Re: please review debconf template changes in uif
Mike Gabriel wrote:
> Dear l10n-english team,
> I have just uploaded a new package version of 'uif' (universal internet
> firewall). I have added IPv6 support to the debconf dialogs + another
> installation mode.
>
> As I am not a native English speaker, I'd be happy about a debconf template
> review.
>
> The debian/templates file is attached to this email.
>
> Please Cc: me directly, as I am not subscribed to the l10n-english mailing
> list.
The supply of subscribers is a bit low these days, but fortunately not
zero. Suggested version and diff attached.
> Template: uif/conf_method
> Type: select
> __Choices: don't touch, workstation, debian-edu-router
> Default: don't touch
> _Description: Firewall configuration method
> The firewall can be initialized using debconf, or using information
> you manually put into /etc/uif/uif.conf.
"Select" debconf prompts should tell the user what to do, but
preferably without mentioning implementation details like the name
"debconf". If there are three choices, they all need to be explained.
Maybe something like:
Please choose whether the firewall should be configured now with a
simple "workstation" setup, given a specialised debian-edu-router
configuration, or left unconfigured so that you can manually edit
/etc/uif/uif.conf.
> Template: uif/trusted-hostnames
> Type: string
> _Description: Enter trusted DNS hostnames:
s/Enter//g
> In workstation mode, you can specify some DNS hostnames to be
> globally trusted. All incoming traffic coming from there will be
> allowed. Multiple entries have to be separate with spaces.
s/separate/separated/g, and a couple of suggested wording changes:
In workstation mode, you can specify some DNS hostnames to be
globally trusted. All incoming traffic coming from these will be
allowed. Multiple entries must be separated with spaces.
(similarly in other templates)
> .
> Important: Provided hostnames here should be resolvable with IPv4 and
> IPv6 addresses.
You mean "resolvable to" ("example.org" resolves *to* numeric
addresses). And is it saying it has to have *both* kinds of address,
or just making sure it's clear what "resolvable" means? If it really
is the former, you need something more emphatic:
Hostnames provided here must be resolvable to both IPv4 and IPv6
addresses.
> .
> Example: trusted-host-v4-and-v6.mydomain.com
>
> Template: uif/trusted
> Type: string
> _Description: Enter trusted IPv4 hosts and/or networks:
> In workstation mode, you can specify some IPv4 hosts or networks to be
> globally trusted. All incoming traffic coming from there will be
> allowed. Multiple entries have to be separate with spaces.
(As above)
> .
> If you want to trust DNS hostnames that only resolve with
> an IPv4 address, please also enter them here.
s/resolve with/resolve to/g
It's not clear what "also" means here; I don't think you need it.
If you want to trust DNS hostnames that only resolve to
an IPv4 address, please enter them here.
> .
> Example: 10.1.0.0/16 trusted-host-v4-only.mydomain.com 192.168.1.55
>
> Template: uif/trusted-v6
> Type: string
> _Description: Enter trusted IPv6 hosts and/or networks:
> In workstation mode, you can specify some IPv6 hosts or networks to be
> globally trusted. All incoming traffic coming from there will be
> allowed. Multiple entries have to be separate with spaces.
> .
> If you want to trust DNS hostnames that only resolve with
> an IPv6 address, please also enter them here.
> .
> Example: 2001:1234:ab::1 fe80::1
(All as above)
> Template: uif/pings
> Type: boolean
> Default: true
> _Description: Do you want your host to be reachable via ping?
Okay, it's a boolean so it asks a question, but one of the general
rules for template reviews is "don't ask what the user wants", partly
because it gets too wordy, partly because the sysadmin answering this
question might be reluctantly following corporate policy. We could
shorten it all the way down to
_Description: Allow ping?
And insert something more like a definition in the long description.
> Normally an Internet host should be reachable with pings. Choosing no here
> will disable pings which might be somewhat confusing when analyzing
> network problems.
Since "no" is really "false", it might be better to use a more general
wording, like
Normally an Internet host should be reachable with "pings" (ICMP Echo
requests). Rejecting this option will disable pings, which might be
somewhat confusing when analyzing network problems.
> Template: uif/traceroute
> Type: boolean
> Default: true
> _Description: Do you want your host to react to traceroutes?
An extra complication here: you can talk about allowing
(/usr/bin/)traceroute, but the special packets with carefully tailored
TTLs sent by traceroute aren't normally known as "traceroutes"...
> Normally an Internet host should react to traceroutes. Choosing no here
> will disable this, which might be somewhat confusing when analyzing
> network problems.
Normally an Internet host should react to traceroute test packets.
Rejecting this option will disable pings, which might be somewhat
confusing when analyzing network problems.
> Template: uif/really-setup-workstation
> Type: boolean
> _Description: Really setup the firewall with a simple workstation setup?
"Setup" is one of those annoying English separable verbs (you can say
"set it up", so the verb is two words but the noun is one).
Fortunately we can shorten this a bit:
_Description: Really set up a simple workstation firewall?
(So what's the Default, here? Oh well, I'm too rusty on debconf
internals to give useful advice about that.)
> Warning: This configuration provides a very simple firewall setup which is
> only able to trust certain hosts and configure global ping / traceroute
> behaviour.
It's not clear what "is only able to trust certain hosts" means.
"Behaviour" is un-en_US, but by the time I've rephrased it that word's
gone anyway:
Warning: This configuration only provides a very simple firewall setup,
specifying certain hosts as trusted and configuring responses to ping
and traceroute.
> .
> If you need a more specific setup, use /etc/uif/uif.conf as a template and
> choose "don't touch" next time.
You might of course want a totally nonspecific "block everything"
firewall, so maybe s/specific/complex/?
> Template: uif/really-setup-debianedurouter
> Type: boolean
> _Description: Really setup the firewall for Debian Edu Router?
This works with just the s/setup/set up/ change.
> Warning: This configuration provides a base setup for the Debian Edu
> Router. The base setup basically blocks all incoming/outgoing traffic.
> .
> Don't use this setup unless you know what you are doing.
Is "base setup" standard Debian Edu jargon, or should it be "basic"?
Of course, that would make the repetition worse...
Warning: This configuration provides a base setup for the Debian Edu
Router, which basically blocks all incoming/outgoing traffic.
>
> Template: uif/error
> Type: error
> _Description: Error in list of trusted hosts
> Please check the hosts / networks you entered. One or more entries are not
> correct, contain no resolvable hosts, valid IP-addresses, valid network
> definitions or masks.
s/no resolvable/non-resolvable/, but it's simpler if you turn it round:
One or more hosts or networks entered have errors. Please ensure that
hosts are resolvable, and that IP addresses, network definitions, and
masks are valid.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Template: uif/conf_method
Type: select
__Choices: don't touch, workstation, debian-edu-router
Default: don't touch
_Description: Firewall configuration method
Please choose whether the firewall should be configured now with a
simple "workstation" setup, given a specialised Debian-Edu-Router
configuration, or left unconfigured so that you can manually edit
/etc/uif/uif.conf.
Template: uif/trusted-hostnames
Type: string
_Description: Trusted DNS hostnames:
In workstation mode, you can specify some DNS hostnames to be
globally trusted. All incoming traffic coming from these will be
allowed. Multiple entries must be separated with spaces.
.
Hostnames provided here must be resolvable to both IPv4 and IPv6
addresses.
.
Example: trusted-host-v4-and-v6.mydomain.com
Template: uif/trusted
Type: string
_Description: Trusted IPv4 hosts and/or networks:
In workstation mode, you can specify some IPv4 hosts or networks to be
globally trusted. All incoming traffic coming from these will be
allowed. Multiple entries must be separated with spaces.
.
If you want to trust DNS hostnames that only resolve to
an IPv4 address, please enter them here.
.
Example: 10.1.0.0/16 trusted-host-v4-only.mydomain.com 192.168.1.55
Template: uif/trusted-v6
Type: string
_Description: Trusted IPv6 hosts and/or networks:
In workstation mode, you can specify some IPv6 hosts or networks to be
globally trusted. All incoming traffic coming from these will be
allowed. Multiple entries must be separated with spaces.
.
If you want to trust DNS hostnames that only resolve with
an IPv6 address, please enter them here.
.
Example: 2001:1234:ab::1 fe80::1
Template: uif/pings
Type: boolean
Default: true
_Description: Allow ping?
Normally an Internet host should be reachable with "pings" (ICMP Echo
requests). Rejecting this option will disable this, which might be
somewhat confusing when analyzing network problems.
Template: uif/traceroute
Type: boolean
Default: true
_Description: Allow traceroute?
Normally an Internet host should react to traceroute test packets.
Rejecting this option will disable this, which might be somewhat
confusing when analyzing network problems.
Template: uif/really-setup-workstation
Type: boolean
_Description: Really set up up a simple workstation firewall?
Warning: This configuration only provides a very simple firewall setup,
specifying certain hosts as trusted and configuring responses to ping
and traceroute.
.
If you need a more complex setup, use /etc/uif/uif.conf as a template and
choose "don't touch" next time.
Template: uif/really-setup-debianedurouter
Type: boolean
_Description: Really set up the firewall for Debian Edu Router?
Warning: This configuration provides a base setup for the Debian Edu
Router, which basically blocks all incoming/outgoing traffic.
.
Don't use this setup unless you know what you are doing.
Template: uif/error
Type: error
_Description: Error in list of trusted hosts
One or more hosts or networks entered have errors. Please ensure that
hosts are resolvable, and that IP addresses, network definitions, and
masks are valid.
--- templates.old 2022-05-05 12:15:59.890226583 +0100
+++ templates.new 2022-05-05 14:37:27.183881534 +0100
@@ -3,82 +3,84 @@
__Choices: don't touch, workstation, debian-edu-router
Default: don't touch
_Description: Firewall configuration method
- The firewall can be initialized using debconf, or using information
- you manually put into /etc/uif/uif.conf.
+ Please choose whether the firewall should be configured now with a
+ simple "workstation" setup, given a specialised Debian-Edu-Router
+ configuration, or left unconfigured so that you can manually edit
+ /etc/uif/uif.conf.
Template: uif/trusted-hostnames
Type: string
-_Description: Enter trusted DNS hostnames:
+_Description: Trusted DNS hostnames:
In workstation mode, you can specify some DNS hostnames to be
- globally trusted. All incoming traffic coming from there will be
- allowed. Multiple entries have to be separate with spaces.
+ globally trusted. All incoming traffic coming from these will be
+ allowed. Multiple entries must be separated with spaces.
.
- Important: Provided hostnames here should be resolvable with IPv4 and
- IPv6 addresses.
+ Hostnames provided here must be resolvable to both IPv4 and IPv6
+ addresses.
.
Example: trusted-host-v4-and-v6.mydomain.com
Template: uif/trusted
Type: string
-_Description: Enter trusted IPv4 hosts and/or networks:
+_Description: Trusted IPv4 hosts and/or networks:
In workstation mode, you can specify some IPv4 hosts or networks to be
- globally trusted. All incoming traffic coming from there will be
- allowed. Multiple entries have to be separate with spaces.
+ globally trusted. All incoming traffic coming from these will be
+ allowed. Multiple entries must be separated with spaces.
.
- If you want to trust DNS hostnames that only resolve with
- an IPv4 address, please also enter them here.
+ If you want to trust DNS hostnames that only resolve to
+ an IPv4 address, please enter them here.
.
Example: 10.1.0.0/16 trusted-host-v4-only.mydomain.com 192.168.1.55
Template: uif/trusted-v6
Type: string
-_Description: Enter trusted IPv6 hosts and/or networks:
+_Description: Trusted IPv6 hosts and/or networks:
In workstation mode, you can specify some IPv6 hosts or networks to be
- globally trusted. All incoming traffic coming from there will be
- allowed. Multiple entries have to be separate with spaces.
+ globally trusted. All incoming traffic coming from these will be
+ allowed. Multiple entries must be separated with spaces.
.
If you want to trust DNS hostnames that only resolve with
- an IPv6 address, please also enter them here.
+ an IPv6 address, please enter them here.
.
Example: 2001:1234:ab::1 fe80::1
Template: uif/pings
Type: boolean
Default: true
-_Description: Do you want your host to be reachable via ping?
- Normally an Internet host should be reachable with pings. Choosing no here
- will disable pings which might be somewhat confusing when analyzing
- network problems.
+_Description: Allow ping?
+ Normally an Internet host should be reachable with "pings" (ICMP Echo
+ requests). Rejecting this option will disable this, which might be
+ somewhat confusing when analyzing network problems.
Template: uif/traceroute
Type: boolean
Default: true
-_Description: Do you want your host to react to traceroutes?
- Normally an Internet host should react to traceroutes. Choosing no here
- will disable this, which might be somewhat confusing when analyzing
- network problems.
+_Description: Allow traceroute?
+ Normally an Internet host should react to traceroute test packets.
+ Rejecting this option will disable this, which might be somewhat
+ confusing when analyzing network problems.
Template: uif/really-setup-workstation
Type: boolean
-_Description: Really setup the firewall with a simple workstation setup?
- Warning: This configuration provides a very simple firewall setup which is
- only able to trust certain hosts and configure global ping / traceroute
- behaviour.
+_Description: Really set up up a simple workstation firewall?
+ Warning: This configuration only provides a very simple firewall setup,
+ specifying certain hosts as trusted and configuring responses to ping
+ and traceroute.
.
- If you need a more specific setup, use /etc/uif/uif.conf as a template and
+ If you need a more complex setup, use /etc/uif/uif.conf as a template and
choose "don't touch" next time.
Template: uif/really-setup-debianedurouter
Type: boolean
-_Description: Really setup the firewall for Debian Edu Router?
+_Description: Really set up the firewall for Debian Edu Router?
Warning: This configuration provides a base setup for the Debian Edu
- Router. The base setup basically blocks all incoming/outgoing traffic.
+ Router, which basically blocks all incoming/outgoing traffic.
.
Don't use this setup unless you know what you are doing.
Template: uif/error
Type: error
_Description: Error in list of trusted hosts
- Please check the hosts / networks you entered. One or more entries are not
- correct, contain no resolvable hosts, valid IP-addresses, valid network
- definitions or masks.
+ One or more hosts or networks entered have errors. Please ensure that
+ hosts are resolvable, and that IP addresses, network definitions, and
+ masks are valid.
Reply to: