On 12/09/2014 04:32 PM, Bastien Nocera wrote:
Is it really so awful to ask a user:
"Do you want to expose Eclipse to the network ?" (of course worded
in a better way than my poor English skills can do).
Probably not, but it's not implementable in the current state of
things.
Understood.
Do we
Hi
On Thu, Dec 11, 2014 at 11:49 PM, M. Edward (Ed) Borasky wrote:
>
> Is there an upvote mechanism for that? I'd like to join the chorus if I
> can. ;-)
>
No. Voting is limited to FESCo members. However, if you feel you have
something more to add than the in-numerous responses already in this
Is there an upvote mechanism for that? I'd like to join the chorus if I can. ;-)
On Thu, Dec 11, 2014 at 7:06 PM, Kevin Kofler wrote:
> Kevin Kofler wrote:
>> I just happened to look at the firewalld default settings, and I was not
>> amused when I noticed this:
>> http://pkgs.fedoraproject.org/c
Kevin Kofler wrote:
> I just happened to look at the firewalld default settings, and I was not
> amused when I noticed this:
> http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/FedoraWorkstation.xml
>>
>>
> This "firewall" is a joke! ALL higher ports are wide open!
FESCo ticket filed: http
On Thu, Dec 11, 2014 at 06:03:49AM -0500, Bastien Nocera wrote:
> There's absolutely no way that firewalld is going to be anything but a
> Fedora-only thing, which is a first problem in getting any patches to
> upstream projects. Which is the first problem.
Well, it's a CentOS and RHEL thing, and
- Original Message -
> On 10 December 2014 at 11:47, Bastien Nocera wrote:
> >> I see no
> >> explanation of why rygel needs a random port or why it cannot supply
> >> that information to firewalld. The same goes for any others that have
> >> random ports.
> >
> > Because that's the mec
On 10 December 2014 at 11:47, Bastien Nocera wrote:
>
>
> - Original Message -
>> On 10 December 2014 at 00:43, Bastien Nocera wrote:
>> >
>> >
>> > - Original Message -
>> >> On 9 December 2014 at 13:47, Matthew Miller
>> >> wrote:
>> >> > On Tue, Dec 09, 2014 at 01:11:33PM +000
On 9 December 2014 at 21:31, Kevin Kofler wrote:
> Stephen John Smoogen wrote:
> > In the end, this is a tempest in a teapot. The release is out and it is
> > done.
>
> The release is out, but there are an expected 13 months of security
> updates,
> of which this ought to be the first.
>
>
And as
On 12/09/2014 07:54 PM, Kevin Kofler wrote:
Stephen Gallagher wrote:
services: dhcpv6-client dns freeipa-ldap freeipa-ldaps samba-client
ssh
With the default Workstation policy, does that enumerate all 129022 open
unprivileged ports?
# firewall-cmd --list-all
FedoraWorkstation (active)
Bastien Nocera wrote:
> Even if we chose static ports for those (or rather port ranges, because if
> you have multiple users running, you'd need multiple ports), leaving only
> those ports opened wouldn't stop other random applications from choosing
> those ports to do something nefarious. You're j
On Wed, 2014-12-10 at 05:57 +0100, Kevin Kofler wrote:
> VNC?! You think it's a good idea to allow REMOTE CONTROLLING YOUR
> DESKTOP by
> default???
The firewall must not block VNC. VNC is a GNOME feature and it must work
if enabled. It's disabled by default, because it'd be stupid to have it
ena
On 12/10/2014 12:01 AM, Kevin Kofler wrote:
Stephen John Smoogen wrote:
In the end, this is a tempest in a teapot. The release is out and it is
done.
The release is out, but there are an expected 13 months of security updates,
of which this ought to be the first.
and there is a precedent of
On 12/10/2014 12:38 AM, Simo Sorce wrote:
On Wed, 10 Dec 2014 05:46:32 +0100
Kevin Kofler wrote:
Pete Travis wrote:
Lets say I do have an understanding of network basics, just for the
sake of argument. I share my application with you. The
application is intended to listen on the network, yo
Am 10.12.2014 um 12:47 schrieb Bastien Nocera:
Even if we chose static ports for those (or rather port ranges, because if you
have multiple users running, you'd need multiple ports), leaving only those
ports
opened wouldn't stop other random applications from choosing those ports to
do somethin
- Original Message -
> Bastien Nocera wrote:
> > For example, RTSP streaming, Rhythmbox remote control for iOS, music
> > sharing via DAAP, DLNA sharing via rygel, but also DLNA client usage
> > (through Videos), and VNC are impacted. This is a non-exhaustive list for
> > the default appl
- Original Message -
>
> Am 10.12.2014 um 06:08 schrieb Simo Sorce:
> > Most users have no idea what NAT, TCP or ports are
>
> sadly yes
>
> > nor should they!
>
> *they should* damned
>
> people should stop to evangelize that users do not need to know anything
> and then design oper
- Original Message -
> On 10 December 2014 at 00:43, Bastien Nocera wrote:
> >
> >
> > - Original Message -
> >> On 9 December 2014 at 13:47, Matthew Miller
> >> wrote:
> >> > On Tue, Dec 09, 2014 at 01:11:33PM +, Ian Malone wrote:
> >> >> > have a proposal for a new spin fo
Am 10.12.2014 um 06:08 schrieb Simo Sorce:
Most users have no idea what NAT, TCP or ports are
sadly yes
nor should they!
*they should* damned
people should stop to evangelize that users do not need to know anything
and then design operating systems based on that self-fulfilling prophecy
On 10 December 2014 at 00:43, Bastien Nocera wrote:
>
>
> - Original Message -
>> On 9 December 2014 at 13:47, Matthew Miller wrote:
>> > On Tue, Dec 09, 2014 at 01:11:33PM +, Ian Malone wrote:
>> >> > have a proposal for a new spin focused on privacy and security — the
>> >> > Netize
On Wed, Dec 10, 2014 at 12:08:19AM -0500, Simo Sorce wrote:
> Most users have no idea what NAT, TCP or ports are (nor should they!).
> At most they understand *literally* a question like: "do you want this
> to be allowed to access the network ?" and you better
> name the app in the same way the G
On Wed, 10 Dec 2014 05:46:32 +0100
Kevin Kofler wrote:
> Pete Travis wrote:
> > Lets say I do have an understanding of network basics, just for the
> > sake of argument. I share my application with you. The
> > application is intended to listen on the network, you know this and
> > want the app
Bastien Nocera wrote:
> For example, RTSP streaming, Rhythmbox remote control for iOS, music
> sharing via DAAP, DLNA sharing via rygel, but also DLNA client usage
> (through Videos), and VNC are impacted. This is a non-exhaustive list for
> the default applications in the Workstation version.
VNC
Solomon Peachy wrote:
> On Tue, Dec 09, 2014 at 08:07:00PM +0100, Kevin Kofler wrote:
>> This kind of sharing "features" is a security risk to begin with. Users
>> starting them are part of the problem. A desktop is not a file server.
>
> A desktop isn't a file server, until it is.
>
> Please, t
Pete Travis wrote:
> Lets say I do have an understanding of network basics, just for the sake
> of argument. I share my application with you. The application is
> intended to listen on the network, you know this and want the application
> for that purpose. You run the application, it tries to li
On Tue, Dec 09, 2014 at 12:09:23PM -0700, Pete Travis wrote:
> On Dec 9, 2014 12:06 PM, "Chuck Anderson" wrote:
> >
> > On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote:
> > > On Dec 9, 2014 11:33 AM, "Chuck Anderson" wrote:
> > > I should have said "ask firewalld for a port to be open
Stephen John Smoogen wrote:
> In the end, this is a tempest in a teapot. The release is out and it is
> done.
The release is out, but there are an expected 13 months of security updates,
of which this ought to be the first.
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.o
- Original Message -
> On 9 December 2014 at 13:47, Matthew Miller wrote:
> > On Tue, Dec 09, 2014 at 01:11:33PM +, Ian Malone wrote:
> >> > have a proposal for a new spin focused on privacy and security — the
> >> > Netizen Spin. (If you're interested, I think that could use additio
On 9 December 2014 at 13:47, Matthew Miller wrote:
> On Tue, Dec 09, 2014 at 01:11:33PM +, Ian Malone wrote:
>> > have a proposal for a new spin focused on privacy and security — the
>> > Netizen Spin. (If you're interested, I think that could use additional
>> > contributors.)
>> I was under
On Wed, Dec 10, 2014 at 08:13:54AM +1030, William B wrote:
> * Exploited applications are now more easily able to communicate back
> to C&C systems. Most applications are not "sandboxed", and even if
> they were, this sandboxing is not an excuse to open up other parts
> of the system.
Note t
On Dec 9, 2014 1:31 PM, "Reindl Harald" wrote:
>
>
>
> Am 09.12.2014 um 21:25 schrieb Pete Travis:
>
>> Lets say I do have an understanding of network basics, just for the sake
>> of argument. I share my application with you. The application is
>> intended to listen on the network, you know this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>
> If by opening up some ports that would have hampered the user, rather
> than protect them[1], we avoid the users disabling the firewall, and
> exposing security critical services (such as exposing rpcbind, or
> ntpd, or any other root service), th
On Tue, Dec 09, 2014 at 22:00:28 +0100,
Reindl Harald wrote:
what you completly ignore is the fact with the current warnings of
firefox after accept the self signed cert it no longer wanns *but* if
that cert changes it warns again
This is not a significant threat for me. In the main case I h
Am 09.12.2014 um 21:47 schrieb Bruno Wolff III:
On Tue, Dec 09, 2014 at 20:35:35 +0100,
Reindl Harald wrote:
Am 09.12.2014 um 20:20 schrieb Bruno Wolff III:
There should be a way to disable FF's you need to click twice to accept
certs that are not signed by authorities it recognizes.
w
On Tue, Dec 09, 2014 at 20:35:35 +0100,
Reindl Harald wrote:
Am 09.12.2014 um 20:20 schrieb Bruno Wolff III:
There should be a way to disable FF's you need to click twice to accept
certs that are not signed by authorities it recognizes.
why?
Because I have no trust in any of the cert aut
On 12/09/2014 04:04 PM, Chuck Anderson wrote:
On Tue, Dec 09, 2014 at 01:25:47PM -0700, Pete Travis wrote:
On Dec 9, 2014 12:55 PM, "Reindl Harald" wrote:
Am 09.12.2014 um 20:51 schrieb Pete Travis:
Hmm... a whitelist of things that are allowed to ask for firewall
accommodation doesn't hel
On Tue, Dec 09, 2014 at 08:07:00PM +0100, Kevin Kofler wrote:
> This kind of sharing "features" is a security risk to begin with. Users
> starting them are part of the problem. A desktop is not a file server.
A desktop isn't a file server, until it is.
Please, take a deep breath, and consider th
On Tue, Dec 09, 2014 at 01:25:47PM -0700, Pete Travis wrote:
> On Dec 9, 2014 12:55 PM, "Reindl Harald" wrote:
> >
> >
> > Am 09.12.2014 um 20:51 schrieb Pete Travis:
> >
> >> Hmm... a whitelist of things that are allowed to ask for firewall
> >> accommodation doesn't help me develop new applicati
Am 09.12.2014 um 21:25 schrieb Pete Travis:
Lets say I do have an understanding of network basics, just for the sake
of argument. I share my application with you. The application is
intended to listen on the network, you know this and want the
application for that purpose. You run the applic
On Dec 9, 2014 12:55 PM, "Reindl Harald" wrote:
>
>
> Am 09.12.2014 um 20:51 schrieb Pete Travis:
>
>> Hmm... a whitelist of things that are allowed to ask for firewall
>> accommodation doesn't help me develop new applications at all. And
>> you're jumping to a really high level UI thing and just
Am 09.12.2014 um 21:02 schrieb Matthew Miller:
On Tue, Dec 09, 2014 at 08:55:38PM +0100, Reindl Harald wrote:
a prerequisite for develop network applications is understanding of
network basics and if your application don't use networking you are
not affected
But maybe you're part of a team, a
On Tue, Dec 09, 2014 at 08:55:38PM +0100, Reindl Harald wrote:
> a prerequisite for develop network applications is understanding of
> network basics and if your application don't use networking you are
> not affected
But maybe you're part of a team, and not working on the networking part.
--
M
Am 09.12.2014 um 20:51 schrieb Pete Travis:
Hmm... a whitelist of things that are allowed to ask for firewall
accommodation doesn't help me develop new applications at all. And
you're jumping to a really high level UI thing and just sort of hand
waving over the mechanism needed to make it all w
On Dec 9, 2014 12:38 PM, "Chuck Anderson" wrote:
>
> On Tue, Dec 09, 2014 at 12:09:23PM -0700, Pete Travis wrote:
> > On Dec 9, 2014 12:06 PM, "Chuck Anderson" wrote:
> > >
> > > On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote:
> > > > On Dec 9, 2014 11:33 AM, "Chuck Anderson" wrote:
On Tue, Dec 09, 2014 at 12:09:23PM -0700, Pete Travis wrote:
> On Dec 9, 2014 12:06 PM, "Chuck Anderson" wrote:
> >
> > On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote:
> > > On Dec 9, 2014 11:33 AM, "Chuck Anderson" wrote:
> > > I should have said "ask firewalld for a port to be open
Am 09.12.2014 um 20:20 schrieb Bruno Wolff III:
On Tue, Dec 09, 2014 at 19:20:10 +0100,
Reindl Harald wrote:
* Firefox asks too
* it is not hard to accept a self signed cert
* BUT it is hard enough to defeat the "click OK somewhere" reflex
There should be a way to disable FF's you need to
On Tue, Dec 09, 2014 at 19:20:10 +0100,
Reindl Harald wrote:
* Firefox asks too
* it is not hard to accept a self signed cert
* BUT it is hard enough to defeat the "click OK somewhere" reflex
There should be a way to disable FF's you need to click twice to accept
certs that are not signed b
Am 09.12.2014 um 20:16 schrieb Robert Marcano:
On 12/09/2014 02:19 PM, Reindl Harald wrote:
Am 09.12.2014 um 19:45 schrieb Bastien Nocera:
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based aroun
On 12/09/2014 02:19 PM, Reindl Harald wrote:
Am 09.12.2014 um 19:45 schrieb Bastien Nocera:
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specifically want, not me, nor anyone e
On Dec 9, 2014 11:54 AM, "Brian Wheeler" wrote:
>
> On 12/09/2014 01:45 PM, Bastien Nocera wrote:
>>
>>
>> - Original Message -
>>>
>>> Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product
On Tue, 2014-12-09 at 16:04 +0100, Reindl Harald wrote:
> Am 09.12.2014 um 15:57 schrieb Christian Schaller:
> > Well I think it is hard for anyone to guess what would be reasonable
> > defaults for
> > you specifically, any default is by its nature just targeting an generic
> > person, which migh
On Dec 9, 2014 12:06 PM, "Chuck Anderson" wrote:
>
> On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote:
> > On Dec 9, 2014 11:33 AM, "Chuck Anderson" wrote:
> > I should have said "ask firewalld for a port to be opened" - sorry, I
> > thought that would come from the context.
> >
> > Ar
Bastien Nocera wrote:
> If you start sharing something on a network, then we consider it safe to
> share. If you connect to a public unencrypted Wi-Fi, you won't have the
> option to. If you connect to an encrypted Wi-Fi where sharing your holiday
> photos isn't acceptable then it won't, because yo
On Tue, Dec 09, 2014 at 11:52:01AM -0700, Pete Travis wrote:
> On Dec 9, 2014 11:33 AM, "Chuck Anderson" wrote:
> I should have said "ask firewalld for a port to be opened" - sorry, I
> thought that would come from the context.
>
> Are you saying bind() should be talking to firewalld, via some ap
Am 09.12.2014 um 19:54 schrieb Brian Wheeler:
On 12/09/2014 01:45 PM, Bastien Nocera wrote:
- Original Message -
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specific
On 12/09/2014 01:45 PM, Bastien Nocera wrote:
- Original Message -
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you s
Stephen Gallagher wrote:
> * Port forward between two interfaces, which is really useful with
> virtualizationFedoraWorkstation (default, active)
> interfaces: em1 virbr0 virbr0-nic wlp4s0
> sources:
> services: dhcpv6-client dns freeipa-ldap freeipa-ldaps samba-client
> ssh
> ports:
> ma
On 9 December 2014 at 18:19, Kevin Kofler wrote:
> If you're a developer, surely you know what a port is and can make a few
> clicks in firewall-config or system-config-firewall to open it! A
> "developer" who can't even figure that out is a HORRIBLE developer!
Yup, that's me. A horrible develope
On Dec 9, 2014 11:33 AM, "Chuck Anderson" wrote:
>
> On Tue, Dec 09, 2014 at 11:16:54AM -0700, Pete Travis wrote:
> > But seriously, there's an implication in this thread that there will be
> > work happening to give stuff a path to ask for an open port. Where can
we
> > follow along with that ef
So, since I was accused of "ignoring" the main part of this mail, let's
answer it:
Stephen Gallagher wrote:
> I think you're forgetting the core tenet of security: good security is
> *always* layered.
But Workstation is basically removing the outer layer.
> Also yes: I keep my irreplaceable and
Am 09.12.2014 um 19:45 schrieb Bastien Nocera:
Richard Hughes wrote:
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specifically want, not me, nor anyone else on this list.
If you're a developer, sur
- Original Message -
> Richard Hughes wrote:
> > So do I! I'm a developer, which spin do I use so that the firewall
> > doesn't get in my way? We can't develop a *product* based around what
> > you specifically want, not me, nor anyone else on this list.
>
> If you're a developer, surely
Am 09.12.2014 um 19:33 schrieb Chuck Anderson:
On Tue, Dec 09, 2014 at 11:16:54AM -0700, Pete Travis wrote:
But seriously, there's an implication in this thread that there will be
work happening to give stuff a path to ask for an open port. Where can we
follow along with that effort? Starting
On Tue, Dec 09, 2014 at 11:16:54AM -0700, Pete Travis wrote:
> But seriously, there's an implication in this thread that there will be
> work happening to give stuff a path to ask for an open port. Where can we
> follow along with that effort? Starting with, say, how I might change
> `nikola runse
Michael Catanzaro wrote:
> The default for an invalid TLS certificate should be to fail, no
> exceptions, since we know that a user clicking Yes is almost always
> picking the wrong option.
Nonsense (and this is one of the reasons I hate Firefox). The right answer
for an "invalid" TLS certificate
Przemek Klosowski wrote:
> I think that we should start with the low hanging fruit and simplify the
> firewall zones to two : a public, restricted one and a home/private with
> more ports open; selected by user for each new interface.
Those 2 zones are basically what is defined now with that Works
Brian Wheeler wrote:
> Ok, so what product/spin am I supposed to use? I'm a RHEL sysadmin
> but I use Fedora on my desktop & laptop. I expect the firewall
> to be on so when I evaluate a new piece of software or do a bit of
> network development I don't inadvertently increase my e
Am 09.12.2014 um 19:13 schrieb Kevin Kofler:
Michael Catanzaro wrote:
The default for an invalid TLS certificate should be to fail, no
exceptions, since we know that a user clicking Yes is almost always
picking the wrong option.
Nonsense (and this is one of the reasons I hate Firefox). The ri
Christian Schaller wrote:
> I think the part of the sentence you probably missed was "if you are aware
> and understand the finer details here", because for anyone who doesn't
> understand the finer details here you are suggesting we default the system
> to 'broken'.
s/broken/secure/
"Secure by d
Richard Hughes wrote:
> So do I! I'm a developer, which spin do I use so that the firewall
> doesn't get in my way? We can't develop a *product* based around what
> you specifically want, not me, nor anyone else on this list.
If you're a developer, surely you know what a port is and can make a few
On Dec 9, 2014 10:54 AM, "Stephen John Smoogen" wrote:
>
>
>
> On 9 December 2014 at 10:46, Alec Leamas wrote:
>>
>> On 09/12/14 18:39, Stephen John Smoogen wrote:
>>>
>>>
>>>
>>> On 9 December 2014 at 10:27, Chris Murphy >
>>
>> [cut]
>>
>>> OS X's firewall is disabled by default. Where's th
On Tue, 2014-12-09 at 10:19 -0500, Bastien Nocera wrote:
>
> - Original Message -
> > Hi,
> >
> > > > I also thought that the whole points of having Zones etc, was so that
> > > > we could pick a different zone per network connection,
> >
> > /me too.
> >
> > > > so if I'm in the office
On 09/12/14 18:53, Stephen John Smoogen wrote:
In the end, this is a tempest in a teapot. The release is out and it is
done. I don't like it, but my yelling and screaming and spitting in an
autistic rage did not fix it so its time to move on so that is what I am
going to do.
Amen
--alec
--
d
On 9 December 2014 at 10:46, Alec Leamas wrote:
> On 09/12/14 18:39, Stephen John Smoogen wrote:
>
>>
>>
>> On 9 December 2014 at 10:27, Chris Murphy >
>
> [cut]
>
> OS X's firewall is disabled by default. Where's the outcry?
>>
>>
>> It was a long time ago and it basically caused it to have
On 12/09/2014 11:46 AM, Richard Hughes
wrote:
I don't think it makes much sense for people to stamp their feet
saying "BUT I LIKED THE OLD WAY OF DOING THINGS" when the people
leading the workstation product have identified that the old way of
doing things just
On 09/12/14 18:39, Stephen John Smoogen wrote:
On 9 December 2014 at 10:27, Chris Murphy
[cut]
OS X's firewall is disabled by default. Where's the outcry?
It was a long time ago and it basically caused it to have extra
configurations before it could be 'ok'd' for various corporate and
On 9 December 2014 at 10:27, Chris Murphy wrote:
> On Mon, Dec 8, 2014 at 11:59 PM, William B
> wrote:
>
> > The true crux of this issue is the over complexity that firewalld has
> brought to fedora, and the fact that a quality UI for managing it does not
> exist yet.
> >
> > OSX solves this iss
On Tue, Dec 9, 2014 at 2:08 AM, Nikos Mavrogiannopoulos wrote:
> On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
>> > > I just happened to look at the firewalld default settings, and I
>> > > was not amused when I noticed this:
>> > > http://pkgs.fedoraproject.org/cgit/firewalld.git/tree/Fedor
On 12/09/2014 10:27 AM, Chris Murphy wrote:
> On Mon, Dec 8, 2014 at 11:59 PM, William B wrote:
>
>> The true crux of this issue is the over complexity that firewalld has
>> brought to fedora, and the fact that a quality UI for managing it does not
>> exist yet.
>>
>> OSX solves this issue by h
On Mon, Dec 8, 2014 at 11:59 PM, William B wrote:
> The true crux of this issue is the over complexity that firewalld has brought
> to fedora, and the fact that a quality UI for managing it does not exist yet.
>
> OSX solves this issue by having an "on or off" button, and a list of
> applicatio
On 9 December 2014 at 14:18, Brian Wheeler wrote:
> I also expect things to work with the minimum amount of fuss.
So do I! I'm a developer, which spin do I use so that the firewall
doesn't get in my way? We can't develop a *product* based around what
you specifically want, not me, nor anyone else
On 12/08/2014 06:41 PM, Reindl Harald wrote:
the security community is usually very clear:
* forbid as much as you can by default
* allow only what *really* is needed to get the work done
...and this is the tricky part---you want tightly defined functionality,
and other people want to install a
Hi,
> > Side Note: For the latter we need to cleanup the zones though. There
> >are *way* to many to choose from, and the names suck big
> >time. WTF is a "Fedora$product" zone? And wasn't that
> >discussed before on this list? Why do we *still* have this
On 12/09/2014 10:11 AM, Bastien Nocera
wrote:
The defaults for the various products are "packaged" by zones. You just need
to change the firewalld zone to get whatever is the default on the server side.
Ok, so it's another item on my list of "th
Am 09.12.2014 um 16:40 schrieb Christian Schaller:
- Original Message -
From: "Reindl Harald"
To: devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 10:04:46 AM
Subject: Re: "Workstation" Product defaults to wide-open firewall
Am 09.12.2014 um 15:
- Original Message -
> From: "Reindl Harald"
> To: devel@lists.fedoraproject.org
> Sent: Tuesday, December 9, 2014 10:04:46 AM
> Subject: Re: "Workstation" Product defaults to wide-open firewall
>
>
> Am 09.12.2014 um 15:57 schrieb Christian
On 12/09/2014 11:01 AM, Christian Schaller wrote:
- Original Message -
From: "Gerd Hoffmann"
To: "Development discussions related to Fedora"
Sent: Tuesday, December 9, 2014 10:22:01 AM
Subject: Re: "Workstation" Product defaults to wide-open firewa
- Original Message -
> On Tue, 9 Dec 2014 10:09:07 -0500 (EST)
> Bastien Nocera wrote:
>
> >
> >
> > - Original Message -
> > > On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
> > > Bastien Nocera wrote:
> > >
> > > > No, because that'd be awful UI.
> > >
> > > Is it really so awfu
- Original Message -
> From: "Gerd Hoffmann"
> To: "Development discussions related to Fedora"
>
> Sent: Tuesday, December 9, 2014 10:22:01 AM
> Subject: Re: "Workstation" Product defaults to wide-open firewall
>
> On
On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
Bastien Nocera wrote:
> No, because that'd be awful UI.
Is it really so awful to ask a user:
"Do you want to expose Eclipse to the network ?" (of course worded in a
better way than my poor English skills can do).
I think users can understand such a questi
On Tue, 9 Dec 2014 10:09:07 -0500 (EST)
Bastien Nocera wrote:
>
>
> - Original Message -
> > On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
> > Bastien Nocera wrote:
> >
> > > No, because that'd be awful UI.
> >
> > Is it really so awful to ask a user:
> > "Do you want to expose Eclipse to
On Di, 2014-12-09 at 08:16 -0500, Bastien Nocera wrote:
>
> - Original Message -
> > On Tue, Dec 09, 2014 at 12:54:59PM +0100, Gerd Hoffmann wrote:
> > > Why we can't have something like this? And if you don't want a popup
> > > asking, have something in the NetworkManager applet menu, wh
- Original Message -
> Hi,
>
> > > I also thought that the whole points of having Zones etc, was so that
> > > we could pick a different zone per network connection,
>
> /me too.
>
> > > so if I'm in the office or at home I can say use this zone, if I'm
> > > at a coffee shop I can pic
- Original Message -
> On 12/09/2014 08:50 AM, Richard Hughes wrote:
>
>
>
> On 9 December 2014 at 13:39, Michael Catanzaro wrote:
>
>
>
> So your challenge is to find an alternative default that
> supports it.
> I'd go even further. I don't think the people writing the vast number
- Original Message -
> On Mon, 8 Dec 2014 05:45:56 -0500 (EST)
> Bastien Nocera wrote:
>
> > No, because that'd be awful UI.
>
> Is it really so awful to ask a user:
> "Do you want to expose Eclipse to the network ?" (of course worded in a
> better way than my poor English skills can d
On 12/09/2014 03:57 PM, Christian Schaller wrote:
- Original Message -
From: "Brian Wheeler"
To: devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 9:18:47 AM
Subject: Re: "Workstation" Product defaults to wide-open firewall
On 12/09/2014 08:50 AM,
Am 09.12.2014 um 15:57 schrieb Christian Schaller:
Well I think it is hard for anyone to guess what would be reasonable defaults
for
you specifically, any default is by its nature just targeting an generic
person, which might or might not be a lot like you.
But if you are aware and understand
- Original Message -
> From: "Brian Wheeler"
> To: devel@lists.fedoraproject.org
> Sent: Tuesday, December 9, 2014 9:18:47 AM
> Subject: Re: "Workstation" Product defaults to wide-open firewall
>
> On 12/09/2014 08:50 AM, Richard Hughes wrote:
- Original Message -
> From: "Robert Marcano"
> To: "Development discussions related to Fedora"
>
> Sent: Tuesday, December 9, 2014 8:57:51 AM
> Subject: Re: "Workstation" Product defaults to wide-open firewall
>
> On 12/09
On Tue, 2014-12-09 at 08:23 -0500, Bastien Nocera wrote:
>
> - Original Message -
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Tue, 09 Dec 2014 10:08:06 +0100
> > Nikos Mavrogiannopoulos wrote:
> >
> > > On Tue, 2014-12-09 at 17:29 +1030, William B wrote:
> > > >
On 12/09/2014 08:50 AM, Richard Hughes wrote:
On 9 December 2014 at 13:39, Michael Catanzaro wrote:
So your challenge is to find an alternative default that
supports it.
I'd go even further. I don't think the people writing the vast number
of le
1 - 100 of 245 matches
Mail list logo
