On Mon, 2014-12-08 at 16:41 +0100, Kevin Kofler wrote: > So you rather implement the type of OS that just always assumes "Yes" > without even asking? Because that's what the current "firewall" rules > do > (between quotes because it can hardly be called a firewall in that > state). > How's that more secure than asking?
I think the prevailing opinion of the GNOME safety team is that yes/no or allow/disallow dialogs are unacceptable. These just train the user to click yes. Certainly, we are not going to ask for each app that wants to access the network. Instead, we pick a reasonable default and stick with it. The default for an invalid TLS certificate should be to fail, no exceptions, since we know that a user clicking Yes is almost always picking the wrong option. The default for a network service is Allow, since Deny would almost always be the wrong option. What we do need is a better story for helping the user pick a reasonable firewall zone. Home/Work/Coffeeshop is a simple question that's difficult for users to get wrong. > The users who don't know about firewall ports will not need to open > them up > at all. This is not true, or we would not have changed the firewall defaults and we would not be having this conversation. Back to Bastien's use case: "I want to share a video in my home directory using UPnP/DLNA to my TV, using rygel for example." This is a simple requirement, and we're plainly unwilling to revert to the F20 settings as it would break this use case. So your challenge is to find an alternative default that supports it: then we'll have more to talk about.
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
