Proposal: Fedora should install with IPv6 disabled by default [was: Re: Disabling ipv6]
Fernando Lozano
fernando at lozano.eti.br
Fri Jul 12 21:17:40 UTC 2013
Hi,
>> Perhaps Fedora is the wrong distribution for you.
>>
>> The whole idea behind Fedora is for it to be an "engineering proving
>> ground" where new technologies (like IPv6) are rolled out for real world
>> use.
Not all Fedora users work in the networking fields. Many are developers
who doesn't care about networking. Even most web, client-server and
mobile developers are not close to being security experts and would
configure a very insecure system if left by thenselves. This does not
exclude them from being superb C, Java, PHP, Python, etc developers.
I don't think it's a good policy to exclude some users because of
others. And I don't thing people are understanding how real and serious
are current IPv6 vulnerabilities.
Biut I ask: would it be so hard for networking people to click once on
anaconda or Network Manager to enable IPv6 if? I think it's harder for
non-networking people to understand they should disable IPv6 else know
how to configure IPv6 in a secure way.
>> the main problem is not be able to *disable* it if
>> you know what you are doing and know why therese
>> is no need for ipv6 in your environment
>> https://bugzilla.redhat.com/show_bug.cgi?id=982740
IMHO those are two distinct issue, although related:
1. Users should be able to disable IPv6. Today they can't and this is a
bug that hopefully will be solved soon. I think no one ever intended
IPv6 to be mandatory. ;-)
2. The secure installation default should be IPv6 disabled. That's my
proposal.
[]s, Fernando Lozano
More information about the users
mailing list