allowing programs to open ports

Björn Persson Bjorn at xn--rombobjrn-67a.se
Sat Jan 3 12:12:53 UTC 2015 

Stephen John Smoogen wrote:
>1) I do not feel that countless programs will or want to accept
>patches to open ports twice. I expect them to actually open a port
>once and if they want to work with firewalld or some other firewall
>daemon signal on dbus that they are looking to have a port open using
>a predefined and open protocol. The port will be open like it always
>was and the firewall will be closed if they don't use it, and possibly
>open if they do (depending on the top level policy of whatever
>firewall management program is there).

Fine, so they wouldn't be patches to open ports twice, they'd be
patches to ask FirewallD to open the firewall in addition to opening
ports. Whatever. The point is that a lot of programs would have to be
patched to do a Fedora-specific thing, and the patches would either
have to be accepted upstream or carried in Fedora, or else the programs
wouldn't work on Fedora.

>3) glibc is meant to work on multiple OS's and distributions. Fedora
>and even Red Hat are not important enough to force through a change
>that isn't in the interests of other distributions. Which is where the
>vague politics comes up. This sort of change would require working
>with other distributions, other OS's and other organizations to get
>their consensus on how it should work. That takes a long amount of
>meetings, talking with people, showing them why it would be
>worthwhile, figuring out all the corner cases and seeing if they are
>fixable, etc. And it would see if it breaks various 'promises' like
>POSIX compliance and such that the glibc team work actively to keep.

All of that is true, but I don't see how it would be an argument for
signaling FirewallD from many places rather than from one place. Most
of the programs are also meant to work on multiple OSes and
distributions, and I doubt that their developers would be happy to
implement multiple distribution-specific protocols for opening
firewalls. It would still require lots of discussions to get all of
those distributions, OSes and organizations to agree on a single
firewall-opening protocol, regardless of whether that protocol would
then be used from GlibC of from each program individually.

-- 
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150103/c9b91354/attachment.sig>

More information about the devel mailing list