"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Tue Dec 9 13:23:09 UTC 2014

Am 09.12.2014 um 14:16 schrieb Bastien Nocera:
>> On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
>>> Why we can't have something like this?  And if you don't want a popup
>>> asking, have something in the NetworkManager applet menu, where people
>>> can easily find the switch without having to search for it?  A "[x]
>>> allow sharing" checkbox?  A firewall zone selector?
>> We can — we just need someone to design and write it.
> A design for something that we don't want to implement.

and that is the point - you do not want and care because you seem to 
think users are too stupid to make their own decisions - you know what 
Linus said to that in direction of GNOME?

> This was one of the
> options when implementing the feature, one that we didn't pursue. We chose
> instead to use "user intent" as a way to do this.
> If you start sharing something on a network, then we consider it safe to share.

the problem is that you don't know *who* or *what* opened the port

> If you connect to a public unencrypted Wi-Fi, you won't have the option to. If
> you connect to an encrypted Wi-Fi where sharing your holiday photos isn't acceptable
> then it won't, because you didn't ask it to in the first place

besides suspend / move machine

a sane firewall design (sadly Windows has that in the meantime) is that 
if i open a port in my homenetwork, supsend the machine and wake it up 
in a foreign network ports are closed until i decide to open them there 
too, but Fedora goes the easy way "who cares how and why as long things 
appear to work"

*who* told you that people don't share things *unintentional* by a wrong 
click which is *not* a problem until you decide to open ports

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141209/75cb8ab1/attachment.sig>

More information about the devel mailing list