What I HATE about F11
Seth Vidal
skvidal at fedoraproject.org
Thu Jun 18 16:04:55 UTC 2009
On Thu, 18 Jun 2009, Martin Langhoff wrote:
> On Sun, Jun 14, 2009 at 8:08 PM, Lennart Poettering<mzerqung at 0pointer.de> wrote:
>> Gah. Allowing packages to pierce the firewall just makes the firewall
>> redundant.
>
> True
>
>> A firewall is an extra layer of security that
>> simply hides the actual problem.
>
> Um!? Layered security is a _good thing_. *All* the network daemons in
> Fedora today have had bugs reported. I pretty much want to have that
> extra layer hiding actual problems :-)
>
agreed. The point of the firewall is that some tools are not a good idea
to expose to the whole world. Waiting for every daemon to be perfect or
allowing them to run exposed to find bugs by having people's systems get
cracked is not good or appropriate behavior for any distro.
the default firewall needs to stay, imo.
Having better tools for configuring it is a good idea, but disabling it is
not a solution of any kind.
-sv
More information about the fedora-devel-list
mailing list