"Workstation" Product defaults to wide-open firewall
Reindl Harald
h.reindl at thelounge.net
Tue Dec 9 13:23:09 UTC 2014
Am 09.12.2014 um 14:16 schrieb Bastien Nocera:
>> On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
>>> Why we can't have something like this? And if you don't want a popup
>>> asking, have something in the NetworkManager applet menu, where people
>>> can easily find the switch without having to search for it? A "[x]
>>> allow sharing" checkbox? A firewall zone selector?
>>
>> We can — we just need someone to design and write it.
>
> A design for something that we don't want to implement.
and that is the point - you do not want and care because you seem to
think users are too stupid to make their own decisions - you know what
Linus said to that in direction of GNOME?
> This was one of the
> options when implementing the feature, one that we didn't pursue. We chose
> instead to use "user intent" as a way to do this.
>
> If you start sharing something on a network, then we consider it safe to share.
the problem is that you don't know *who* or *what* opened the port
> If you connect to a public unencrypted Wi-Fi, you won't have the option to. If
> you connect to an encrypted Wi-Fi where sharing your holiday photos isn't acceptable
> then it won't, because you didn't ask it to in the first place
besides suspend / move machine
a sane firewall design (sadly Windows has that in the meantime) is that
if i open a port in my homenetwork, supsend the machine and wake it up
in a foreign network ports are closed until i decide to open them there
too, but Fedora goes the easy way "who cares how and why as long things
appear to work"
*who* told you that people don't share things *unintentional* by a wrong
click which is *not* a problem until you decide to open ports
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141209/75cb8ab1/attachment.sig>
More information about the devel
mailing list