What I HATE about F11

Seth Vidal skvidal at fedoraproject.org
Thu Jun 18 16:04:55 UTC 2009



On Thu, 18 Jun 2009, Martin Langhoff wrote:

> On Sun, Jun 14, 2009 at 8:08 PM, Lennart Poettering<mzerqung at 0pointer.de> wrote:
>> Gah. Allowing packages to pierce the firewall just makes the firewall
>> redundant.
>
> True
>
>> A firewall is an extra layer of security that
>> simply hides the actual problem.
>
> Um!? Layered security is a _good thing_. *All* the network daemons in
> Fedora today have had bugs reported. I pretty much want to have that
> extra layer hiding actual problems :-)
>

agreed. The point of the firewall is that some tools are not a good idea 
to expose to the whole world. Waiting for every daemon to be perfect or 
allowing them to run exposed to find bugs by having people's systems get 
cracked is not good or appropriate behavior for any distro.

the default firewall needs to stay, imo.

Having better tools for configuring it is a good idea, but disabling it is 
not a solution of any kind.

-sv




More information about the fedora-devel-list mailing list