"Workstation" Product defaults to wide-open firewall

Robert Marcano robert at marcanoonline.com
Tue Dec 9 15:37:53 UTC 2014


On 12/09/2014 11:01 AM, Christian Schaller wrote:
>
>
>
>
> ----- Original Message -----
>> From: "Gerd Hoffmann" <kraxel at redhat.com>
>> To: "Development discussions related to Fedora" <devel at lists.fedoraproject.org>
>> Sent: Tuesday, December 9, 2014 10:22:01 AM
>> Subject: Re: "Workstation" Product defaults to wide-open firewall
>>
>> On Di, 2014-12-09 at 08:16 -0500, Bastien Nocera wrote:
>>>
>>> ----- Original Message -----
>>>> On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
>>>>> Why we can't have something like this?  And if you don't want a popup
>>>>> asking, have something in the NetworkManager applet menu, where people
>>>>> can easily find the switch without having to search for it?  A "[x]
>>>>> allow sharing" checkbox?  A firewall zone selector?
>>>>
>>>> We can — we just need someone to design and write it.
>>>
>>> A design for something that we don't want to implement. This was one of the
>>> options when implementing the feature, one that we didn't pursue. We chose
>>> instead to use "user intent" as a way to do this.
>>>
>>> If you start sharing something on a network, then we consider it safe to
>>> share.
>>> If you connect to a public unencrypted Wi-Fi, you won't have the option to.
>>> If
>>> you connect to an encrypted Wi-Fi where sharing your holiday photos isn't
>>> acceptable
>>> then it won't, because you didn't ask it to in the first place.
>>
>> That assumes all applications behave that way.  Which simply isn't true,
>> there is a world outside gnome.  You apparently choose to ignore that,
>> which is a bad idea IMO.
>
> Well we are not shipping by default anything which doesn't conform to this,
> and if you go out of your way to install something I don't think it is far
> fetched to assume you want that thing to work.

I want that thing to work for me, not for everyone on the network unless 
I allow it (open the firewall). External applications, specially closed 
source ones, with bad defaults exists and that will never stop

>
> Christian
>



More information about the devel mailing list