Please find, for review, the debconf templates and the debian/control file of tcp-wrappers. Some rationale for my proposed changes are mentioned at the end of this mail. This review will last from Saturday, March 31, 2007 to Tuesday, April 10, 2007. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. The part to review in debian/control are the package description(s). Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Note to tcp-wrappers maintainer(s): this review is CC'ed to you so that you can comment on the proposed changes before we propose the rewrite in a bug report. Please note that these changes will be reviewed and are therefore *not* the final version. Please take care to send any comment to debian-l10n-english. Rationale: Short description. Make it short. Move the daemon name to the long description 1st paragraph: rephrasing. Shorter sentence Merge 2nd and 3rd paragraph and make them shorter and more direct style 4th (now 3rd) paragraph simplified as well. Last sentence removed. It does not add much value and make the screen really too long. --
Template: tcpd/paranoid-mode Type: boolean Default: false _description: Use paranoid settings in hosts.allow and hosts.access? New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrappers daemon (tcpd) will be created as they do not exist yet. . You can choose between a generic and permissive configuration which will allow any incoming connection or a paranoid configuration which will not allow remote connections regardless of where they originate from. The latter, even if more secure, will block out all communication, including, for example, remote administration. . Both files can be modified later to suit your needs as explained in the hosts_access(5) manpage. These settings will only affect network services that use the libwrap library. Restrictions for other services should be established by using firewall rules.
--- ../tcp-wrappers.old/debian/tcpd.templates 2007-03-29 06:12:08.859218328 +0200 +++ debian/tcpd.templates 2007-03-31 19:48:37.171236923 +0200 @@ -1,21 +1,17 @@ Template: tcpd/paranoid-mode Type: boolean Default: false -_description: Should tcpd setup paranoid hosts.allow and hosts.access? - /etc/hosts.allow and /etc/hosts.deny will be setup since you do not have - have any of these files yet. You can either have a generic and permissive - configuration which will allow any incoming connection or a paranoid - configuration which will not allow remote connections regardless of - where they originate from. +_description: Use paranoid settings in hosts.allow and hosts.access? + New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrappers + daemon (tcpd) will be created as they do not exist yet. . - The second option, even if more secure, will block out all communication, - including, for example, remote administration. So if you need this - don't choose it. + You can choose between a generic and permissive configuration which + will allow any incoming connection or a paranoid configuration which + will not allow remote connections regardless of where they originate + from. The latter, even if more secure, will block out all + communication, including, for example, remote administration. . - Regardless of which option you select you can always manually edit both - files to suit your needs, for this, review the hosts_access(5) manpage. - This might include giving remote access of services to legitimate hosts. - . - Notice this only applies to internet services that use the libwrap library. - Remote connections will still be possible to services that do not use - this library, consider using firewall rules to block access to these. + Both files can be modified later to suit your needs as explained in + the hosts_access(5) manpage. These settings will only affect network + services that use the libwrap library. Restrictions for other + services should be established by using firewall rules.
Source: tcp-wrappers
Section: net
Priority: important
Maintainer: Marco d'Itri <md@linux.it>
Build-Depends: debhelper (>= 4), po-debconf
Standards-Version: 3.7.2.2
Package: tcpd
Architecture: any
Priority: important
Depends: ${shlibs:Depends}, ${misc:Depends}
Replaces: libwrap0 (<< 7.6-8)
Conflicts: netbase (<< 3.16-1)
Description: Wietse Venema's TCP wrapper utilities
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
.
These programs log the client host name of incoming telnet,
ftp, rsh, rlogin, finger etc. requests. Security options are:
access control per host, domain and/or service; detection of
host name spoofing or host address spoofing; booby traps to
implement an early-warning system.
Package: libwrap0
Section: libs
Priority: important
Architecture: any
Depends: ${shlibs:Depends}
Recommends: tcpd
Conflicts: netbase (<< 3.16-1)
Description: Wietse Venema's TCP wrappers library
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
.
These programs log the client host name of incoming telnet,
ftp, rsh, rlogin, finger etc. requests. Security options are:
access control per host, domain and/or service; detection of
host name spoofing or host address spoofing; booby traps to
implement an early-warning system.
Package: libwrap0-dev
Section: libdevel
Priority: optional
Architecture: any
Depends: libwrap0 (= ${Source-Version})
Provides: libwrap-dev
Conflicts: libwrap-dev, netbase (<< 3.16-1)
Description: Wietse Venema's TCP wrappers library, development files
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
.
These programs log the client host name of incoming telnet,
ftp, rsh, rlogin, finger etc. requests. Security options are:
access control per host, domain and/or service; detection of
host name spoofing or host address spoofing; booby traps to
implement an early-warning system.
Attachment:
signature.asc
Description: Digital signature