[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#492922: ITP: arpon -- arp handler inspection

On Wed, Jul 30, 2008 at 01:26:11AM +0200, Giuseppe Iuculano wrote:

> > That is not a short description, that is just the expansion of the
> > acronym.
> Yes, this won't to be package synopsis.
> > That is just ripped from the website. 
> Yes, this is only a rip from upstream website.

Please note that the reason ITPs are Cc'ed to debian-devel is that other
developers can review them. This is not possible if the ITPs do not
contain the information that would also be used in the final package(s).
Although it doesn't have to be perfect from the start, just ripping some
text only to fill in the fields is not helpful.

> > It is not very clear to me if this
> > is a stand-alone daemon or some command-line tools or both,
> both
> > if it works
> > as a real, bona-fide ARP daemon or if it is some kind of intrusion
> > detection tool or vulnerability scanner.
> Arpon is quite versatile, the main goal is to be an anti arp poisoning daemon,
> but it can be an arp passive sniffer, arp cache manager ecc..

Ok, perhaps you can include a bullet list of all the things arpon can do
in the long description.

> You can read this:
> http://arpon.sourceforge.net/manpage.html
> http://arpon.sourceforge.net/documentation.html

The long and short descriptions should be self-contained, one should not
have to look up webpages in order to understand what the package does.
(But I did read those webpages before I responded to your ITP.)

> > Other interesting things to know: How does arpon relate to existing
> > packages like arpalert, arping, arptables and farpd? 
> Sorry, I don't understand this question, what problems could I have with arping
> arpalert ecc.?

A Debian user who does not know which ARP tools are in Debian might
search for "ARP" and find lots of packages. I also noticed that arpon
implements some functionality also implemented by arpalert and arping
for example. It would be nice to know if there is overlap between
packages, if some things (like sending ARP pings) is easier to do with
arping or arpon, etcetera.

> > Does it also
> > handle Neighbour Discovery packets (IPv6's equivalent of ARP)?
> As before, the main goal is to be an anti arp poisoning daemon, I'm not sure,
> but with IPv6 this shouldn't be relevant.

As far as I know, ND works exactly the same as ARP, except that the
former is encapsulated in an ICMPv6 packet and ARP just has its own
Ethernet type. So I think things like ARP poisoning should also be
possible with ND, and if you can do ARP pings, you would also want to do
ND pings.

Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>

Attachment: signature.asc
Description: Digital signature

Reply to: