an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Reindl Harald h.reindl at thelounge.net
Mon Apr 28 17:33:50 UTC 2014


Am 28.04.2014 19:27, schrieb Miloslav Trma─Ź:
> 2014-04-28 19:13 GMT+02:00 Reindl Harald:
>     > Well if the users' expectations were that the firewall doesn't "interfere" with Fedora applications, why
>     would they
>     > expect it to "interfere" with non-Fedora applications?
> 
>     do i really need to explain that?
> 
>     you can make signed fedora packages trusted and allow them
>     at install or first start to interact with firewalld
> 
> I can't; ptrace() doesn't make such a distinction.

than that needs to be improved or the current status no open ports at
all without user confirmation unchanged

>     > And doesn't every malware know to make an _outgoing_ connection to an IRC server nowadays?
>     > Stopping malware by blocking incoming connections is fairly illusory IMHO
> 
>     i find it pervert that such basics need to be discussed
> 
>     * you can't reach 100% security, never, in no way
> 
> Still, the combined measures need to mitigate at least, say, 75% of cases, 
> otherwise we're not really having enough impact

in a perfect world yes, even more than 75%

in reality: only *the one an donly* case which affects me untila update is released
we need the > 75% because we don't know what is needed when

but even if we reach only 25% it's better than 0% by giving up and drop the firewall

it makes me really sad that anybody ever can come to an idea disable the
firewall as default because it makes things harder and that it needs
discussions after 1st of April - are such people payed by the NSA and
sent out to destory sceurity everywhere?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140428/5b48380f/attachment-0001.sig>


More information about the devel mailing list