[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#927461: marked as done (release-notes: Document how to handle openssls new defaults)

A catchup sweep of changes in the last week or so.

There are a couple of grammar errors in the issues.dbk section on
openssl:

+++ b/en/issues.dbk
@@ -172,7 +172,7 @@ $ sudo update-initramfs -u
       version has been changed from TLSv1 to TLSv1.2.
     </para>
     <para>
-      The default security level for TLS connections has also be increased from
+      The default security level for TLS connections has also been increased from
       level 1 to level 2. This moves from the 80 bit security level to the 112
       bit security level and will require 2048 bit or larger RSA and DHE keys,
       224 bit or larger ECC keys, and SHA-2.
@@ -185,7 +185,7 @@ $ sudo update-initramfs -u
     <para>
       In the default <filename>/etc/ssl/openssl.cnf</filename> there is a
       <literal>MinProtocol</literal> and <literal>CipherString</literal>
-      line. The <literal>CipherString</literal> can also sets the security
+      line. The <literal>CipherString</literal> can also set the security
       level. Information about the security levels can be found in the <ulink
       url="https://manpages.debian.org/SSL_CTX_set_security_level(3ssl)">SSL_CTX_set_security_level(3ssl)</ulink>
       manpage. The list of valid strings for the minimum protocol version can

Plus a bit of generally odd phrasing here:

@@ -197,15 +197,15 @@ $ sudo update-initramfs -u
       url="https://manpages.debian.org/config(5ssl)">config(5ssl)</ulink>.
     </para>
     <para>
-      Changing back the defaults in <filename>/etc/ssl/openssl.cnf</filename>
-      to previous system wide defaults can be done using:
+     Changing the system wide defaults in <filename>/etc/ssl/openssl.cnf</filename>
+      back to their previous values can be done by setting:
       <programlisting>
         MinProtocol = None
         CipherString = DEFAULT
       </programlisting>
     </para>

And a misuse of "in case" (which usually means "as a precaution
against X", not "conditional on X"):

     <para>
-      It's recommended that you contact the remote site in case the defaults
+      It's recommended that you contact the remote site if the defaults
       cause problems.
     </para>
   </section>

There's also one piece of un-English adverb placement in the section
about reindexing postgreSQL:

@@ -482,8 +482,8 @@ $ sudo update-initramfs -u
       corruption, such indexes need to be <literal>REINDEX</literal>ed
       immediately after upgrading the <systemitem
       role="package">locales</systemitem> or <systemitem
-      role="package">locales-all</systemitem> packages, before putting back the
-      database into production.
+      role="package">locales-all</systemitem> packages, before putting the
+      database back into production.
     </para>
     <para>
       Suggested command: <screen>sudo -u postgres reindexdb --all</screen>


(But I don't see anything to nitpick in the new Secure Boot info.)
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff --git a/en/issues.dbk b/en/issues.dbk
index 52e988ca..bf661db7 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -172,7 +172,7 @@ $ sudo update-initramfs -u
       version has been changed from TLSv1 to TLSv1.2.
     </para>
     <para>
-      The default security level for TLS connections has also be increased from
+      The default security level for TLS connections has also been increased from
       level 1 to level 2. This moves from the 80 bit security level to the 112
       bit security level and will require 2048 bit or larger RSA and DHE keys,
       224 bit or larger ECC keys, and SHA-2.
@@ -185,7 +185,7 @@ $ sudo update-initramfs -u
     <para>
       In the default <filename>/etc/ssl/openssl.cnf</filename> there is a
       <literal>MinProtocol</literal> and <literal>CipherString</literal>
-      line. The <literal>CipherString</literal> can also sets the security
+      line. The <literal>CipherString</literal> can also set the security
       level. Information about the security levels can be found in the <ulink
       url="https://manpages.debian.org/SSL_CTX_set_security_level(3ssl)">SSL_CTX_set_security_level(3ssl)</ulink>
       manpage. The list of valid strings for the minimum protocol version can
@@ -197,15 +197,15 @@ $ sudo update-initramfs -u
       url="https://manpages.debian.org/config(5ssl)">config(5ssl)</ulink>.
     </para>
     <para>
-      Changing back the defaults in <filename>/etc/ssl/openssl.cnf</filename>
-      to previous system wide defaults can be done using:
+     Changing the system wide defaults in <filename>/etc/ssl/openssl.cnf</filename>
+      back to their previous values can be done by setting:
       <programlisting>
         MinProtocol = None
         CipherString = DEFAULT
       </programlisting>
     </para>
     <para>
-      It's recommended that you contact the remote site in case the defaults
+      It's recommended that you contact the remote site if the defaults
       cause problems.
     </para>
   </section>
@@ -482,8 +482,8 @@ $ sudo update-initramfs -u
       corruption, such indexes need to be <literal>REINDEX</literal>ed
       immediately after upgrading the <systemitem
       role="package">locales</systemitem> or <systemitem
-      role="package">locales-all</systemitem> packages, before putting back the
-      database into production.
+      role="package">locales-all</systemitem> packages, before putting the
+      database back into production.
     </para>
     <para>
       Suggested command: <screen>sudo -u postgres reindexdb --all</screen>
Reply to: