I consider to start some testings with Budgie to check its eligibility for use with SELinux confined user accounts and related measures for the confined users SIG (I hope Budgie captures/shares most of Workstation's SELinux confined user testing/preparations due to the common origin of their desktops, unlike KDE, which unfortunately remains a construction side in this respect).
However, I also checked other security-related configurations, among others, the firewalld. I saw that it seems to be blank.
For example, a Workstation or KDE Spin installation should output
username@fedora:~$ firewall-cmd --list-ports 1025-65535/tcp 1025-65535/udp
But the Budgie output is empty.
Teams of Workstation and KDE have implemented their configuration long ago, and it seemed to be a good compromise among security and user experience.
Does Budgie intentionally differ in this respect from the default configuration(s) in the major end user variants or has this not yet been considered in Budgie?
Does it maybe make sense to reach out to the Workstation WG concerning their security approaches and considerations and try to just adopt them to Budgie as well? So create a permanent link among the teams in this respect? I tend to assume that most security decisions of Workstation can be transferred to Budgie.
Log in to comment on this ticket.