2014-04-28 19:13 GMT+02:00 Reindl Harald <h.rei...@thelounge.net>: > Am 28.04.2014 19:04, schrieb Miloslav Trmač: > > 2014-04-28 18:59 GMT+02:00 Reindl Harald <h.rei...@thelounge.net<mailto: > h.rei...@thelounge.net>>: > > > > Am 28.04.2014 18:52, schrieb Miloslav Trmač: > > > No no no no no. If you want a firewall "integrated" /that/ way, > you are really > > > better of uninstalling it or opening it up; it serves no purpose. > > > > no, even if that way is completly wrong it's better than no firewall > > as i have explained multiple times there may run software not from > > the Fedora repos which opens ports unintentionally from the users > > point of view and especially a user with no network expierience > > will not realize that - and yes that software matters because > > we are talking about a *operating system* > > > > Well if the users' expectations were that the firewall doesn't > "interfere" with Fedora applications, why would they > > expect it to "interfere" with non-Fedora applications? > > do i really need to explain that? > > you can make signed fedora packages trusted and allow them > at install or first start to interact with firewalld > I can't; ptrace() doesn't make such a distinction.
> And doesn't every malware know to make an _outgoing_ connection to an IRC > server nowadays? > > Stopping malware by blocking incoming connections is fairly illusory IMHO > > i find it pervert that such basics need to be discussed > > * you can't reahc 100% security, never, in no way > Still, the combined measures need to mitigate at least, say, 75% of cases, otherwise we're not really having enough impact. Mirek
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
