"Workstation" Product defaults to wide-open firewall
Thomas Woerner
twoerner at redhat.com
Mon Dec 8 14:06:57 UTC 2014
On 12/08/2014 12:51 PM, Bastien Nocera wrote:
>
>
> ----- Original Message -----
>>
>>
>> Am 08.12.2014 um 12:34 schrieb Bastien Nocera:
>>>>>> Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
>>>>>>>> Well, I'll understand these aspects.
>>>>>>>>
>>>>>>>> But when I think about Linux, especially about Fedora, I'm thinking
>>>>>>>> about the freedom to make decisions. This means to me, to customize
>>>>>>>> and take advantage of my computer and in this case my operating
>>>>>>>> system.
>>>>>>>
>>>>>>> You're free to select another firewall zone
>>>>>>
>>>>>> so why do you not make secure defaults and say "You're free to select
>>>>>> another (more unsecure) firewall zone"?
>>>>>
>>>>> 1) It is secure enough and Eclipse listening to a port by default is a
>>>>> bug
>>>>> (and I have the firewall specialists at Red Hat/Fedora to back me up)
>>>>
>>>> I have Eclipse open and it's not listening to a port AFAIKT. I wonder what
>>>> obscure plugin is installed in Eclipse to make this happen.
>>>
>>> Thanks for following up Aleksandar. Hopefully Reindl will let us know about
>>> that
>>> so the bug can be fixed.
>>
>> * first: it is not a Fedora package
>> * second: it does not matter
>>
>> fixing applications to work around harmful firewall settings is the
>> wrong direction - the *purpose* of a firewall is to *protect* against
>> such things and i really don't get why this needs to be explained
>> multiple times
>
> Security is about compromises. The net result of the old firewall settings
> was people disabling the firewall.
> The new firewall settings were vouched for
> by the firewalld folks, and provide good defaults for most users.
>
This is wrong and you know about that - the firewalld folks have been
urged to use this zone for the Workstation product - it was a
Workstation team decision.
>> that's the same as drive a car on the street, facing another driver
>> ignoring his red light and instead try to stop your car just say "he is
>> wrong and i am allowed to drive"
>>
>> a sensible reaction would be stop, call the others names and live
>> the ignorant reaction would be get killed but be right at it
>
> I can't parse that, sorry. Looks like a strawman.
>
More information about the devel
mailing list