My 2 cents on the whole Fedora to succeed as global wide deployed desktop are...

"Jóhann B. Guðmundsson" johannbg at
Mon Sep 3 14:56:54 UTC 2007

Jeroen van Meeuwen wrote:
> Jóhann B. Guðmundsson wrote:
>> Faster system-start/shutdown!  Service need to start on demand rather 
>> then during the boot up process or
>> at least if anaconda/kudzu don't detect it don't enable it ( 
>> bluetooth, printer service sis etc. ) It's better to have
>> the user to go through setup/installation/initializations process ( 
>> they are used to it )
>> and  have  faster  startup than enable lots of unwanted/unneeded 
>> service during startup "for everything works solution"!
> I guess the next generation of init-scripts is going to figure out 
> what the user wants. You have a point on the bluetooth/printer item, 
> but the "unwanted" services is just silly.
>> Application need to be able to adjust firewall to allow access for 
>> them selves. We don't like it but they noob user will and if
>> your arguments are, the application will mess up my highly 
>> complicated netfilter/iptables firewall, routing rules than your
>> smart enough to be able to *hash* an check box who would disable this 
>> feature in system-config-security, or at least offer
>> a wider selection of services to open in s-c-s especially  those who 
>> need more than just an port opening ( protocol 47 48 50 51 etc.. ).
>> The noob user is not able to create there own *Custom* firewall rules.
> If an application is allowed to change the firewall configuration why 
> do we even include the firewall at all? What's next, applications that 
> can modify the SELinux policies to allow themselves to run?

You still need to be root to enable these (chkconfig ) services so why 
not let it open access for it self  while you enable the service.
If you have custom firewall rules check the hash box to disable this so 
doesn't mess up firewall rules. Regarding the SElinux I cannot predict 
the future
tho I would mind having that ability

> I'm almost certain it should have said that if someone enables the 
> webserver service (regardless of what actual software is providing the 
> service), he should be asked whether he wants to open up his firewall 
> for this/these new socket(s).
>> Service should be bound to certain interface ( lo eth* ) instead 
>> being configured default to listen to *.
> Right, because on one side you want to make things easier, but the 
> bind address is /so easy/ to configure from any GUI administration 
> tool, that you want to limit the bind to a certain interface only? 
> What happens if there's no eth0? What happens if you have eth0, wlan0 
> and ppp0 and change between those interfaces because you are a roaming 
> user?
It should not still be set to listen to all interfaces
>> Let the majority fedora user community decide what  should be the 
>> default application to use in gnome/kde to open/play/view etc files
>> and which application will come with default installation ( in 
>> gnome/kde ), do research in what people are adding/changing/replacing
>> to get better hint of  what should be used as default app behavior or 
>> better yet let fedora user vote what should be used in new release in 
>> fedora
>> ( browser pluggin maybe that would ask user to vote on what ( 
>> apps/fetures ) they want to see in next release of fedora vote 
>> counted and
>> implemented after dev freeze? ).
> I believe we have that already.
Ok where I wanna vote against use of Totem and Evolution 
System-config-network as default and vote for VLC and Thunderbird and 
NetworkManager instead...

>> Application user interface should be kept simple and simple to use 
>> with advanced menu feature for the advanced user. Things should work 
>> as much as possible out of the box .
>> 99% what normal user is doing ( surfing the web, reading his email, 
>> writing his paper etc should work out of the box ).
> I guess your wish got heard retroactively and implemented some years ago.
We are behind in supporting media in browser ( java mplayer plugin etc )
>> There must be a (legal)way to enable 3 party repos during the 
>> installation process and set these things up for the noob user.
> God no! If we do that, we lose. On a personal note; I'd rather make it 
> as hard as possible to ever use anything I can't read any source code 
> of, or that isn't licensed to permit me to do whatever I want to do 
> with it.

Hum wonder if noobs like reading source don't think so...

>> ( moving the legal liability from fedora to the user, disclaimer or 
>> something he has to read, approve and press ok for ).
>> If not move the Fedora HQ to Europe and create a legal and 
>> handicapped Fedora
>> spin to be released in the states since everybody is so keen on suing 
>> everybody in the states.
>> ( we still have some sanity and dignity left here in Europe, I said 
>> some :-)  For their defence the states are young as a nation
>> maybe this will grow of them. )
> Right. Europe has sanity and dignity but the US don't. Right.
> *sigh*
>> Offer encryption on user sensitive data during install or even by 
>> default on hardrive.
>> ( browser cache, email cache etc or maybe offer the user to have his 
>> /home on encrypted partion ).
>> What we do ( Surf the web,what we spend our money on etc ) is being 
>> monitor/catalog/profiled enough as is. Atleas if somebody gets his 
>> hands on your box/drive/laptop lets give him hard time to actually 
>> get your data.
> May I ask how you imagine the user recovers his data if he looses his 
> private key or passphrase?

I don't you just get screwed..

>> Lets try to start do see things from noob user perspective and not 
>> advanced/dev user perspective.
>> We advanced/developers can handle our selfs the noob cant!
>> Best regards
>>                  Johann B.
>> Ps.
>>     Why was minimal install ( no gui ) removed from anaconda?
> It wasn't.
>>    /Fedora by the user for the user.../
> *Users*, plural. Thank you.

Best regards
                Johann B.

Jóhann B. Guðmundsson. RHCE,CCSA
Unix Kerfistjóri.
Reiknistofnun Háskóla Íslands.
Tæknigarði, Dunhaga 5.			Rafpóstur:	johannbg at
107 Reykjavík.				     Sími:	525-4267
Ísland.					Bréfasími:	552-8801

Johann B. Gudmundsson. RHCE,CCSA
Unix System Engineer.
IT Management.
Reiknistofnun University of Iceland.
Taeknigardi, Dunhaga 5.			Email:		johannbg at
IS-107 Reykjavik.			Phone:		+354-525-4267
Iceland.				  Fax:		+354-552-8801 

More information about the fedora-devel-list mailing list