"Workstation" Product defaults to wide-open firewall

Alec Leamas leamas.alec at gmail.com
Mon Dec 8 22:54:30 UTC 2014

On 08/12/14 16:33, Matthew Miller wrote:
> On Mon, Dec 08, 2014 at 02:31:58PM +0000, Ian Malone wrote:
>> There are three products: workstation, server, cloud. Workstation is
>> the one for desktop use. That leaves server to aim for the traditional
>> fedora user base, since cloud is (understandably) a very different
>> thing. So if you want a desktop system with a security focus where do
>> you look now?
> So, it's important to understand — here on the devel list, certainly —
> that these three are part of a marketing strategy, and in order for
> such a thing to be effective and not just fluffy talk, it does involve
> technical changes to match the plan.

I have no problems with this. However, besides the technical/marketing 
trade-offs, here is also a process issue. Obviously, a lot of people 
were surprised by Kevin's finding that the workstation firewall was 
default open for ports > 1024.

Tracking this issue back we find [1] where the workstation group  tried 
to just disable the firewall. This started some threads. FESCO rejected 
the change request.

For me, this issue then disappeared from my radar. It seems that after 
FESCO turned down the wide-open system option the discussion was in the 
workstation list, where they ended up opening all user ports (?) and 
implemented this.

When a lot of people are surprised, isn't that a sign of a process 
problem? Should we try to avoid surprises like this?. If so, how?

(I'm not trying to be argumentative or to blame anyone; if my pidgin 
English gives that impression please ignore it).



[1] https://fedorahosted.org/fesco/ticket/1301

More information about the devel mailing list