Re: [RFR] templates://ssl-cert/{templates}
Christian Perrier wrote:
> Your review should be sent as an answer to this mail.
I've got no complaints about the control file.
> Template: make-ssl-cert/statename
> Type: string
> _DefaultChoice: Some-State
> _Description: State or province name:
> Please enter the name of the country's subdivision to use in the SSL
> certificate.
> .
> It will become the 'stateOrProvinceName' field of the generated SSL
> certificate.
"Country's subdivision" doesn't work. I'd suggest "political
subdivision".
Given that the default countryName is GB, it would help if the
DefaultChoice entry gave some hint as to how I would be expected to
fill this in - "Scotland"? "Lothian & Borders"? "Midlothian"? Or
what? I notice that my fellow Edinburgh resident Steve uses
"Scotland" in "http://www.debian-administration.org/articles/349";,
so I'll assume that approach is standard and suggest the
DefaultChoice value of "England" instead of "Some-State".
> Type: string
> _DefaultChoice: One Organization
> _Description: Organisation name:
^
> Please enter the name of the company or organization to use in the SSL
> certificate.
> .
> It will become the 'organisationName' field of the generated SSL certificate.
^
The template-names (which nobody sees) have isation; the fields in
the RFCs have ization. I can understand the urge to confuse and
annoy en_US users in revenge for SSL's ethnocentric assumption that
we all live in towns or cities in states or provinces, but I think
it's a bad idea to mix locales like this.
Also: surely the obvious example organisation is example.org,
instead of this "One Organization"? What would they be doing
spelling it like that anyway, if they're specifically in
countryName=GB? Okay, I wasn't going to, but I'm changing the
DefaultChoice values. Except for "countryName=GB" - it makes sense
to remind users from the United Kingdom of Great Britain and
Northern Ireland that they shouldn't use "UK", they have to follow
the official slightly-broken ISO-3166 standard.
Better suggestions for "canonical default localityName" etc
welcomed...
> Template: make-ssl-cert/ouname
[...]
> Please enter the name of the division or section of the organization, to use
^
> in the SSL certificate.
> .
> It will become the 'organisationalUnitName' field of the generated SSL certificate.
Defining, therefore no comma.
--
JBR
Ankh kak! (Ancient Egyptian blessing)
--- ../ssl-cert.old/debian/templates 2006-05-18 13:02:20.000000000 +0100
+++ debian/templates 2007-09-23 15:11:41.000000000 +0100
@@ -1,48 +1,65 @@
Template: make-ssl-cert/countryname
Type: string
-_Default: GB
-_Description: Country Name
- The two letter code for your Country. (e.g. GB) (countryName)
+_DefaultChoice: GB
+_Description: Country code:
+ Please enter the two-letter ISO-3166 code to use in the SSL certificate.
+ .
+ It will become the 'countryName' field of the generated SSL certificate.
Template: make-ssl-cert/statename
Type: string
-_Default: Some-State
-_Description: State or Province Name
- Your state, county or province. (stateOrProvinceName)
+_DefaultChoice: England
+_Description: State or province name:
+ Please enter the name of the political subdivision to use in the SSL
+ certificate.
+ .
+ It will become the 'stateOrProvinceName' field of the generated SSL
+ certificate.
Template: make-ssl-cert/localityname
Type: string
-_Default: Some-Locality
-_Description: Locality Name
- The name of the city or town that you live in. (localityName)
+_DefaultChoice: Foo City
+_Description: Locality name:
+ Please enter the name of the city or town to use in the SSL certificate.
+ .
+ It will become the 'localityName' field of the generated SSL certificate.
Template: make-ssl-cert/organisationname
Type: string
-_Default: One Organization
-_Description: Organisation Name
- The name of the company or organisation the certificate is for.
- (organisationName)
+_DefaultChoice: Example.Org
+_Description: Organization name:
+ Please enter the name of the company or organization to use in the SSL
+ certificate.
+ .
+ It will become the 'organizationName' field of the generated SSL certificate.
Template: make-ssl-cert/ouname
Type: string
-_Default: One Organization Unit
-_Description: Organisational Unit Name
- The Division or section of the organisation the certificate is for.
- (organisationalUnitName)
+_DefaultChoice: Dept of Exemplification
+_Description: Organizational unit name:
+ Please enter the name of the division or section of the organization to use
+ in the SSL certificate.
+ .
+ It will become the 'organizationalUnitName' field of the generated SSL certificate.
Template: make-ssl-cert/hostname
Type: string
Default: localhost
-_Description: Host Name
- The host name of the server the certificate is for. This must be filled
- in. (commonName)
+_Description: Host name:
+ Please enter the host name to use in the SSL certificate.
+ .
+ It will become the 'commonName' field of the generated SSL certificate.
+ .
+ This value is mandatory.
Template: make-ssl-cert/email
Type: string
Default: webmaster@localhost
-_Description: Email Address
- The email address that should be associated with the certificate.
+_Description: Email address:
+ Please enter the email address to use in the SSL certificate.
+ .
+ It will become the 'email' field of the generated SSL certificate.
Template: make-ssl-cert/title
Type: title
-_Description: Configure an SSL Certificate.
+_Description: Configure an SSL certificate
--- ../ssl-cert.old/debian/control 2006-05-18 13:02:20.000000000 +0100
+++ debian/control 2007-09-23 11:43:20.000000000 +0100
@@ -9,8 +9,9 @@
Package: ssl-cert
Architecture: all
Depends: ${misc:Depends}, openssl, adduser
-Description: Simple debconf wrapper for openssl
- This is a package to enable unattended installs of software that
- need to create ssl certificates.
- Basically, it's just a wrapper for openssl req that feeds it the correct
- user variables.
+Description: simple debconf wrapper for OpenSSL
+ This package enables unattended installs of software that
+ need to create SSL certificates.
+ .
+ It is a simple wrapper for OpenSSL's certificate request utility that
+ feeds it with the correct user variables.
Template: make-ssl-cert/countryname
Type: string
_DefaultChoice: GB
_Description: Country code:
Please enter the two-letter ISO-3166 code to use in the SSL certificate.
.
It will become the 'countryName' field of the generated SSL certificate.
Template: make-ssl-cert/statename
Type: string
_DefaultChoice: England
_Description: State or province name:
Please enter the name of the political subdivision to use in the SSL
certificate.
.
It will become the 'stateOrProvinceName' field of the generated SSL
certificate.
Template: make-ssl-cert/localityname
Type: string
_DefaultChoice: Foo City
_Description: Locality name:
Please enter the name of the city or town to use in the SSL certificate.
.
It will become the 'localityName' field of the generated SSL certificate.
Template: make-ssl-cert/organisationname
Type: string
_DefaultChoice: Example.Org
_Description: Organization name:
Please enter the name of the company or organization to use in the SSL
certificate.
.
It will become the 'organizationName' field of the generated SSL certificate.
Template: make-ssl-cert/ouname
Type: string
_DefaultChoice: Dept of Exemplification
_Description: Organizational unit name:
Please enter the name of the division or section of the organization to use
in the SSL certificate.
.
It will become the 'organizationalUnitName' field of the generated SSL certificate.
Template: make-ssl-cert/hostname
Type: string
Default: localhost
_Description: Host name:
Please enter the host name to use in the SSL certificate.
.
It will become the 'commonName' field of the generated SSL certificate.
.
This value is mandatory.
Template: make-ssl-cert/email
Type: string
Default: webmaster@localhost
_Description: Email address:
Please enter the email address to use in the SSL certificate.
.
It will become the 'email' field of the generated SSL certificate.
Template: make-ssl-cert/title
Type: title
_Description: Configure an SSL certificate
Source: ssl-cert
Section: utils
Priority: optional
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Uploaders: Tollef Fog Heen <tfheen@debian.org>, Thom May <thom@debian.org>, Fabio M. Di Nitto <fabbione@fabbione.net>, Adam Conrad <adconrad@0c3.net>
Build-Depends-Indep: debhelper (>= 4.1.16)
Standards-Version: 3.6.1
Package: ssl-cert
Architecture: all
Depends: ${misc:Depends}, openssl, adduser
Description: simple debconf wrapper for OpenSSL
This package enables unattended installs of software that
need to create SSL certificates.
.
It is a simple wrapper for OpenSSL's certificate request utility that
feeds it with the correct user variables.
Reply to: