5tFTW: Fedora 21, 22, and 19, firewall discussion, and holiday break

Mattia Verga mattia.verga at tiscali.it
Sun Dec 21 09:21:24 UTC 2014

Il 20/12/2014 23:32, Michael Catanzaro ha scritto:
> On Sat, 2014-12-20 at 22:24 +0100, Reindl Harald wrote:
>> you completly ignored the following paragraph, my guess is because
>> "ask
>> the user" is considered harmful by GNOME upstream
> Well I read it, but yes, I do think that ask the user is harmful. We
> need to get out of the business of training users to click through
> security prompts. You and I will have to agree to disagree on this.
Well, at work I use Windows 7 and when I have to set up a FTP server I 
must open the firewall settings and manually set it to allow incoming 
connections to the program (not to FTP port, so the program can open up 
all ports it wants). That's really much more complex than clicking a 
security prompt.

If the problem is file sharing, and specifically gnome-user-share, I 
think firewalld can inlude a "trusted app" list: if a user enables file 
sharing he's aware of doing that, so there's no need that firewalld asks 
him again if it's ok for gnome-user-share to open any port. This is also 
the way how Windows 7 works for file sharing, with three security levels 
for this trusted app list in case you're on a public network or home or 
at work.

More information about the devel mailing list