"Workstation" Product defaults to wide-open firewall

Bastien Nocera bnocera at redhat.com
Mon Dec 8 15:29:47 UTC 2014 

You're completely right, I won't follow security experts' ideas on UI, just as I won't follow a UX designers' ideas on security.

I was happy to act as the go between to fix a long-standing problem, only to be told 6 month later that they accepted the
change because we gave them a choice that was never even put on the table.

The only possible effect of that is that we won't ask "security experts" again. At least those ones.

----- Original Message -----
> 
> 
> Am 08.12.2014 um 15:45 schrieb Bastien Nocera:
> >>>> On 12/08/2014 12:51 PM, Bastien Nocera wrote:
> >>> <snip>
> >>>> This is wrong and you know about that - the firewalld folks have been
> >>>> urged to use this zone for the Workstation product - it was a
> >>>> Workstation team decision.
> >>>
> >>> What?! We discussed it, and it was deemed acceptable by you, and mitr.
> >>> We went back and forth on this, and you agreed that it was a good
> >>> cost/benefit decision.
> >>>
> >> We could choose between removing firewalld and accepting this zone ...
> >
> > Which you could have refused if you felt that it was an unacceptable
> > compromise.
> > Which you didn't do. Are you still going to argue that this wasn't
> > _vouched_ for
> > by you and the other firewall stakeholders?
> 
> Google translates "vouched" to "verbürgt"
> suck something is not guarantee for it
> 
> beeing forced to accept something or get the firewall completly dropped
> in the product is the opposite of a open discussion
> 
> to be honest the way you agrue in this thread "it's the applications
> fault if it listens to a port and not ours that we make the OS wide
> open" don't let you appear as somebody who is open for a security
> discussion killed always with "but then some things don't work magically
> and we want that for user expierience" so you hardly would follow
> advices from security experts no matter what they say
> 
> 
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

More information about the devel mailing list