My 2 cents on the whole Fedora to succeed as global wide deployed desktop are...

Jeroen van Meeuwen kanarip at kanarip.com
Mon Sep 3 15:17:58 UTC 2007


Jóhann B. Guðmundsson wrote:
> Jeroen van Meeuwen wrote:
>> If an application is allowed to change the firewall configuration why 
>> do we even include the firewall at all? What's next, applications that 
>> can modify the SELinux policies to allow themselves to run?
>>
> 
> You still need to be root to enable these (chkconfig ) services so why 
> not let it open access for it self  while you enable the service.
> If you have custom firewall rules check the hash box to disable this so 
> doesn't mess up firewall rules. Regarding the SElinux I cannot predict 
> the future
> tho I would mind having that ability
> 

You do not necessarily have to be root but gain root privileges. In 
addition, some applications like HAL daemon can enable (for example) 
CUPS (ergo without the user being root or gaining any privileges); would 
you want to let that automatically open up your firewall?

SELinux in this case does get a little help. If you run authconfig to 
configure NIS and choose to update the configuration files (--update), 
it enables the ypbind as well as the allow_ypbind SELinux boolean. 
"service httpd start" however should not, under any circumstance, enable 
any of the SELinux booleans involved with where httpd may look for files.

>>> Service should be bound to certain interface ( lo eth* ) instead 
>>> being configured default to listen to *.
>>>
>>
>> Right, because on one side you want to make things easier, but the 
>> bind address is /so easy/ to configure from any GUI administration 
>> tool, that you want to limit the bind to a certain interface only? 
>> What happens if there's no eth0? What happens if you have eth0, wlan0 
>> and ppp0 and change between those interfaces because you are a roaming 
>> user?
>>
> It should not still be set to listen to all interfaces

Good argument, I guess we really need to reconsider.

>>> Let the majority fedora user community decide what  should be the 
>>> default application to use in gnome/kde to open/play/view etc files
[...]
>>
>> I believe we have that already.
>>
> Ok where I wanna vote against use of Totem and Evolution 
> System-config-network as default and vote for VLC and Thunderbird and 
> NetworkManager instead...
> 

Try the wiki Feature pages. These threads will most definitely not get 
the feature you want. VLC btw is out-of-the-question.

>>> Application user interface should be kept simple and simple to use 
>>> with advanced menu feature for the advanced user. Things should work 
>>> as much as possible out of the box .
>>> 99% what normal user is doing ( surfing the web, reading his email, 
>>> writing his paper etc should work out of the box ).
>>
>> I guess your wish got heard retroactively and implemented some years ago.
> We are behind in supporting media in browser ( java mplayer plugin etc )

Do you think there might be a reason why these are not in Fedora?

>>
>>> There must be a (legal)way to enable 3 party repos during the 
>>> installation process and set these things up for the noob user.
>>
>> God no! If we do that, we lose. On a personal note; I'd rather make it 
>> as hard as possible to ever use anything I can't read any source code 
>> of, or that isn't licensed to permit me to do whatever I want to do 
>> with it.
>>
> 
> Hum wonder if noobs like reading source don't think so...
> 

Consider what a noob does on any other Operating System Of (No-)Choice. 
It isn't much easier.

>> May I ask how you imagine the user recovers his data if he looses his 
>> private key or passphrase?
>>
> 
> I don't you just get screwed..
> 

Nice, that'll bring us good user experience.

-- 
Kind regards,

Jeroen van Meeuwen
-kanarip

--
http://www.kanarip.com/
RHCE, LPIC-2, MCP, CCNA
C6B0 7FB4 43E6 CDDA D258  F70B 28DE 9FDA 9342 BF08




More information about the fedora-devel-list mailing list