Product defaults to wide-open firewall

Bastien Nocera bnocera at redhat.com
Tue Dec 9 10:54:46 UTC 2014 


----- Original Message -----
> Am Mon, 08 Dec 2014 23:31:42 +0000
> schrieb devel-request at lists.fedoraproject.org:
> 
> > Message: 7
> > Date: Mon, 08 Dec 2014 23:54:30 +0100
> > From: Alec Leamas <leamas.alec at gmail.com>
> > To: Development discussions related to Fedora
> > 	<devel at lists.fedoraproject.org>
> > Subject: Re: "Workstation" Product defaults to wide-open firewall
> > Message-ID: <54862C26.9020009 at gmail.com>
> > Content-Type: text/plain; charset=utf-8; format=flowed
> > 
> > On 08/12/14 16:33, Matthew Miller wrote:
> > > On Mon, Dec 08, 2014 at 02:31:58PM +0000, Ian Malone wrote:
> > >> There are three products: workstation, server, cloud. Workstation is
> > >> the one for desktop use. That leaves server to aim for the traditional
> > >> fedora user base, since cloud is (understandably) a very different
> > >> thing. So if you want a desktop system with a security focus where do
> > >> you look now?
> > >
> > > So, it's important to understand — here on the devel list, certainly —
> > > that these three are part of a marketing strategy, and in order for
> > > such a thing to be effective and not just fluffy talk, it does involve
> > > technical changes to match the plan.
> > 
> > I have no problems with this. However, besides the technical/marketing
> > trade-offs, here is also a process issue. Obviously, a lot of people
> > were surprised by Kevin's finding that the workstation firewall was
> > default open for ports > 1024.
> > 
> > Tracking this issue back we find [1] where the workstation group  tried
> > to just disable the firewall. This started some threads. FESCO rejected
> > the change request.
> > 
> > For me, this issue then disappeared from my radar. It seems that after
> > FESCO turned down the wide-open system option the discussion was in the
> > workstation list, where they ended up opening all user ports (?) and
> > implemented this.
> > 
> > When a lot of people are surprised, isn't that a sign of a process
> > problem? Should we try to avoid surprises like this?. If so, how?
> > 
> > (I'm not trying to be argumentative or to blame anyone; if my pidgin
> > English gives that impression please ignore it).
> > 
> > 
> > Cheers!
> > 
> > --alec
> 
> Is it possisible that the real reason for this decision from gnome was to fix
> a long outstanding bug in gnome-user-share?

It wasn't.

It caused problems with rhythmbox, gnome-user-share, UPnP/DLNA (both client and
server), VNC sharing, and a number of other applications shipped in Fedora but
not in the default set.

This is something you could have discovered by reading the original thread instead
of your feeble attempt at trolling GNOME.

More information about the devel mailing list