"Workstation" Product defaults to wide-open firewall
Ian Malone
ibmalone at gmail.com
Mon Dec 8 12:11:40 UTC 2014
On 8 December 2014 at 12:02, Aleksandar Kurtakov <akurtako at redhat.com> wrote:
> ----- Original Message -----
>> From: "Reindl Harald" <h.reindl at thelounge.net>
>> To: devel at lists.fedoraproject.org
>> Sent: Monday, December 8, 2014 1:26:29 PM
>> Subject: Re: "Workstation" Product defaults to wide-open firewall
>>
>>
>>
>> Am 08.12.2014 um 12:22 schrieb Bastien Nocera:
>> >> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
>> >>>> Well, I'll understand these aspects.
>> >>>>
>> >>>> But when I think about Linux, especially about Fedora, I'm thinking
>> >>>> about the freedom to make decisions. This means to me, to customize
>> >>>> and take advantage of my computer and in this case my operating system.
>> >>>
>> >>> You're free to select another firewall zone
>> >>
And free to move to another distro of course.
>> >> so why do you not make secure defaults and say "You're free to select
>> >> another (more unsecure) firewall zone"?
>> >
>> > 1) It is secure enough and Eclipse listening to a port by default is a bug
>> > (and I have the firewall specialists at Red Hat/Fedora to back me up)
>> > 2) Good defaults
>>
>> again: the *purpose* of a Firewall is to protect from application bugs
>> or unintentional user faults - frankly the early KDE4 setups in 2008 had
>> a ton of 0.0.0.0 listenining high ports, that where indeed a bug and
>> hence a firewall to protect the user against such bugs
>>
>> it is not a bug that "ZendStudio" is listening on a high UDP port for
>> license verification (only one instance in the same network via broadcasts)
>>
>> it is intentional by the software
>
> I'm not going to comment what is good, what is intentional and etc.
> All I'm asking for is for precise wording aka when something is done by ZendStudion or any other Eclipse plugin is to name it unless it's something that Eclipse Platform/RCP does.
> As both Fedora and upstream Eclipse platform developer I really care about negative press we get because of such statements. "Eclipse listens on some port by default" translates into "Eclipse is insecure" and etc. is entirely not-true. We have a very strict privacy policy (http://www.eclipse.org/legal/privacy.php and http://wiki.eclipse.org/Policies/Uploading_and_Downloading_from_Eclipse_Software_Policy) so I sincerely ask people to not spread false statements like the one.
>
Well, it's in your hands now, and every application developer's hands,
if RH is going to be turning the default firewall off.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the devel
mailing list