New ZeroConf Spec
Florian.Zeitz at gmx.de
Fri Jul 21 15:37:07 BST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hervé Fache schrieb:
> The problem, as pointed out by Ian earlier, resides in the fact that
> we can't know for sure that the network is bound to the user's house,
> unless the user defines it, and that might make ZeroConf too difficult
> to push on to the typical Ubuntu user. At least this is my
> understanding of the problem.
> An advanced user might have a firewall, and block advertising of
> services from both sides, then we know everything is 'local'. But how
> can we automatically (script) make sure know this is the case? Well
> the short answer is: we can't.
> Now, that does not mean ZeroConf is not workable, it just means it
> requires user intervention to make sure we don't get advertising of
> services leaks. Also, the user needs to trust her local network users!
> Hence the question about encryption.
Well, the fact that it's not possible to know what kind of network the
user is in is the only real argument in this thread I understood. But it
is not an argument against including avahi IMO it is just an argument
against enabling it by default. If a user says explicitly "Share this
folder to the network" he definitely knows that the folder can be
accessed and if he doesn't trust the users in the local network he
shouldn't do it.
I really think enabling it if the user demands it is something everybody
should be able to agree on (which is why I don't really understand why
we are still discussing. This "solution" has been presented a hundred
times all over the thread. Maybe it's caused by me trying to understand
the non-arguments so I'll shut my mouth know). Again sharing a file
doesn't get more dangerous just because it is advertised it could have
been accessed in the first place, so this is not an argument against
including zeroconf support.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
-----END PGP SIGNATURE-----
More information about the ubuntu-devel