trusted apps and trusted networks

[Björn Persson]

Kevin Kofler wrote:
>I am user C. I don't need a log of blocked stuff, I'd only be worried
>about intruders DoSing the machine by filling the log. I really want
>ANY outside access to my machine silently dropped. My machine is NOT a
>server, period.

So you never use Bittorrent to download a new Fedora release, or any
other kind of filesharing? You never use a softphone, or play multi-user
games? Any kind of text chat you might use is a centralized service, not
peer-to-peer? And you're sure that you will never use Tor, or Bitcoin,
or any other kind of peer-to-peer communication that may be invented in
the future?

It may be a valid use case, but the option would need to be clearly
labeled so that users understand how much they're blocking. Otherwise
people will choose it because they aren't setting up a web server, and
then wonder why their networked game isn't working. Something like this:

"This is a special-purpose client machine. It will never engage in any
kind of peer-to-peer communication, nor run any kind of server. And
yes, I know what those terms mean."

Even then, I still think it would be better if programs that try to
open a port would get an error code and have a chance to report the
failure, rather than waiting in vain for requests that are being
silently dropped.

-- 
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150113/ec8a67c8/attachment.sig>