Other download options

Mike Pinkerton pselists at mindspring.com
Wed Dec 10 18:19:21 UTC 2014

On 10 Dec 2014, at 12:52, Ben Cotton wrote:

> On Wed, Dec 10, 2014 at 12:47 PM, Mike Pinkerton
> <pselists at mindspring.com> wrote:
>> I also am trying to figure out how I can use Fedora going forward  
>> to support
>> general desktop requirements for SMB office workers, creative  
>> types and
>> others who have heretofore been using Fedora as a general, secure by
>> default, Gnome desktop OS.  The only ideas I have come up with so  
>> far are:
> Why not the Workstation product with a firewall configuration more to
> your liking? Is there something besides the firewall that causes
> Fedora 21 Workstation to not meet your needs?

Primarily the uncertainty of what changes the Workstation WG has  
made, coupled with Matthew Miller's comments that:

"Right now, 'desktop system with a security focus for new users'  
isn't a key part of that effort. ... So, if you're not in the target  
of that focus, where do you look? Well, you can certainly pick one of  
our other desktop spins ..."  None of those spins is Gnome-based.

For office workers, creative types and similar, there is always a  
mixture of new and old users, a mixture of savvy and not, and always  
a few folks who, unless prevented, would do incredibly stupid things  
that put your whole network at risk.  Security is always a prime  

I would not have known about the firewall issue if Kevin Kofler had  
not kindly flagged it to this list.  If the Workstation WG is willing  
to implement such a basic change with little notice -- and the two  
sentences in the Release Notes don't give adequate notice that Fedora  
has switched from a "secure by default" to an "insecure by default"  
firewall configuration -- then I can't trust the Workstation product  
until I can audit all of its configurations to determine where and  
how they differ from those I can support for my users.  I don't have  
the time to do that.

I also don't know whether Workstation updates will pull in other  
similarly bad ideas in the future, and whether I would have to re- 
audit all of the configuration after each update.


More information about the devel mailing list