Please find, for review, the debconf templates and packages descriptions for the openvpn source package. This review will last from Tuesday, January 08, 2008 to Friday, January 18, 2008. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Rationale: --- ../openvpn.old/debian/templates 2007-12-20 05:54:09.106495297 +0100 +++ debian/templates 2008-01-07 07:42:54.722740056 +0100 @@ -1,6 +1,7 @@ Template: openvpn/change_init Type: boolean Default: false +# NOT REVIEWED, obsolete _Description: Would you like to start openvpn sooner? Previous versions of openvpn started at the same time as most of other services. This means that most of these services couldn't use openvpn As the comment says, this template is not reviewed as considered obsolete. I reported a bug for this (#459531). It would be nice to get confirmation by the maintainer whether he wants to drop these templates. In such cases, I will drop them from the file and thus not offer them for translation. @@ -16,29 +17,28 @@ Type: boolean Default: false - _Description: Would you like a TUN/TAP device to be created? - If you accept here, the package will make a special device called - /dev/net/tun for openvpn's use. If you refuse, the device won't be made - now. Read README.Debian for details on how to make it. If you are using - devfs refuse here. +_Description: Create the TUN/TAP device? + If you choose this option, the /dev/net/tun device + needed by OpenVPN will be created. + . + You should not choose this option if you're using devfs. Avoid "Would you like" style and be more direct. Use our standardized "If you choose this option" formula.... I think there is indeed no point in pointing users to README.Debian. If they choose to not let the device creation, they know how to do it themselves. Split in paragraphs for being clearer. I however wonder whether mentioning devfs is really worth it. It is obsolete, IIRC. Template: openvpn/stop2upgrade Type: boolean Default: false -_Description: Would you like to stop openvpn before it gets upgraded? - In some cases you may be upgrading openvpn in a remote server using - a VPN to do so. The upgrade process stops the running daemon before - installing the new version, in that case you may lose your connection, - the upgrade may be interrupted, and you may not be able to reconnect to - the remote host. - . - Unless you do your upgrades locally, it is advised NOT to stop openvpn - before it gets upgraded. The installation process will restart it once - it's done. +_Description: Stop OpenVPN when upgraded? + The upgrade process stops the running daemon before + installing the new version. If you are installing or upgrading the + system remotely, that could break the upgrade process. + . + Unless upgrades are performed locally, you should choose to not stop + OpenVPN before it is upgraded. The installation process will restart it once + the upgrade is completed. . - This option will take effect in your next upgrade. + This option will take effect for the next upgrade. Again, more direct formulation in the short description. In the deatils, first give the fact that the server is stopped on upgrades and then give a few clues about the possible consequences (reducing the complicated statement to "remotely"....). Of course, if the upgrade is done *remotely* but outside the VPN, the stop has no consequence, but we probably leave this reasoning up to the local admin. "Take effect" + in the upgrade or "for the upgrade". Or something else? ("at next upgrade"?) Template: openvpn/default_port Type: note +# NOT REVIEWED, obsolete _Description: Default port has changed OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If you don't specify the port to be used on your VPNs, this upgrade Another obsolete template @@ -51,6 +51,7 @@ Template: openvpn/change_init2 Type: boolean Default: false +# NOT REVIEWED, obsolete _Description: Would you like to stop openvpn later? Previous versions of openvpn stopped at the same time as most of other services. This meant that some of services stopping later couldn't use And another --- ../openvpn.old/debian/control 2007-12-20 05:54:09.106495297 +0100 +++ debian/control 2008-01-07 07:48:56.204446407 +0100 @@ -9,15 +9,15 @@ Architecture: any Depends: debconf | debconf-2.0, ${shlibs:Depends} Suggests: openssl, resolvconf -Description: Virtual Private Network daemon - An application to securely tunnel IP networks over a single UDP or TCP port. - It can be used to access remote sites, make secure point to point connections, - enhance WiFi security, etc. +Description: virtual private network daemon debatable as "VPN" is an acronym, but I prefer suggestion lowercase, still + OpenVPN is an application to securely tunnel IP networks over a + single UDP or TCP port. It can be used to access remote sites, make + secure point-to-point connections, enhance wireless security, etc. Common mistake in packages' description: virtually linking the long description to either the short...or the package name. So adding "OpenVPN is..." Maybe unlatinize and replace "etc."? . - OpenVPN uses all of the encryption, authentication, and certification features + OpenVPN uses encryption, authentication, and certification features of the OpenSSL library (any cipher, key size, or HMAC digest). I found the original sentence somewhat waird and simplified it a little. . - OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It + OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels - over NAT or connection-oriented stateful firewalls (like Linux's iptables). + over NAT or connection-oriented stateful firewalls (such as Linux's iptables). Drop double spacing s/like/such as --
Template: openvpn/change_init Type: boolean Default: false # NOT REVIEWED, obsolete _Description: Would you like to start openvpn sooner? Previous versions of openvpn started at the same time as most of other services. This means that most of these services couldn't use openvpn since it may have been unavailable when they started. Newer versions of the openvpn package will start earlier. (i.e. a S16openvpn link in rc[235].d instead of a S20openvpn) . If you accept here, the package upgrade will make this change for you. If you refuse, nothing will change, and openvpn will be working just like it did before. Template: openvpn/create_tun Type: boolean Default: false _Description: Create the TUN/TAP device? If you choose this option, the /dev/net/tun device needed by OpenVPN will be created. . You should not choose this option if you're using devfs. Template: openvpn/stop2upgrade Type: boolean Default: false _Description: Stop OpenVPN when upgraded? The upgrade process stops the running daemon before installing the new version. If you are installing or upgrading the system remotely, that could break the upgrade process. . Unless upgrades are performed locally, you should choose to not stop OpenVPN before it is upgraded. The installation process will restart it once the upgrade is completed. . This option will take effect for the next upgrade. Template: openvpn/default_port Type: note # NOT REVIEWED, obsolete _Description: Default port has changed OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If you don't specify the port to be used on your VPNs, this upgrade may break them. . Use the option 'port 5000' if you want to keep the old port configuration, or take a look at your firewall rules to allow the new default port configuration to work. Template: openvpn/change_init2 Type: boolean Default: false # NOT REVIEWED, obsolete _Description: Would you like to stop openvpn later? Previous versions of openvpn stopped at the same time as most of other services. This meant that some of services stopping later couldn't use openvpn since it may have been stopped before them. Newer versions of the openvpn package will stop the service later. (i.e. a K80openvpn link in rc[06].d instead of a K20openvpn) . If you accept here, the package upgrade will make this change for you. If you refuse, nothing will change, and openvpn will be working just like it did before.
--- openvpn.old/debian/templates 2007-12-20 05:54:09.106495297 +0100 +++ openvpn/debian/templates 2008-01-08 18:33:22.317774377 +0100 @@ -1,6 +1,7 @@ Template: openvpn/change_init Type: boolean Default: false +# NOT REVIEWED, obsolete _Description: Would you like to start openvpn sooner? Previous versions of openvpn started at the same time as most of other services. This means that most of these services couldn't use openvpn @@ -15,30 +16,29 @@ Template: openvpn/create_tun Type: boolean Default: false -_Description: Would you like a TUN/TAP device to be created? - If you accept here, the package will make a special device called - /dev/net/tun for openvpn's use. If you refuse, the device won't be made - now. Read README.Debian for details on how to make it. If you are using - devfs refuse here. +_Description: Create the TUN/TAP device? + If you choose this option, the /dev/net/tun device + needed by OpenVPN will be created. + . + You should not choose this option if you're using devfs. Template: openvpn/stop2upgrade Type: boolean Default: false -_Description: Would you like to stop openvpn before it gets upgraded? - In some cases you may be upgrading openvpn in a remote server using - a VPN to do so. The upgrade process stops the running daemon before - installing the new version, in that case you may lose your connection, - the upgrade may be interrupted, and you may not be able to reconnect to - the remote host. - . - Unless you do your upgrades locally, it is advised NOT to stop openvpn - before it gets upgraded. The installation process will restart it once - it's done. +_Description: Stop OpenVPN when upgraded? + The upgrade process stops the running daemon before + installing the new version. If you are installing or upgrading the + system remotely, that could break the upgrade process. + . + Unless upgrades are performed locally, you should choose to not stop + OpenVPN before it is upgraded. The installation process will restart it once + the upgrade is completed. . - This option will take effect in your next upgrade. + This option will take effect for the next upgrade. Template: openvpn/default_port Type: note +# NOT REVIEWED, obsolete _Description: Default port has changed OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If you don't specify the port to be used on your VPNs, this upgrade @@ -51,6 +51,7 @@ Template: openvpn/change_init2 Type: boolean Default: false +# NOT REVIEWED, obsolete _Description: Would you like to stop openvpn later? Previous versions of openvpn stopped at the same time as most of other services. This meant that some of services stopping later couldn't use --- openvpn.old/debian/control 2007-12-20 05:54:09.106495297 +0100 +++ openvpn/debian/control 2008-01-08 18:40:43.807642315 +0100 @@ -9,15 +9,15 @@ Architecture: any Depends: debconf | debconf-2.0, ${shlibs:Depends} Suggests: openssl, resolvconf -Description: Virtual Private Network daemon - An application to securely tunnel IP networks over a single UDP or TCP port. - It can be used to access remote sites, make secure point to point connections, - enhance WiFi security, etc. +Description: virtual private network daemon + OpenVPN is an application to securely tunnel IP networks over a + single UDP or TCP port. It can be used to access remote sites, make + secure point-to-point connections, enhance wireless security, etc. . - OpenVPN uses all of the encryption, authentication, and certification features + OpenVPN uses encryption, authentication, and certification features of the OpenSSL library (any cipher, key size, or HMAC digest). . - OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It + OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels - over NAT or connection-oriented stateful firewalls (like Linux's iptables). + over NAT or connection-oriented stateful firewalls (such as Linux's iptables).
Source: openvpn Section: net Priority: optional Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org> Build-Depends: debhelper (>= 4.1.16), libssl-dev (>> 0.9.6), liblzo2-dev, libpam0g-dev Standards-Version: 3.7.2.0 Package: openvpn Architecture: any Depends: debconf | debconf-2.0, ${shlibs:Depends} Suggests: openssl, resolvconf Description: virtual private network daemon OpenVPN is an application to securely tunnel IP networks over a single UDP or TCP port. It can be used to access remote sites, make secure point-to-point connections, enhance wireless security, etc. . OpenVPN uses encryption, authentication, and certification features of the OpenSSL library (any cipher, key size, or HMAC digest). . OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels over NAT or connection-oriented stateful firewalls (such as Linux's iptables).
Attachment:
signature.asc
Description: Digital signature