"Workstation" Product defaults to wide-open firewall
Reindl Harald
h.reindl at thelounge.net
Mon Dec 8 11:26:29 UTC 2014
Am 08.12.2014 um 12:22 schrieb Bastien Nocera:
>> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
>>>> Well, I'll understand these aspects.
>>>>
>>>> But when I think about Linux, especially about Fedora, I'm thinking
>>>> about the freedom to make decisions. This means to me, to customize
>>>> and take advantage of my computer and in this case my operating system.
>>>
>>> You're free to select another firewall zone
>>
>> so why do you not make secure defaults and say "You're free to select
>> another (more unsecure) firewall zone"?
>
> 1) It is secure enough and Eclipse listening to a port by default is a bug
> (and I have the firewall specialists at Red Hat/Fedora to back me up)
> 2) Good defaults
again: the *purpose* of a Firewall is to protect from application bugs
or unintentional user faults - frankly the early KDE4 setups in 2008 had
a ton of 0.0.0.0 listenining high ports, that where indeed a bug and
hence a firewall to protect the user against such bugs
it is not a bug that "ZendStudio" is listening on a high UDP port for
license verification (only one instance in the same network via broadcasts)
it is intentional by the software
but it is not intentional by the user have that open on the WAN or even
by default in the LAN, it's intentional by the user to be protected
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/f3e55eba/attachment.sig>
More information about the devel
mailing list