trusted apps and trusted networks (was: 5tFTW: Fedora 21, 22, and 19, firewall discussion, and holiday break)
Björn Persson
Bjorn at xn--rombobjrn-67a.se
Sun Dec 21 16:45:17 UTC 2014
Mattia Verga wrote:
>Since I'm not good to write complex sentences in English, here is a
>schema that explains how I think firewalld should work as I wrote in
>the previous post.
A "trusted app" to me would mean that I trust that it's secure enough
to communicate even on *untrusted* networks. I don't usually trust any
network, but in the rare cases when I do, I'll let any bug-ridden junk
communicate because I'm confident that there isn't anything on the
network that will exploit any security holes. If Gnome-user-share (your
example) can't be trusted on untrusted networks, then including it in a
"trusted app list" seems very wrong. Since you didn't even give the user
an option to allow Gnome-user-share to communicate on the untrusted
network, your list seems more ĺike a list of known defective apps.
--
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141221/36d147f1/attachment.sig>
More information about the devel
mailing list