Fedora 21, 22, and 19, firewall discussion, and holiday break

5TFTW

Fedora is a big project, and it’s hard to keep up with everything that goes on. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the five things for December 17th, 2014:

Fedora 21 Retrospective: What was awesome? What wasn’t?

While Fedora 22 is already rolling into the target zone, we do want to make sure we look back at this previous cycle and identify things we can improve — ideally, specific and actionable changes. In the end, we came out with (another!) great release, but there is always something to learn. In particular, we ended yet again in a last minute scramble to get a release we could feel good about signing off on out before the holidays, and next time around it would be nice to put less stress on all of our contributors (including the quality assurance team and the developers needed to make those late fixes.)

There will be more to it than this, but to get started, we have a F21 Retrospective wiki page, to help collect comments and ideas.

Fedora 22: Coming up fast!

FESCo (the Fedora Engineering Steering Committee, the elected organization which oversees technical decisions in the project) has indicated that we’re back to aiming for the traditional May/October Fedora release cycle, and although the F22 schedule isn’t finalized yet, we have a tentative plan calling for a release about 6 months from now. When you work back from that, it means that there’s really not much time to think about change proposals for F22, especially if we subtract out holiday time. So, if you’re thinking of working on something big, please start getting your proposal formalized — the tentative deadline is January 20th, 2015.

Fedora 19: End of Life

And on the other end of the cycle: it’s time to say farewell to Fedora 19. If you’re running this release, please plan to update before January 6th, 2015, when the last updates will go out. After that, there will be no further security fixes. The good news is that Fedora 20 was a great release, and Fedora 21 is even better, and I think you’ll be happy with the upgrade.

Fedora Workstation firewall discussion

This week’s big devel-list thread concerned the default firewall settings in Fedora Workstation. The Fedora Workstation Working Group was not happy with the user experience offered by blocking incoming “high ports” by default. Out of the box, nothing is listening on these, but if one installs software that expects to, it won’t work, and because we don’t have a good way yet to tie attempts to access ports to listening applications and communicate that to the user, the resulting failure is invisible.

On the other hand, if you install something and it starts listening and you didn’t know that, that’s also invisible. So, pretty much everyone recognizes this as a not ideal situation. Everyone involved in the discussion also is concerned with enhancing user security in practice — the question is just how to best get there from an imperfect state. Originally, the Workstation WG asked to disable the firewall entirely. FESCo asked instead that it be left available, possibly with a less-restrictive out-of-the-box configuration — the path taken for F21.

If you’re not running Workstation, this doesn’t affect you. If you are, and would like a different configuration, run the firewall configuration tool and either edit the Fedora Workstation zone or change the default zone. (There’s a long list of options, but “public” is a generally-restrictive choice.)

You can also change the per-network zone. Unfortunately currently wired networks are all considered as one per interface, but wireless networks are distinguished individually. This can be done in a number of ways, but the easiest is to run the network configuration tool (in GNOME control center — press the overview key and start typing “network”), select the wifi network in question, press the little gear icon next to it, go down to Identity (?!), and choose the appropriate firewall zone. (Again, there’s a long list — go back to the firewall config tool to see exactly what they all do.)

This is clearly, not the most friendly approach; it’s my understanding that the desktop designers, network tools team, and security team are going to work together to develop a better overall solution for Fedora 22 and beyond.

Overall, the mailing list thread stayed relatively positive and constructive and avoided personal attacks, although there were some accusations of bad faith actions which do not seem warranted based on the actual history. It is, however, a case where more transparent discussion and communication could have helped; that’s something we’re continually working at making better and might make for a good component of the F21 retrospective mentioned above.

Christmas break

Of course things in Fedora never really stop, but it’s vacation time for many of us. Before I was a beach-bumRed Hat employee, I was used to seeing extended days off as ideal for getting in some serious work on Fedora. Now, things are strangely inverted, and I’m going to use the time to unplug a bit. I’ll be back in January all recharged, and will catch up with everything that’s happened in the meantime — FtFTW will resume the week of January 15th — or possibly the week before, but let’s save the hard-to-keep resolutions for New Year’s Day. 🙂

Check out the Fedora vacation calendar to see who else will be away, and make sure to add yourself if you will be too. (There’s even a Fedora badge for doing so!)


 

5tftw-large

Fedora Contributor Community Fedora Project community Five Things in Fedora This Week Using Software

1 Comment

  1. Me gusta como esta el firewall actualmente, pero hay muchas personas que no entienden que hay 2 modos(por asi decirlo) del firewall la configuración actual y la configuración permanente, eso causa mucha confusión, creo que con un buen rediseño de la interfaz quedaria perfecto.

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions