"Workstation" Product defaults to wide-open firewall

Ian Malone ibmalone at gmail.com
Mon Dec 8 12:11:40 UTC 2014

On 8 December 2014 at 12:02, Aleksandar Kurtakov <akurtako at redhat.com> wrote:
> ----- Original Message -----
>> From: "Reindl Harald" <h.reindl at thelounge.net>
>> To: devel at lists.fedoraproject.org
>> Sent: Monday, December 8, 2014 1:26:29 PM
>> Subject: Re: "Workstation" Product defaults to wide-open firewall
>> Am 08.12.2014 um 12:22 schrieb Bastien Nocera:
>> >> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
>> >>>> Well, I'll understand these aspects.
>> >>>>
>> >>>> But when I think about Linux, especially about Fedora, I'm thinking
>> >>>> about the freedom to make decisions. This means to me, to customize
>> >>>> and take advantage of my computer and in this case my operating system.
>> >>>
>> >>> You're free to select another firewall zone
>> >>

And free to move to another distro of course.

>> >> so why do you not make secure defaults and say "You're free to select
>> >> another (more unsecure) firewall zone"?
>> >
>> > 1) It is secure enough and Eclipse listening to a port by default is a bug
>> > (and I have the firewall specialists at Red Hat/Fedora to back me up)
>> > 2) Good defaults
>> again: the *purpose* of a Firewall is to protect from application bugs
>> or unintentional user faults - frankly the early KDE4 setups in 2008 had
>> a ton of listenining high ports, that where indeed a bug and
>> hence a firewall to protect the user against such bugs
>> it is not a bug that "ZendStudio" is listening on a high UDP port for
>> license verification (only one instance in the same network via broadcasts)
>> it is intentional by the software
> I'm not going to comment what is good, what is intentional and etc.
> All I'm asking for is for precise wording aka when something is done by ZendStudion or any other Eclipse plugin is to name it unless it's something that Eclipse Platform/RCP does.
> As both Fedora and upstream Eclipse platform developer I really care about negative press we get because of such statements. "Eclipse listens on some port by default" translates into "Eclipse is insecure" and etc. is entirely not-true. We have a very strict privacy policy (http://www.eclipse.org/legal/privacy.php and http://wiki.eclipse.org/Policies/Uploading_and_Downloading_from_Eclipse_Software_Policy) so I sincerely ask people to not spread false statements like the one.

Well, it's in your hands now, and every application developer's hands,
if RH is going to be turning the default firewall off.


More information about the devel mailing list