this reads like a *highly
irresponsible* and *completely unacceptable* transition plan.  If the users
needs to share data and have control over whether/how it is shared, we
just can't take away that control now, and promise to return it sometime
later[1].

(I could actually see a good case for not having a restrictive firewall on
the Workstation by default, assuming some conditions were met; but if
the *explicit
intent* is to give up on users' control over their data like that, there's
really no point in discussing the detailed requirements because the
underlying intent is unacceptable and needs to be revisited.)
    Mirek

[1] Actually, we can't even credibly promise to return it later—if we
haven't had time or interest to develop the better controls now, why should
the users trust us that we'll develop them later when without the firewall
"things work correctly for the intended use case" and the work on better
firewall integration is now even less urgent?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140417/86efb774/attachment.html>


More information about the devel mailing list