Product defaults to wide-open firewall

Rave it chat-to-me at
Tue Dec 9 03:47:16 UTC 2014

Am Mon, 08 Dec 2014 23:31:42 +0000
schrieb devel-request at

> Message: 7
> Date: Mon, 08 Dec 2014 23:54:30 +0100
> From: Alec Leamas <leamas.alec at>
> To: Development discussions related to Fedora
> 	<devel at>
> Subject: Re: "Workstation" Product defaults to wide-open firewall
> Message-ID: <54862C26.9020009 at>
> Content-Type: text/plain; charset=utf-8; format=flowed
> On 08/12/14 16:33, Matthew Miller wrote:
> > On Mon, Dec 08, 2014 at 02:31:58PM +0000, Ian Malone wrote:  
> >> There are three products: workstation, server, cloud. Workstation is
> >> the one for desktop use. That leaves server to aim for the traditional
> >> fedora user base, since cloud is (understandably) a very different
> >> thing. So if you want a desktop system with a security focus where do
> >> you look now?  
> >
> > So, it's important to understand — here on the devel list, certainly —
> > that these three are part of a marketing strategy, and in order for
> > such a thing to be effective and not just fluffy talk, it does involve
> > technical changes to match the plan.  
> I have no problems with this. However, besides the technical/marketing 
> trade-offs, here is also a process issue. Obviously, a lot of people 
> were surprised by Kevin's finding that the workstation firewall was 
> default open for ports > 1024.
> Tracking this issue back we find [1] where the workstation group  tried 
> to just disable the firewall. This started some threads. FESCO rejected 
> the change request.
> For me, this issue then disappeared from my radar. It seems that after 
> FESCO turned down the wide-open system option the discussion was in the 
> workstation list, where they ended up opening all user ports (?) and 
> implemented this.
> When a lot of people are surprised, isn't that a sign of a process 
> problem? Should we try to avoid surprises like this?. If so, how?
> (I'm not trying to be argumentative or to blame anyone; if my pidgin 
> English gives that impression please ignore it).
> Cheers!
> --alec

Is it possisible that the real reason for this decision from gnome was to fix a long outstanding bug in gnome-user-share?

realy amazing how gnome fix that bug ;)


More information about the devel mailing list