"Workstation" Product defaults to wide-open firewall

[Michael Catanzaro]

On Mon, 2014-12-08 at 16:41 +0100, Kevin Kofler wrote:
> So you rather implement the type of OS that just always assumes "Yes" 
> without even asking? Because that's what the current "firewall" rules
> do 
> (between quotes because it can hardly be called a firewall in that
> state). 
> How's that more secure than asking?

I think the prevailing opinion of the GNOME safety team is that yes/no
or allow/disallow dialogs are unacceptable. These just train the user to
click yes. Certainly, we are not going to ask for each app that wants to
access the network. Instead, we pick a reasonable default and stick with
it. The default for an invalid TLS certificate should be to fail, no
exceptions, since we know that a user clicking Yes is almost always
picking the wrong option. The default for a network service is Allow,
since Deny would almost always be the wrong option.

What we do need is a better story for helping the user pick a reasonable
firewall zone. Home/Work/Coffeeshop is a simple question that's
difficult for users to get wrong.

> The users who don't know about firewall ports will not need to open
> them up 
> at all.

This is not true, or we would not have changed the firewall defaults and
we would not be having this conversation. Back to Bastien's use case: "I
want to share a video in my home directory using UPnP/DLNA to my TV,
using rygel for example." This is a simple requirement, and we're
plainly unwilling to revert to the F20 settings as it would break this
use case. So your challenge is to find an alternative default that
supports it: then we'll have more to talk about.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141209/0642814e/attachment.sig>