"Workstation" Product defaults to wide-open firewall
Alec Leamas
leamas.alec at gmail.com
Mon Dec 8 22:54:30 UTC 2014
On 08/12/14 16:33, Matthew Miller wrote:
> On Mon, Dec 08, 2014 at 02:31:58PM +0000, Ian Malone wrote:
>> There are three products: workstation, server, cloud. Workstation is
>> the one for desktop use. That leaves server to aim for the traditional
>> fedora user base, since cloud is (understandably) a very different
>> thing. So if you want a desktop system with a security focus where do
>> you look now?
>
> So, it's important to understand — here on the devel list, certainly —
> that these three are part of a marketing strategy, and in order for
> such a thing to be effective and not just fluffy talk, it does involve
> technical changes to match the plan.
I have no problems with this. However, besides the technical/marketing
trade-offs, here is also a process issue. Obviously, a lot of people
were surprised by Kevin's finding that the workstation firewall was
default open for ports > 1024.
Tracking this issue back we find [1] where the workstation group tried
to just disable the firewall. This started some threads. FESCO rejected
the change request.
For me, this issue then disappeared from my radar. It seems that after
FESCO turned down the wide-open system option the discussion was in the
workstation list, where they ended up opening all user ports (?) and
implemented this.
When a lot of people are surprised, isn't that a sign of a process
problem? Should we try to avoid surprises like this?. If so, how?
(I'm not trying to be argumentative or to blame anyone; if my pidgin
English gives that impression please ignore it).
Cheers!
--alec
[1] https://fedorahosted.org/fesco/ticket/1301
More information about the devel
mailing list