Re: "Workstation" Product defaults to wide-open firewall

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > > I just happened to look at the firewalld default settings, and I > > was not amused when I noticed this: > > http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml > > > > > > > > This "firewall" is a joke! ALL higher ports

Re: "Workstation" Product defaults to wide-open firewall

Stephen Gallagher wrote: > Also, while I think it's been unclear in this thread, the main reason > that the firewall GUI was taken out was because the Workstation guys > want to design a more user-understandable one and include that directly > (if I am remembering that conversation correctly). The

Re: "Workstation" Product defaults to wide-open firewall

> The best analogy would probably be a condom with a whopping 129024 > holes in it. That's a horrible analogy, and totally inappropriate for this mailing list. Could we please keep this civil and reasonable? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mai

Re: "Workstation" Product defaults to wide-open firewall

I wrote: > Indeed. The best analogy would probably be a condom with a whopping 129024 > holes in it. (That's the number of ports that are left open by only the 2 > blanket firewalld rules quoted in my thread-starting post.) What kind of > protection do you expect from that? Correction: The 2 offen

Re: "Workstation" Product defaults to wide-open firewall

Christopher wrote: > I think you're being overly dismissive of legitimate security concerns. > The whole purpose of a firewall is to lock down the system from > unintentional network traffic. The default installation of the > "Workstation" product does not perform this function. This isn't paranoia

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 8, 2014 at 10:36 PM, Matthias Clasen wrote: > On Tue, 2014-12-09 at 01:35 +0100, Kevin Kofler wrote: > > > > To me, it is obvious that the Workstation WG is in deliberate contempt of > > FESCo's decision. That alone ought to lead to sanctions from FESCo. In > > addition, FESCo's decis

Re: non-responsive maintainer - vda - Denys Vlasenko - dvlas...@redhat.com

On 12/08/2014 01:39 PM, Denys Vlasenko wrote: On 12/08/2014 04:45 PM, Orion Poplawski wrote: On 12/08/2014 06:20 AM, Denys Vlasenko wrote: On 12/05/2014 05:43 PM, Orion Poplawski wrote: Starting the non-reponsive maintainter process for vda - Denys Vlasenko - dvlas...@redhat.com as he appear

Re: "Workstation" Product defaults to wide-open firewall

On Tue, 2014-12-09 at 01:35 +0100, Kevin Kofler wrote: > > To me, it is obvious that the Workstation WG is in deliberate contempt of > FESCo's decision. That alone ought to lead to sanctions from FESCo. In > addition, FESCo's decision must be implemented properly by a security update > ASAP. A wid

[Test-Announce] Fedora 22 nightly compose 2014-12-08 nominated for testing

Hi, folks. So after this morning's meeting, I worked today to implement nightly build support in the mediawiki template magic and in relval. We don't yet have the bits to listen out for composes, create the results pages when anaconda packages change, and send out automated announce mails, but we c

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 8, 2014 at 6:37 PM, Kevin Kofler wrote: > What we want this discussion to lead to is: > 1. the decision to get fixed in a security update, like the PolicyKit > policy >for PackageKit in F12 (which was also deliberate, but broken) was, and > Agreed - is Workstation the only Fedora-

Re: Product defaults to wide-open firewall

Am Mon, 08 Dec 2014 23:31:42 + schrieb devel-requ...@lists.fedoraproject.org: > Message: 7 > Date: Mon, 08 Dec 2014 23:54:30 +0100 > From: Alec Leamas > To: Development discussions related to Fedora > > Subject: Re: "Workstation" Product defaults to wide-open firewall > Message-ID: <54

Fedora ARM & AArch64 Status Meeting 2014-12-09 * New Day & Time *

Sorry for the short notice, please join us tomorrow (Tuesday, Dec 9th) at 15:00 UTC for the Fedora ARM & AArch64 status meeting in #fedora-meeting-2 on Freenode. This will be a weekly meeting and has been added to Fedocal [1]. On the agenda so far.. 1) Fedora 21 Status (armhfp) * Installat

Re: "Workstation" Product defaults to wide-open firewall

Matthias Clasen wrote: > It is clear by now that you don't agree with the decision the > workstation WG has taken on this topic. I don't think rehashing the same > arguments over and over will lead to any new insights. What we want this discussion to lead to is: 1. the decision to get fixed in a s

Re: "Workstation" Product defaults to wide-open firewall

Bastien Nocera wrote: > - Original Message - >> Bastien Nocera wrote: >> > Security is about compromises. The net result of the old firewall >> > settings was people disabling the firewall. >> >> And the net result of the new firewall settings is you disabling the >> firewall for them, >

Re: Mate group should require galculator instead of mate-calc

2014-12-08 21:16 GMT+02:00 Igor Gnatenko : > I don't like MATE. > That was uncalled for and utterly irrelevant to the matter at hand. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-o

Re: Mate group should require galculator instead of mate-calc

Am Mon, 08 Dec 2014 20:52:41 + schrieb devel-requ...@lists.fedoraproject.org: > Message: 7 > Date: Mon, 8 Dec 2014 23:16:17 +0400 > From: Igor Gnatenko > To: Development discussions related to Fedora > > Subject: Re: Mate group should require galculator instead of mate-calc > Message-I

Re: "Workstation" Product defaults to wide-open firewall

+1 - I've added 'firewall-config' to my remix and changed the default zone to 'public'. I'm not sure what the impact would be of closing off dhcpv6-client and mdns is so I left those open. I left ssh open because the service is disabled by default. On Mon, Dec 8, 2014 at 4:35 PM, Kevin Kofler wro

Re: "Workstation" Product defaults to wide-open firewall

On Tue, 2014-12-09 at 01:28 +0100, Kevin Kofler wrote: > Matthew Miller wrote: > > Whether you agree or not, reasonable people argue that a host-based packet > > filter isn't really a meaningful increase in security. I don't think we're > > _really_ leaving the security emphasis behind. > > And

Re: "Workstation" Product defaults to wide-open firewall

Alec Leamas wrote: > Tracking this issue back we find [1] where the workstation group tried > to just disable the firewall. This started some threads. FESCO rejected > the change request. > > For me, this issue then disappeared from my radar. It seems that after > FESCO turned down the wide-open

Re: "Workstation" Product defaults to wide-open firewall

Matthew Miller wrote: > Whether you agree or not, reasonable people argue that a host-based packet > filter isn't really a meaningful increase in security. I don't think we're > _really_ leaving the security emphasis behind. And I argue that the firewall is by far the most important security mech

Re: "Workstation" Product defaults to wide-open firewall

On 8 December 2014 at 16:41, Reindl Harald wrote: > > Am 09.12.2014 um 00:31 schrieb Stephen John Smoogen: > >> On 8 December 2014 at 16:17, Mike Pinkerton > > wrote: >> >> >> >> We could have decided to double-down on growing that enthusiast >> seg

Re: "Workstation" Product defaults to wide-open firewall

Am 09.12.2014 um 00:31 schrieb Stephen John Smoogen: On 8 December 2014 at 16:17, Mike Pinkerton mailto:pseli...@mindspring.com>> wrote: We could have decided to double-down on growing that enthusiast segment, but, first, that's not what the people who showed up to do

Re: Are both the audio and jackuser groups necessary?

On 8 December 2014 at 15:15, Jonathan Underwood wrote: > Hi, > > A perhaps naive question, but is it really necessary to have both the > "audio" and "jackuser" groups? Could these not be consolidated moving > forward? > jackuser is used for realtime priority and memlock rights, /etc/security/limi

Re: "Workstation" Product defaults to wide-open firewall

On 8 December 2014 at 16:17, Mike Pinkerton wrote: > > > We could have decided to double-down on growing that enthusiast >> segment, but, first, that's not what the people who showed up to do the >> work decided; and second, I actually think we continue to serve the >> hackers and tinkerers very

Re: "Workstation" Product defaults to wide-open firewall

On 8 Dec 2014, at 17:07, Matthew Miller wrote: On Mon, Dec 08, 2014 at 03:20:30PM -0500, Mike Pinkerton wrote: burning your old market when trying to grow a new one. From a marketing standpoint, that is just crazy. In a for-profit company, where products are connected to revenue streams, it

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 08, 2014 at 11:54:30PM +0100, Alec Leamas wrote: > When a lot of people are surprised, isn't that a sign of a process > problem? Should we try to avoid surprises like this?. If so, how? > > (I'm not trying to be argumentative or to blame anyone; if my pidgin > English gives that impres

Re: Allow internet/network access based on binary -- ask user for permission if a binary wants to connect to the internet

On 08/12/14 23:26, Moez Roy wrote: I only want certain binaries to be allowed network access. For example, I want to allow the below binaries access to the internet: /usr/lib64/firefox/firefox /usr/lib/virtualbox/VirtualBox /bin/yum (it seems to be done via python like /usr/bin/python /bin/yum

Re: "Workstation" Product defaults to wide-open firewall

This would be a good topic for the retrospective, I think. https://fedoraproject.org/wiki/Fedora_21_Retrospective#Could_have_been_better ;-) In my specific case, 'firewall-cmd --set-default-zone=public' in my kickstart file makes this issue go away. On Mon, Dec 8, 2014 at 2:54 PM, Alec Leamas w

Re: "Workstation" Product defaults to wide-open firewall

On 08/12/14 16:33, Matthew Miller wrote: On Mon, Dec 08, 2014 at 02:31:58PM +, Ian Malone wrote: There are three products: workstation, server, cloud. Workstation is the one for desktop use. That leaves server to aim for the traditional fedora user base, since cloud is (understandably) a ver

Allow internet/network access based on binary -- ask user for permission if a binary wants to connect to the internet

I only want certain binaries to be allowed network access. For example, I want to allow the below binaries access to the internet: /usr/lib64/firefox/firefox /usr/lib/virtualbox/VirtualBox /bin/yum (it seems to be done via python like /usr/bin/python /bin/yum update -- so here obviously python is

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 08, 2014 at 03:20:30PM -0500, Mike Pinkerton wrote: > burning your old market when trying to grow a new one. From a > marketing standpoint, that is just crazy. In a for-profit company, > where products are connected to revenue streams, it would be a "you > just bet your career" move w

Re: "Workstation" Product defaults to wide-open firewall

> > > > > > sudo firewall-cmd --set-default-zone=FedoraServer > > That will limit it to SSH, DHCPv6 and cockpit > > > > Or use default zone "Public", which swaps cockpit out and adds mDNS > > > > Or if you're "Reindl Harald"-level paranoid (no offense intended, Harald > > but you're the most paran

Re: "Workstation" Product defaults to wide-open firewall

On 12/08/2014 04:31 PM, Stephen Gallagher wrote: On Mon, 2014-12-08 at 07:41 +0100, Kevin Kofler wrote: Hi, I just happened to look at the firewalld default settings, and I was not amused when I noticed this: http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml

Re: non-responsive maintainer - vda - Denys Vlasenko - dvlas...@redhat.com

On 12/08/2014 04:45 PM, Orion Poplawski wrote: > On 12/08/2014 06:20 AM, Denys Vlasenko wrote: >> On 12/05/2014 05:43 PM, Orion Poplawski wrote: >>> Starting the non-reponsive maintainter process for vda - Denys Vlasenko - >>> dvlas...@redhat.com as he appears to have completely abandoned busybox

Re: "Workstation" Product defaults to wide-open firewall

On Mon, 2014-12-08 at 07:41 +0100, Kevin Kofler wrote: > Hi, > > I just happened to look at the firewalld default settings, and I was not > amused when I noticed this: > http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml > > > > > This "firewall" is a joke! ALL hig

Re: non-responsive maintainer - vda - Denys Vlasenko - dvlas...@redhat.com

On 12/08/2014 04:45 PM, Orion Poplawski wrote: > On 12/08/2014 06:20 AM, Denys Vlasenko wrote: >> On 12/05/2014 05:43 PM, Orion Poplawski wrote: >>> Starting the non-reponsive maintainter process for vda - Denys Vlasenko - >>> dvlas...@redhat.com as he appears to have completely abandoned busybox

Orphaned Packages in rawhide (2014-12-08)

The following packages are orphaned and will be retired when they are orphaned for six weeks, unless someone adopts them. If you know for sure that the package should be retired, please do so now with a proper reason: https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life Note: If y

Re: "Workstation" Product defaults to wide-open firewall

As one who maintains a remix for journalists, I expect the default for a workstation should be that you mus* explicitly know what you are doing to open a port, and enable or start a service - the default release should have a minimum attack surface by design. As a result of this discussion I plan t

Re: "Workstation" Product defaults to wide-open firewall

On 8 Dec 2014, at 10:33, Matthew Miller wrote: On Mon, Dec 08, 2014 at 02:31:58PM +, Ian Malone wrote: There are three products: workstation, server, cloud. Workstation is the one for desktop use. That leaves server to aim for the traditional fedora user base, since cloud is (understand

Re: Non-fatal error messages in Koji scratch build

On Mon, Dec 08, 2014 at 11:55:58AM -0700, Orion Poplawski wrote: > On 12/08/2014 11:51 AM, Paul W. Frields wrote: > > http://paste.fedoraproject.org/157737/18064529 > > > > I had a bunch of 'sh: git: command not found' messages in a scratch > > build I did from an SRPM I uploaded, testing an epel7

Re: devel Digest, Vol 130, Issue 28

Am Mon, 08 Dec 2014 18:01:47 + schrieb devel-requ...@lists.fedoraproject.org: > Message: 8 > Date: Mon, 8 Dec 2014 20:46:03 +0400 > From: Igor Gnatenko > To: Development discussions related to Fedora > > Cc: Leigh Scott > Subject: Mate group should require galculator instead of mate-c

Re: "Tick-tock" release cadence?

On 12/04/2014 06:39 AM, Matthew Miller wrote: What do you think? Would this help towards the goals listed above? Would it help _other_ things? What downsides would it bring? It sounds a lot like releasing a new compose of an existing release with updates included in the repository. Why not do

Re: Mate group should require galculator instead of mate-calc

On Mon, Dec 8, 2014 at 11:13 PM, Rave it wrote: > Am Mon, 08 Dec 2014 18:01:47 + > schrieb devel-requ...@lists.fedoraproject.org: > >> Message: 8 >> Date: Mon, 8 Dec 2014 20:46:03 +0400 >> From: Igor Gnatenko >> To: Development discussions related to Fedora >> >> Cc: Leigh Scott >> Su

Re: Mate group should require galculator instead of mate-calc

Am Mon, 08 Dec 2014 18:01:47 + schrieb devel-requ...@lists.fedoraproject.org: > Message: 8 > Date: Mon, 8 Dec 2014 20:46:03 +0400 > From: Igor Gnatenko > To: Development discussions related to Fedora > > Cc: Leigh Scott > Subject: Mate group should require galculator instead of mate-c

Re: Non-fatal error messages in Koji scratch build

On 12/08/2014 11:51 AM, Paul W. Frields wrote: > http://paste.fedoraproject.org/157737/18064529 > > I had a bunch of 'sh: git: command not found' messages in a scratch > build I did from an SRPM I uploaded, testing an epel7 build before > submitting the real thing. It's been a while -- are these

Non-fatal error messages in Koji scratch build

http://paste.fedoraproject.org/157737/18064529 I had a bunch of 'sh: git: command not found' messages in a scratch build I did from an SRPM I uploaded, testing an epel7 build before submitting the real thing. It's been a while -- are these messages expected behavior? -- Paul W. Frields

Re: "Workstation" Product defaults to wide-open firewall

On Mon, 2014-12-08 at 18:40 +0100, Reindl Harald wrote: > * vulnerable port open Yeah, see, this bit right here is the actual issue. Curiously, AV software on Other Operating Systems has had the ability to delegate this very policy decision to the user session for at least a decade, and yet nobo

Re: "Workstation" Product defaults to wide-open firewall

> So the target audience has shifted from developers to developers who > don't understand ports, don't like user prompts and are behind > enterprise firewalls. Certainly not. I've never assumed I was an "average user". There are many different reasons why people might want a more open firewall

Re: "Tick-tock" release cadence?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 8 Dec 2014 02:29:17 + Peter Robinson wrote: > On Thu, Dec 4, 2014 at 6:42 PM, Matthew Miller > wrote: > > On Thu, Dec 04, 2014 at 11:02:28AM -0600, Bruno Wolff III wrote: > >> >For us, that would mean alternating between concentrating on

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 8, 2014 at 11:03 PM, DJ Delorie wrote: > I, for one, am happy to welcome our new more-reasonable-less-paranoid > overlords. I've been disabling my firewall for ages, as my machines > are behind an enterprise firewall anyway. So the target audience has shifted from developers to devel

Re: "Workstation" Product defaults to wide-open firewall

> > I, for one, am happy to welcome our new more-reasonable-less-paranoid > > overlords. I've been disabling my firewall for ages, as my machines > > are behind an enterprise firewall anyway > > that don't apply for a notebook, especially not if the enduser is=20 > connected to a public WLAN and

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 18:33 schrieb DJ Delorie: Next time, don't be 6 month late if you're going to be flippant. I, for one, am happy to welcome our new more-reasonable-less-paranoid overlords. I've been disabling my firewall for ages, as my machines are behind an enterprise firewall anyway that

Re: "Workstation" Product defaults to wide-open firewall

> Next time, don't be 6 month late if you're going to be flippant. I, for one, am happy to welcome our new more-reasonable-less-paranoid overlords. I've been disabling my firewall for ages, as my machines are behind an enterprise firewall anyway. -- devel mailing list devel@lists.fedoraproject.

Re: Mate group should require galculator instead of mate-calc

I spoke with the MATE team a few weeks ago and they said that for the time being mate-calc will remain the default. Galculator *might* make it to the 1.10 release. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: htt

Re: python-dateutil update

On Mon, 2014-12-08 at 17:47 +0100, Zbigniew Jędrzejewski-Szmek wrote: > fedocal and python-django-tastypie are the only packages which > explicitly require python-dateutil < 2. If you wish, I can volunteer > file bugs to change the dependency for F21 and rawhide for those two > packages and do it m

Re: python-dateutil update

On Mon, Dec 08, 2014 at 09:10:59AM -0700, Pete Travis wrote: > On Dec 8, 2014 8:51 AM, "Zbigniew Jędrzejewski-Szmek" > wrote: > > > > On Sun, Dec 07, 2014 at 04:45:12PM -0700, Pete Travis wrote: > > > python-dateutil is old[0]. Fedora is carrying version 1.5, and upstream > > > is up to 2.3 . If

Mate group should require galculator instead of mate-calc

Hi, my friend reported to me that mate-calc is deprected. We should use galculator instead. I've checked and found blogpost from one of mate release[0]. Please fix up comps.xml. Couldn't find bugzilla component for this. [0]http://mate-desktop.org/blog/2014-03-17-galculator-is-coming-to-mate/ -

Fedora 22 planning and changes submission deadline

Hi all! Fedora 21 is almost out of the doors (tomorrow!) and it's time to take a look closer on Fedora 22 plans. But before we move on, I'd like to ask you to help us with Fedora 21 retrospective [1]. We'd really like to know what you think went well and what did not. Fedora 22 starts with change

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 17:20 schrieb Bastien Nocera: Am 08.12.2014 um 17:10 schrieb Bastien Nocera: There's a few more items that will be opened I'm afraid. And one of the reasons why we block root ports is to avoid regressions like rpcbind listening by default, which was due to a bug in packaging.

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 17:17 schrieb Bastien Nocera: Am 08.12.2014 um 17:10 schrieb Bastien Nocera: Security is about compromises. The net result of the old firewall settings was people disabling the firewall. And the net result of the new firewall settings is you disabling the firewall for them,

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > > Am 08.12.2014 um 17:10 schrieb Bastien Nocera: > > There's a few more items that will be opened I'm afraid. And one of the > > reasons > > why we block root ports is to avoid regressions like rpcbind listening > > by default, which was due to a bug in packaging.

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > > Am 08.12.2014 um 17:10 schrieb Bastien Nocera: > >>> Security is about compromises. The net result of the old firewall > >>> settings > >>> was people disabling the firewall. > >> > >> And the net result of the new firewall settings is you disabling the > >> fire

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 17:10 schrieb Bastien Nocera: There's a few more items that will be opened I'm afraid. And one of the reasons why we block root ports is to avoid regressions like rpcbind listening by default, which was due to a bug in packaging. So what you call "no firewall" would actually hav

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 17:10 schrieb Bastien Nocera: Security is about compromises. The net result of the old firewall settings was people disabling the firewall. And the net result of the new firewall settings is you disabling the firewall for them, It's not disabled it is practically the only

Re: "Workstation" Product defaults to wide-open firewall

On Mon, 2014-12-08 at 17:08 +0100, Reindl Harald wrote: > Am 08.12.2014 um 16:55 schrieb Bastien Nocera: > >>> You're free to select another firewall zone. > >> > >> How, when you don't even install the firewall configuration tool by > >> default? > > > > Settings -> Network, select your network -

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > Bastien Nocera wrote: > > Security is about compromises. The net result of the old firewall settings > > was people disabling the firewall. > > And the net result of the new firewall settings is you disabling the > firewall for them, It's not disabled. > and also

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 16:55 schrieb Bastien Nocera: You're free to select another firewall zone. How, when you don't even install the firewall configuration tool by default? Settings -> Network, select your network -> Identity -> Firewall zone that's possible with one click? fine, then the onl

Re: Review swap -- Budgie Desktop

On Mon, Dec 08, 2014 at 11:01:50AM -0500, Bastien Nocera wrote: > > > - Original Message - > > On Mon, Dec 08, 2014 at 09:08:09AM -0500, Bastien Nocera wrote: > > > It's a sub-module because it's not a library. > > I know it does not have a stable api. But could it be compiled > > as a li

Re: Review swap -- Budgie Desktop

- Original Message - > On Mon, Dec 08, 2014 at 09:08:09AM -0500, Bastien Nocera wrote: > > It's a sub-module because it's not a library. > I know it does not have a stable api. But could it be compiled > as a library? It could be, as long as it's not installed in a system-wide location.

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 16:49 schrieb Bastien Nocera: Make sure to note that I'm convinced that the new firewall settings in Fedora Workstation 21 are more secure than what was available in Fedora 20's default settings. If Reindl, Kevin or Tomas want to disagree with that, I'll give you a little exerc

Re: "Workstation" Product defaults to wide-open firewall

Bastien Nocera wrote: > Security is about compromises. The net result of the old firewall settings > was people disabling the firewall. And the net result of the new firewall settings is you disabling the firewall for them, and also for all those people out there (like me) who were NOT disabling

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > Bastien Nocera wrote: > > You're free to select another firewall zone. > > How, when you don't even install the firewall configuration tool by default? Settings -> Network, select your network -> Identity -> Firewall zone -- devel mailing list devel@lists.fedorap

Re: "Workstation" Product defaults to wide-open firewall

Bastien Nocera wrote: > You're free to select another firewall zone. How, when you don't even install the firewall configuration tool by default? Kevin Kofler -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduc

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > On Mon, Dec 08, 2014 at 02:31:58PM +, Ian Malone wrote: > > There are three products: workstation, server, cloud. Workstation is > > the one for desktop use. That leaves server to aim for the traditional > > fedora user base, since cloud is (understandably) a ve

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > if your discussions leaded to the decisions also used the quoting style > like in that thread only contain "myself said" i guess what went wrong > in the first place > > i am still unsure if that's > > * intentional to mask communication > * just a bad usage of you

Re: non-responsive maintainer - vda - Denys Vlasenko - dvlas...@redhat.com

On 12/08/2014 06:20 AM, Denys Vlasenko wrote: > On 12/05/2014 05:43 PM, Orion Poplawski wrote: >> Starting the non-reponsive maintainter process for vda - Denys Vlasenko - >> dvlas...@redhat.com as he appears to have completely abandoned busybox. >> Anyone know him or how to contact? > > Hi. I'm

Re: "Workstation" Product defaults to wide-open firewall

Bastien Nocera wrote: > Yeah, that's so useful. "Oh, you clicked it, it's your fault". That's not > the type of OS I want to help implement, sorry. So you rather implement the type of OS that just always assumes "Yes" without even asking? Because that's what the current "firewall" rules do (betw

Re: "Workstation" Product defaults to wide-open firewall

if your discussions leaded to the decisions also used the quoting style like in that thread only contain "myself said" i guess what went wrong in the first place i am still unsure if that's * intentional to mask communication * just a bad usage of your mail-client in any case it's not the def

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 08, 2014 at 02:31:58PM +, Ian Malone wrote: > There are three products: workstation, server, cloud. Workstation is > the one for desktop use. That leaves server to aim for the traditional > fedora user base, since cloud is (understandably) a very different > thing. So if you want a

Re: "Workstation" Product defaults to wide-open firewall

Bastien Nocera wrote: > This was discussed, and implemented in the open, and I sent the details of > the feature, and how it would be implemented to the fedora desktop list, > as is customary for Workstation features. That's the problem, you discuss everything in your private playground where you

Re: "Workstation" Product defaults to wide-open firewall

You're completely right, I won't follow security experts' ideas on UI, just as I won't follow a UX designers' ideas on security. I was happy to act as the go between to fix a long-standing problem, only to be told 6 month later that they accepted the change because we gave them a choice that was

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > On 12/08/2014 03:45 PM, Bastien Nocera wrote: > > > > > > - Original Message - > >> On 12/08/2014 03:12 PM, Bastien Nocera wrote: > >>> > >>> > >>> - Original Message - > On 12/08/2014 12:51 PM, Bastien Nocera wrote: > >>> > This is wrong

Are both the audio and jackuser groups necessary?

Hi, A perhaps naive question, but is it really necessary to have both the "audio" and "jackuser" groups? Could these not be consolidated moving forward? Cheers, Jonathan. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Con

Re: "Workstation" Product defaults to wide-open firewall

Am 08.12.2014 um 15:45 schrieb Bastien Nocera: On 12/08/2014 12:51 PM, Bastien Nocera wrote: This is wrong and you know about that - the firewalld folks have been urged to use this zone for the Workstation product - it was a Workstation team decision. What?! We discussed it, and it was dee

Re: "Workstation" Product defaults to wide-open firewall

On 12/08/2014 03:45 PM, Bastien Nocera wrote: - Original Message - On 12/08/2014 03:12 PM, Bastien Nocera wrote: - Original Message - On 12/08/2014 12:51 PM, Bastien Nocera wrote: This is wrong and you know about that - the firewalld folks have been urged to use this zon

File JSON-MaybeXS-1.003003.tar.gz uploaded to lookaside cache by pghmcfc

A file has been added to the lookaside cache for perl-JSON-MaybeXS: 2780e19be87f56078f990a16361ed51b JSON-MaybeXS-1.003003.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-de...@lists.fedoraproject.org https://admin.fedoraproject.org

Re: Review swap -- Budgie Desktop

On Mon, Dec 08, 2014 at 09:08:09AM -0500, Bastien Nocera wrote: > It's a sub-module because it's not a library. I know it does not have a stable api. But could it be compiled as a library? Zbyszek > It won't be a library in the short-term either. -- devel mailing list devel@lists.fedoraproject.

[perl-smartmatch/f21] 0.05-TRIAL

commit 4c2b55a59d34410fa3e528d1b8bd8da5be16 Author: Petr Písař Date: Mon Dec 8 15:41:35 2014 +0100 0.05-TRIAL .gitignore |1 + perl-smartmatch.spec | 17 +++-- sources |2 +- 3 files changed, 13 insertions(+), 7 deletions(-) --- diff --git

Re: "Tick-tock" release cadence?

On Thu, 2014-12-04 at 20:01 +0100, Reindl Harald wrote: > Am 04.12.2014 um 19:57 schrieb Adam Jackson: > > I think it's a bit misguided to even think of these things as related. > > "Polish" in an end-user-visible sense is itself a list of tasks and > > criteria that require dedicated attention, pr

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > On 12/08/2014 03:12 PM, Bastien Nocera wrote: > > > > > > - Original Message - > >> On 12/08/2014 12:51 PM, Bastien Nocera wrote: > > > >> This is wrong and you know about that - the firewalld folks have been > >> urged to use this zone for the Workstation

Re: "Workstation" Product defaults to wide-open firewall

On 8 December 2014 at 13:45, Matthew Miller wrote: > On Mon, Dec 08, 2014 at 12:11:40PM +, Ian Malone wrote: >> >> >>> You're free to select another firewall zone >> And free to move to another distro of course. > > Well, or free to select another Fedora offering, or configure you > systems to

Re: "Workstation" Product defaults to wide-open firewall

On 12/08/2014 03:12 PM, Bastien Nocera wrote: - Original Message - On 12/08/2014 12:51 PM, Bastien Nocera wrote: This is wrong and you know about that - the firewalld folks have been urged to use this zone for the Workstation product - it was a Workstation team decision. What?! We

Re: "Workstation" Product defaults to wide-open firewall

- Original Message - > On 12/08/2014 12:51 PM, Bastien Nocera wrote: > This is wrong and you know about that - the firewalld folks have been > urged to use this zone for the Workstation product - it was a > Workstation team decision. What?! We discussed it, and it was deemed acceptable

Re: Review swap -- Budgie Desktop

It's a sub-module because it's not a library. It won't be a library in the short-term either. - Original Message - > On Mon, Dec 08, 2014 at 08:14:36AM +0800, Christopher Meng wrote: > > I can help as several months ago the budgie music player was packaged by > > myself. At that time the

File Net-Amazon-S3-0.60.tar.gz uploaded to lookaside cache by ppisar

A file has been added to the lookaside cache for perl-Net-Amazon-S3: 652bfee36dbb2c21e8e5633961db7780 Net-Amazon-S3-0.60.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-de...@lists.fedoraproject.org https://admin.fedoraproject.org/m

Re: "Workstation" Product defaults to wide-open firewall

On 12/08/2014 10:50 AM, Bastien Nocera wrote: - Original Message - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We don't need open or preconfigured high ports. What we really need is a user notification with options to allow or deny like we do with SELinux. That would be a appropri

Re: "Workstation" Product defaults to wide-open firewall

On 12/08/2014 12:51 PM, Bastien Nocera wrote: - Original Message - Am 08.12.2014 um 12:34 schrieb Bastien Nocera: Am 08.12.2014 um 11:45 schrieb Bastien Nocera: Well, I'll understand these aspects. But when I think about Linux, especially about Fedora, I'm thinking about the freed

Re: Review swap -- Budgie Desktop

On Mon, Dec 08, 2014 at 08:14:36AM +0800, Christopher Meng wrote: > I can help as several months ago the budgie music player was packaged by > myself. At that time the desktop was however unstable. Thanks. The packaging is straightforward, for the most part. The only sticky issue is the inclusion o

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 08, 2014 at 11:40:30AM +0100, Michael Spahn wrote: > I hope it's not needed to mentions that we are not Ubuntu, Windows or > OSx. We are a free and open Linux distribution and every step in > another direction is an attack against the ideas of free open source > and open mind. Let's pl

Re: "Workstation" Product defaults to wide-open firewall

On Mon, Dec 08, 2014 at 12:11:40PM +, Ian Malone wrote: > >> >>> You're free to select another firewall zone > And free to move to another distro of course. Well, or free to select another Fedora offering, or configure you systems to not be Fedora Workstation. The defaults are different in th

  1   2   >