"Workstation" Product defaults to wide-open firewall

Ian Malone ibmalone at gmail.com
Tue Dec 9 13:11:33 UTC 2014

On 8 December 2014 at 15:33, Matthew Miller <mattdm at fedoraproject.org> wrote:
> On Mon, Dec 08, 2014 at 02:31:58PM +0000, Ian Malone wrote:
>> There are three products: workstation, server, cloud. Workstation is
>> the one for desktop use. That leaves server to aim for the traditional
>> fedora user base, since cloud is (understandably) a very different
>> thing. So if you want a desktop system with a security focus where do
>> you look now?
> So, it's important to understand — here on the devel list, certainly —
> that these three are part of a marketing strategy, and in order for
> such a thing to be effective and not just fluffy talk, it does involve
> technical changes to match the plan.
> Right now, "desktop system with a security focus for new users" isn't a
> key part of that effort. I certainly don't dispute that user security
> and education are good goals, and I don't think anyone on the
> workstation team does either — it's just a matter of the steps we take
> to get there.
> So, if you're not in the target of that focus, where do you look? Well,
> you can certainly pick one of our other desktop spins, which have
> different firewall defaults. Currently, all the generic one, but I'd
> like to move to a model where spins have more freedom here too. We even
> have a proposal for a new spin focused on privacy and security — the
> Netizen Spin. (If you're interested, I think that could use additional
> contributors.)

I was under the impression spins were to be phased out. I could be
wrong, the discussion was about the time of the product proposal.

> Or, you can do what I do: start with Fedora Workstation and then
> configure it in a way that makes sense for my needs, or if you're
> deploying for users into a managed environment, use the tools the OS
> provides to preconfigure the system for whatever makes sense there.

The thing is, while everyone in this discussion is probably capable of
changing such defaults, it reflects a shift in priorities that leaves
me wondering whether there'll be more such things that change and
current users need to keep an eye on. If workstation doesn't want to
appeal to current users why should they hang on and keep trying to
tweak it to what they want? We now need to watch workstation to see
what's going to happen on the desktop too. So the current list of
things fedora users need to be subscribed to if they don't want to
miss changes:

Where two of those are development lists where users aren't
particularly welcome and on the other any discussion that involves
what goes into the OS (or of an upcoming release the week before it's
out) is declared off topic.


More information about the devel mailing list