Heya,
It seems to me that Avahi would be safe to run by default. That would allow accessing remote machines through their .local names, even if it wouldn't solve the problem of sharing *from* the machine itself.
But it would mean we can SSH, or VNC into local area machines, and consume data (shares, music, etc.).
Comments?
On Tue, 13 Apr 2010, Bastien Nocera wrote:
Heya,
It seems to me that Avahi would be safe to run by default. That would allow accessing remote machines through their .local names, even if it wouldn't solve the problem of sharing *from* the machine itself.
But it would mean we can SSH, or VNC into local area machines, and consume data (shares, music, etc.).
Comments?
I think if this request is fulfilled then making avahi default on would be okay.
https://bugzilla.redhat.com/show_bug.cgi?id=530087
but only AFTER that request is filled.
how does that sound?
-sv
On Tue, 13.04.10 14:35, Seth Vidal (skvidal@fedoraproject.org) wrote:
On Tue, 13 Apr 2010, Bastien Nocera wrote:
Heya,
It seems to me that Avahi would be safe to run by default. That would allow accessing remote machines through their .local names, even if it wouldn't solve the problem of sharing *from* the machine itself.
But it would mean we can SSH, or VNC into local area machines, and consume data (shares, music, etc.).
Comments?
I think if this request is fulfilled then making avahi default on would be okay.
https://bugzilla.redhat.com/show_bug.cgi?id=530087
but only AFTER that request is filled.
how does that sound?
What does that bug report to do with the firewall and the desktop live cd?
Lennart
On Tue, 13.04.10 17:52, Bastien Nocera (bnocera@redhat.com) wrote:
Heya,
It seems to me that Avahi would be safe to run by default. That would allow accessing remote machines through their .local names, even if it wouldn't solve the problem of sharing *from* the machine itself.
But it would mean we can SSH, or VNC into local area machines, and consume data (shares, music, etc.).
Comments?
Definitely makes sense to me.
Ideally the normal distro would enable it too, but the desktop live cd should be much less controversial.
Lennart
On Tue, 13 Apr 2010, Lennart Poettering wrote:
On Tue, 13.04.10 14:35, Seth Vidal (skvidal@fedoraproject.org) wrote:
On Tue, 13 Apr 2010, Bastien Nocera wrote:
Heya,
It seems to me that Avahi would be safe to run by default. That would allow accessing remote machines through their .local names, even if it wouldn't solve the problem of sharing *from* the machine itself.
But it would mean we can SSH, or VNC into local area machines, and consume data (shares, music, etc.).
Comments?
I think if this request is fulfilled then making avahi default on would be okay.
https://bugzilla.redhat.com/show_bug.cgi?id=530087
but only AFTER that request is filled.
how does that sound?
What does that bug report to do with the firewall and the desktop live cd?
having avahi running and active by default.
if various tools dep on the lib, then a system won't end up with avahi installed and running by default. The above is something of a surprise to many folks running servers.
the comment from JH is the admin/manager of kernel.org who was a bit frustrated by avahi running as a service.
-sv
On Tue, 13.04.10 15:04, Seth Vidal (skvidal@fedoraproject.org) wrote:
What does that bug report to do with the firewall and the desktop live cd?
having avahi running and active by default.
if various tools dep on the lib, then a system won't end up with avahi installed and running by default. The above is something of a surprise to many folks running servers.
the comment from JH is the admin/manager of kernel.org who was a bit frustrated by avahi running as a service.
Right. And what does that have to do with the firewall of the desktop live cd?
I mean, i am not opposed to introducing a seperate package for the avahi libs, but i wonder what that has to do with the firewall of the desktop live cd?
And mentioning an admin's tale about a server is not really to the point is it?
Lennart
On Tue, 13 Apr 2010, Lennart Poettering wrote:
On Tue, 13.04.10 15:04, Seth Vidal (skvidal@fedoraproject.org) wrote:
What does that bug report to do with the firewall and the desktop live cd?
having avahi running and active by default.
if various tools dep on the lib, then a system won't end up with avahi installed and running by default. The above is something of a surprise to many folks running servers.
the comment from JH is the admin/manager of kernel.org who was a bit frustrated by avahi running as a service.
Right. And what does that have to do with the firewall of the desktop live cd?
I mean, i am not opposed to introducing a seperate package for the avahi libs, but i wonder what that has to do with the firewall of the desktop live cd?
And mentioning an admin's tale about a server is not really to the point is it?
Perhaps I misread the original comment - but it was the suggestion of having avahi running by default.
Do you mean having that be the case from the livecd or from the package itself.
If the former, then you're right it's a side issue. I thought the latter was being discussed which is why I brought up that report.
thanks,
-sv
On Tue, 2010-04-13 at 16:11 -0400, Seth Vidal wrote:
On Tue, 13 Apr 2010, Lennart Poettering wrote:
On Tue, 13.04.10 15:04, Seth Vidal (skvidal@fedoraproject.org) wrote:
What does that bug report to do with the firewall and the desktop live cd?
having avahi running and active by default.
if various tools dep on the lib, then a system won't end up with avahi installed and running by default. The above is something of a surprise to many folks running servers.
the comment from JH is the admin/manager of kernel.org who was a bit frustrated by avahi running as a service.
Right. And what does that have to do with the firewall of the desktop live cd?
I mean, i am not opposed to introducing a seperate package for the avahi libs, but i wonder what that has to do with the firewall of the desktop live cd?
And mentioning an admin's tale about a server is not really to the point is it?
Perhaps I misread the original comment - but it was the suggestion of having avahi running by default.
Do you mean having that be the case from the livecd or from the package itself.
If the former, then you're right it's a side issue. I thought the latter was being discussed which is why I brought up that report.
thanks,
-sv
I think both are being discussed somewhat. It'd be nice to do it everywhere, so that the regular install does match somewhat the livecd case, but as a fallback, just doing it on the livecd is less contentious. I'd certainly like to see it on the livecd, and then I'd also like to see us work toward having it on regular installs too, in a way that will keep most parties happy.
On Tue, Apr 13, 2010 at 01:38:05PM -0700, Jesse Keating wrote:
On Tue, 2010-04-13 at 16:11 -0400, Seth Vidal wrote:
Perhaps I misread the original comment - but it was the suggestion of having avahi running by default.
Do you mean having that be the case from the livecd or from the package itself.
If the former, then you're right it's a side issue. I thought the latter was being discussed which is why I brought up that report.
I think both are being discussed somewhat. It'd be nice to do it everywhere, so that the regular install does match somewhat the livecd case, but as a fallback, just doing it on the livecd is less contentious. I'd certainly like to see it on the livecd, and then I'd also like to see us work toward having it on regular installs too, in a way that will keep most parties happy.
I don't know if this is related to Avahi or not, but with the default firewall rules I can't see my friend's printers shared via his Mac system. As soon as I turn off the firewall, the printers show up in the GNOME printing dialog. It would be nice if this just worked correctly out-of-the-box and in the LiveCD case without needing to fiddle with firewall rules.
I personally dont think that avahi should be run by default until bug 534076 gets fixed
Just my 2 cents..
JBG
On Wed, 2010-04-14 at 06:24 +0000, "Jóhann B. Guðmundsson" wrote:
I personally dont think that avahi should be run by default until bug 534076 gets fixed
Just my 2 cents..
How does it stop avahi from working apart from your particular use?
I don't see it as a blocker for adding Avahi to the default installation.
On Tue, 2010-04-13 at 16:11 -0400, Seth Vidal wrote:
On Tue, 13 Apr 2010, Lennart Poettering wrote:
On Tue, 13.04.10 15:04, Seth Vidal (skvidal@fedoraproject.org) wrote:
What does that bug report to do with the firewall and the desktop live cd?
having avahi running and active by default.
if various tools dep on the lib, then a system won't end up with avahi installed and running by default. The above is something of a surprise to many folks running servers.
the comment from JH is the admin/manager of kernel.org who was a bit frustrated by avahi running as a service.
Right. And what does that have to do with the firewall of the desktop live cd?
I mean, i am not opposed to introducing a seperate package for the avahi libs, but i wonder what that has to do with the firewall of the desktop live cd?
And mentioning an admin's tale about a server is not really to the point is it?
Perhaps I misread the original comment - but it was the suggestion of having avahi running by default.
Do you mean having that be the case from the livecd or from the package itself.
If the former, then you're right it's a side issue. I thought the latter was being discussed which is why I brought up that report.
Nope, it's the former that's being discussed.
On Tue, 2010-04-13 at 17:45 -0400, Chuck Anderson wrote:
On Tue, Apr 13, 2010 at 01:38:05PM -0700, Jesse Keating wrote:
On Tue, 2010-04-13 at 16:11 -0400, Seth Vidal wrote:
Perhaps I misread the original comment - but it was the suggestion of having avahi running by default.
Do you mean having that be the case from the livecd or from the package itself.
If the former, then you're right it's a side issue. I thought the latter was being discussed which is why I brought up that report.
I think both are being discussed somewhat. It'd be nice to do it everywhere, so that the regular install does match somewhat the livecd case, but as a fallback, just doing it on the livecd is less contentious. I'd certainly like to see it on the livecd, and then I'd also like to see us work toward having it on regular installs too, in a way that will keep most parties happy.
I don't know if this is related to Avahi or not, but with the default firewall rules I can't see my friend's printers shared via his Mac system. As soon as I turn off the firewall, the printers show up in the GNOME printing dialog. It would be nice if this just worked correctly out-of-the-box and in the LiveCD case without needing to fiddle with firewall rules.
This isn't the only thing that doesn't work by default, see: https://fedoraproject.org/wiki/Desktop/Whiteboards/Firewall
Opening up avahi's port is a first step, having better firewall support in applications is something I'm discussing with a few people (including the system-config-firewall maintainer).
Cheers
On Tue, 2010-04-13 at 21:02 +0200, Lennart Poettering wrote:
On Tue, 13.04.10 17:52, Bastien Nocera (bnocera@redhat.com) wrote:
Heya,
It seems to me that Avahi would be safe to run by default. That would allow accessing remote machines through their .local names, even if it wouldn't solve the problem of sharing *from* the machine itself.
But it would mean we can SSH, or VNC into local area machines, and consume data (shares, music, etc.).
Comments?
Definitely makes sense to me.
Ideally the normal distro would enable it too, but the desktop live cd should be much less controversial.
True. But right now, we cannot open a port depending on whether an application is running (in this case, opening the mdns port if Avahi is running). Some people would think it is a security problem (as you could push any server on that port).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 04/14/2010 08:48 AM, Bastien Nocera wrote:
On Tue, 2010-04-13 at 17:45 -0400, Chuck Anderson wrote:
On Tue, Apr 13, 2010 at 01:38:05PM -0700, Jesse Keating wrote:
On Tue, 2010-04-13 at 16:11 -0400, Seth Vidal wrote:
Perhaps I misread the original comment - but it was the suggestion of having avahi running by default.
Do you mean having that be the case from the livecd or from the package itself.
If the former, then you're right it's a side issue. I thought the latter was being discussed which is why I brought up that report.
I think both are being discussed somewhat. It'd be nice to do it everywhere, so that the regular install does match somewhat the livecd case, but as a fallback, just doing it on the livecd is less contentious. I'd certainly like to see it on the livecd, and then I'd also like to see us work toward having it on regular installs too, in a way that will keep most parties happy.
I don't know if this is related to Avahi or not, but with the default firewall rules I can't see my friend's printers shared via his Mac system. As soon as I turn off the firewall, the printers show up in the GNOME printing dialog. It would be nice if this just worked correctly out-of-the-box and in the LiveCD case without needing to fiddle with firewall rules.
This isn't the only thing that doesn't work by default, see: https://fedoraproject.org/wiki/Desktop/Whiteboards/Firewall
Opening up avahi's port is a first step, having better firewall support in applications is something I'm discussing with a few people (including the system-config-firewall maintainer).
Cheers
SELinux needs to understand any changes you are making also. We need to be very careful with these changes.
On 04/13/2010 10:38 PM, Jesse Keating wrote:
On Tue, 2010-04-13 at 16:11 -0400, Seth Vidal wrote:
On Tue, 13 Apr 2010, Lennart Poettering wrote:
On Tue, 13.04.10 15:04, Seth Vidal (skvidal@fedoraproject.org) wrote:
What does that bug report to do with the firewall and the desktop live cd?
having avahi running and active by default.
if various tools dep on the lib, then a system won't end up with avahi installed and running by default. The above is something of a surprise to many folks running servers.
the comment from JH is the admin/manager of kernel.org who was a bit frustrated by avahi running as a service.
Right. And what does that have to do with the firewall of the desktop live cd?
I mean, i am not opposed to introducing a seperate package for the avahi libs, but i wonder what that has to do with the firewall of the desktop live cd?
And mentioning an admin's tale about a server is not really to the point is it?
Perhaps I misread the original comment - but it was the suggestion of having avahi running by default.
Do you mean having that be the case from the livecd or from the package itself.
If the former, then you're right it's a side issue. I thought the latter was being discussed which is why I brought up that report.
thanks,
-sv
I think both are being discussed somewhat. It'd be nice to do it everywhere, so that the regular install does match somewhat the livecd case, but as a fallback, just doing it on the livecd is less contentious. I'd certainly like to see it on the livecd, and then I'd also like to see us work toward having it on regular installs too, in a way that will keep most parties happy.
I think it would be good to get more people aware of this discussion. Maybe a good starting point would be fedora-devel-list. This topic is too important for all users to be discussed in the desktop list, only.
On Wed, 2010-04-14 at 18:27 +0200, Thomas Woerner wrote: <snip>
I think it would be good to get more people aware of this discussion. Maybe a good starting point would be fedora-devel-list. This topic is too important for all users to be discussed in the desktop list, only.
No, I'm only posting this to the desktop list because it only applies to the desktop live CDs. I don't want to have a discussion about firewalls here, I want to enable Avahi by default on the live CDs.
On 04/14/2010 12:43 PM, Bastien Nocera wrote:
On Wed, 2010-04-14 at 06:24 +0000, "Jóhann B. Guðmundsson" wrote:
I personally dont think that avahi should be run by default until bug 534076 gets fixed
Just my 2 cents..
How does it stop avahi from working apart from your particular use?
I personally don't use avahi and the first thing I do is turn of the avahi-daemon after each installation however we have implemented dns-sd wide-area here at the university and students running Fedora wont be able to take advantage of it ( while os-x users can ) and that is what I consider bad desktop experience since the end user needs open up a terminals and start editing files if he wants to get it to work.
I don't see it as a blocker for adding Avahi to the default installation.
It certainly is not a blocker if avahi ( or any other application ) works "out of the box" for the end user.
If it does not then the end uses might just as well install the application himself ( As opposed for it being installed by default for him ) then turn the knobs to get it to work.
JBG
On some wireless hardware I have experienced that Avahi running FC12, by default, sometimes blocks the boot, following dmesg, apparently because the wireless driver is slow on wake up. Is possible Avahi starting on a non-block mode and try later to check the connections again?
The problem was on a Atheros wireless card, ath5k.
Thank you, best regards.
2010/4/15 "Jóhann B. Guðmundsson" johannbg@hi.is:
On 04/14/2010 12:43 PM, Bastien Nocera wrote:
On Wed, 2010-04-14 at 06:24 +0000, "Jóhann B. Guðmundsson" wrote:
I personally dont think that avahi should be run by default until bug 534076 gets fixed
Just my 2 cents..
How does it stop avahi from working apart from your particular use?
I personally don't use avahi and the first thing I do is turn of the avahi-daemon after each installation however we have implemented dns-sd wide-area here at the university and students running Fedora wont be able to take advantage of it ( while os-x users can ) and that is what I consider bad desktop experience since the end user needs open up a terminals and start editing files if he wants to get it to work.
I don't see it as a blocker for adding Avahi to the default installation.
It certainly is not a blocker if avahi ( or any other application ) works "out of the box" for the end user.
If it does not then the end uses might just as well install the application himself ( As opposed for it being installed by default for him ) then turn the knobs to get it to work.
JBG
desktop@lists.fedoraproject.org
-
"Jóhann B. Guðmundsson" -
Allann Jones -
Bastien Nocera -
Chuck Anderson -
Daniel J Walsh -
Jesse Keating -
Lennart Poettering -
Seth Vidal -
Thomas Woerner