A Topic that needs to be discussed on next the QA meeting..

Jon Stanley jonstanley at gmail.com
Tue Mar 18 03:31:03 UTC 2008


On Mon, Mar 17, 2008 at 9:32 PM, Johann B. Gudmundsson <johannbg at hi.is> wrote:

>  Thanks for making that one clear I have actually been waiting for some
>  one to give me a straight
>  answer regarding that matter and this just proves that Fedora will never
>  be dominating the world :) .

Fedora is not about, has never been about, and will never be about
ticking some counter in order to win an ill-conceived "popularity
contest".  Fedora exists as a platform for innovation.

>
>  That kinda also explains all this whole RTFM for the end users and he
>  has to be and is expected to be
>  an "Linux Guru " attitude that still exists here ( Bug 436227 for
>  example )...

I read that bug and fail to see your point.  The most Tomas is asking
a user to do there is read the documentation that comes with the
system, and make decisions based on it assuming that autodetection
doesn't work.  Am I missing something?

>  And I who apparently is so ignorant and foolish in thinking our main
>  goal was to let Fedora grow and our main target was the home/desktop user

I don't think that's our "main" target.  It is *a* target, however,
first and foremost is that Fedora is a platform for innovation.

>  and expecting those who are gonna use it for server or other things
>  actually would know how to setup Fedora to do so silly me...

Yep, the default partitioning in insane for a server installation.
I'm not lobbying to change it, however, because for the majority of
users it works fine.

>  I would say leaving sshd running with punch hole in a firewall poses a
>  great security risk
>  If a noob users clicks next next ok done through out the installation
>  process and ends up
>  leaving himself open to brute force attacks which his machine then can
>  be used to attack other machines ( M$ )
>  but hey apparently that's just me..
>
>  I would actually think this "not a security risk" should be mentioned
>  each time somebody hands out a Fedora DVD.
>  or somebody that walks passed the Fedora booth and graps one.
>
>  But if it is one of Fedora objectives to distribute easy rootable boxes
>  to the internet fine...

No one ever said that.  If we wanted to distribute rootable boxes, we
wouldn't have things like SELinux, iptables on by default, etc. I just
did a test install of F8, since I can't do Beta testing this evening
really.  I did nothing except for click next through the installation,
and came to the firstboot module about configuring the firewall.  Now,
SSH is selected by default, however, it is a selectable option.  I
would expect if you didn't want ssh through the firewall, that you'd
untick that box.

>  Will was the one I actually thought were a member of that board and
>  kinda the "Head of the QA department,"( sorry Jeremy or Jesse or Bill)
>  ( I Actually thought there were a QA Board, Testers reporting to the board
>  and QA board coordinating tests/bug hunts logic right..).

There is no such formal entity.  Test cases can be designed and
executed by anybody, really.  For the current release (Beta) that
we're working on, there's a tracking page at
https://fedoraproject.org/wiki/QA/TestResults/Fedora9Install/Beta, but
that's about as formal as we get.

>  Hence I reopen reassigned status and was waiting for them to step in..

That would be the bug triage team, which I "lead"'.

>  Since there is none I suggest one is created to address
>  issue like this which consist of not only developers.
>  There can be more conflicts like this..

Anyone is welcome to come to the QA meetings.  They happen every
Wednesday at 1500UTC in #fedora-meeting.  Bug triage meetings are
being moved to 1600UTC for the summer.

>  If we are targeting a whole bunch of "segments" then we should
>  release specifically tuned to those "segments"
>
>  M$ has a server version Mac OS X has a server version
>  there is a reason for it!

Yep, to charge you a whole bunch of money for the same core bits.

>  <whisper>Even Redhat has few *versions*....

Different subscription levels come with different things.  You are
correct that there is a desktop variant.  However, it is almost no
different than the server variant (server has a few desktop-ish things
stripped out - not the other way around).

>  I said it once and I say it again only service that are needed for
>  "running system + networking"
>  should be enabled by default the rest should the user configure on
>  firstboot!
>  Even filed an RFE for this!

Yep, saw it.


>  YES ALONG WITH AVAHI BLUETOOTH AND MORE...
>  until the system can proparly detect HW and enable services on demand...
>
>  Fedora cant be tuned to everybody's needs!

No one said that.

>  The end user should be making that chose not Fedora trying to make
>  "guesses" on how
>  he's gonna setup his system.

There has to be *some* defaults.  At the same time that you are
advocating for this hypothetical n00b, you are also making more work
for them to be up and running with a system that can do productive
things.  Most users look at a computer as a tool to accomplish a task
- not something interesting in and of itself.
>
>  We should be delivering a solid secure product then it's on the users
>  hands if he messes it up
>  not us delivering it already unsecure.

No one said it's insecure by enabling sshd.  Only if the users choose
poor passwords is it insecure., and anaconda warns of this (I know
this for a fact in F9, because I did an install with a rootpw of
'test123' - no, the machine was not publicly exposed and the life
expectancy of the machine was "does it boot?")

>  Since this is the whole attitude why are we shipping Fedora with SElinux
>  enabled since users
>  are already good enought to shoot them selves in the foot????

All of it is a part of a defense-in-depth strategy.

>  I still strongy disagree not that it matters my efforts are in vain....

As Will said, the security team has spoken and we defer judgment to them.




More information about the fedora-test-list mailing list