"Workstation" Product defaults to wide-open firewall

Aleksandar Kurtakov akurtako at redhat.com
Mon Dec 8 12:02:59 UTC 2014 

----- Original Message -----
> From: "Reindl Harald" <h.reindl at thelounge.net>
> To: devel at lists.fedoraproject.org
> Sent: Monday, December 8, 2014 1:26:29 PM
> Subject: Re: "Workstation" Product defaults to wide-open firewall
> 
> 
> 
> Am 08.12.2014 um 12:22 schrieb Bastien Nocera:
> >> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
> >>>> Well, I'll understand these aspects.
> >>>>
> >>>> But when I think about Linux, especially about Fedora, I'm thinking
> >>>> about the freedom to make decisions. This means to me, to customize
> >>>> and take advantage of my computer and in this case my operating system.
> >>>
> >>> You're free to select another firewall zone
> >>
> >> so why do you not make secure defaults and say "You're free to select
> >> another (more unsecure) firewall zone"?
> >
> > 1) It is secure enough and Eclipse listening to a port by default is a bug
> > (and I have the firewall specialists at Red Hat/Fedora to back me up)
> > 2) Good defaults
> 
> again: the *purpose* of a Firewall is to protect from application bugs
> or unintentional user faults - frankly the early KDE4 setups in 2008 had
> a ton of 0.0.0.0 listenining high ports, that where indeed a bug and
> hence a firewall to protect the user against such bugs
> 
> it is not a bug that "ZendStudio" is listening on a high UDP port for
> license verification (only one instance in the same network via broadcasts)
> 
> it is intentional by the software

I'm not going to comment what is good, what is intentional and etc.
All I'm asking for is for precise wording aka when something is done by ZendStudion or any other Eclipse plugin is to name it unless it's something that Eclipse Platform/RCP does. 
As both Fedora and upstream Eclipse platform developer I really care about negative press we get because of such statements. "Eclipse listens on some port by default" translates into "Eclipse is insecure" and etc. is entirely not-true. We have a very strict privacy policy (http://www.eclipse.org/legal/privacy.php and http://wiki.eclipse.org/Policies/Uploading_and_Downloading_from_Eclipse_Software_Policy) so I sincerely ask people to not spread false statements like the one.

Alexander Kurtakov
Red Hat Eclipse team

> 
> but it is not intentional by the user have that open on the WAN or even
> by default in the LAN, it's intentional by the user to be protected
> 
> 
> 
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

More information about the devel mailing list