"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Mon Dec 8 15:13:55 UTC 2014



Am 08.12.2014 um 15:45 schrieb Bastien Nocera:
>>>> On 12/08/2014 12:51 PM, Bastien Nocera wrote:
>>> <snip>
>>>> This is wrong and you know about that - the firewalld folks have been
>>>> urged to use this zone for the Workstation product - it was a
>>>> Workstation team decision.
>>>
>>> What?! We discussed it, and it was deemed acceptable by you, and mitr.
>>> We went back and forth on this, and you agreed that it was a good
>>> cost/benefit decision.
>>>
>> We could choose between removing firewalld and accepting this zone ...
>
> Which you could have refused if you felt that it was an unacceptable compromise.
> Which you didn't do. Are you still going to argue that this wasn't _vouched_ for
> by you and the other firewall stakeholders?

Google translates "vouched" to "verbĆ¼rgt"
suck something is not guarantee for it

beeing forced to accept something or get the firewall completly dropped 
in the product is the opposite of a open discussion

to be honest the way you agrue in this thread "it's the applications 
fault if it listens to a port and not ours that we make the OS wide 
open" don't let you appear as somebody who is open for a security 
discussion killed always with "but then some things don't work magically 
and we want that for user expierience" so you hardly would follow 
advices from security experts no matter what they say

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/b0102c9b/attachment.sig>


More information about the devel mailing list