----- Original Message -----
On 5.1.2015 15:57, Bastien Nocera wrote:
> ----- Original Message -----
>> Björn Persson wrote:
>>> I bet! I worry that the questions would quickly become annoying. But if
>>> ports are going to be blocked by default, then there needs to be some
>>> way for non-sysadmin users to open them.
>>
>> No, why? The ports just need to be closed, period. Non-sysadmin users
>> shouldn't be allowed to open any ports.
>
> Which leads to users being frustrated at the default firewall, which leads
> to
> them throwing in the towel and disabling the firewall altogether, leading
> to
> worse security.
Many people claim this AFAIK nobody posted link to an article/any hard data
about this. (I'm not saying that this statement is not correct, I'm saying
that I don't have reason to believe it without hard data.)
I don't claim to have hard data on this, this is the result of discussions with
my co-workers, Fedora developers that use GNOME, and Fedora users. Evidence of
this is always going to be circumstantial but when I hear of other GNOME developers
that end up using GNOME on Ubuntu with all the problems it brings rather than
deal with SELinux or Fedora's firewall, alarm bells start ringing.
IMHO solution to this problem is what Stephen Gallagher proposed in
other
part
of this thread:
> I'd argue that something similar to the SELinux Troubleshooter would be
> a useful solution here, if interfaces could be added to support it.
The SELinux Troubleshooter is positively awful UI for anyone that didn't go
read SELinux introductory articles. It's also a bug reporting tool, not an
authorisation request as a (bad) firewall UI would need to be.