On Tue, Nov 13, 2012 at 04:52:47PM -0800, Adam Williamson wrote: > Well, sure, but you seem to be drifting the discussion a bit (or I did, > I've been out of town for the weekend, it gets confusing). As I recall > things, the basic goal we were working towards in this thread was the > reduction of the size of the minimal install.
Sorry... I was drifting it into the other thread. > And I was suggesting taking firewalld out entirely as a way of achieving > that, until I realized that would be stupid. Well. I may be a little bit cynical on this, but I think the unsteered drift of this kind of thing goes like this: 1. Shiny new feature covers the desktop case, so let's make it the default in Fedora. 2. "Don't worry, if you have other needs, the old way still works". 3. So many things get updated to the new way that the old way isn't reasonable anymore, but *those other use cases never get consideration*. It's like step 2 magically covers the end game. But of course it doesn't. I'm not against progress. The static firewall scripts don't cover a lot of cases, and are particularly a pain with virt. But let's not jump ahead of ourselves without at _least_ a plan. So that's a little bit of a tangent, but, as outlined in the other thread, I don't think firewalld is at a point where making it the default would be a good for Fedora. Maybe it could be by F19. Reducing the dependency load is just one part of that. In the meantime, I think we should make sure a newly installed system with either firewalld or the old thing (now called iptables-service) has a sensible firewall out of the box. (Same all-closed-but-ssh as we've had forever, I expect.) > like that. Someone else might want to advocate that, but I'm not. Since > I now figured out to my own satisfaction that we can't just ditch > firewalld from the minimal install, the focus in the context of this > goal should be on reducing its dependency load. I don't think we can "ditch" it, but we can certainly revert. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mat...@fedoraproject.org> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
