Re: Bug#485562: twiki: configure script access badly protected
Christian Perrier wrote:
> OK, as there are templates changes, this is a good occasion to review
> the entire templates set for this package, as it doesn't follow the
> usual recommended writing style very well.
I'm a bit rusty on that style myself, but there are several places
where I'm not clear about the content.
> Template: twiki/defaultUrlHost
> Type: string
> Default: http://localhost/
> _Description: Top-level URL of the server TWiki runs under:
> Please enter the URL for the web server's full
> name. It is used to construct URLs on some pages. The complete
> server's URL will include the string "twiki" added to this field.
> .
> That URL is also needed by some redirections.
This is hard to follow - especially the bit about "the complete
server's URL". Presumably it means "the complete URL of the
server", not "the URL of the complete server", and even correcting
for that it doesn't quite make sense since the _server's_ URL won't
include the string "twiki".
"Top-level" here is also confusing since it doesn't mean the same as
in the phrase "top-level domain". There must be a better way of
saying "scheme://dnsdomainname/ but not /local/path"...
Maybe:
Template: twiki/defaultUrlHost
Type: string
Default: http://localhost/
_Description: URL of the server TWiki runs under:
Please enter the web server URL (such as "http://www.example.org/";).
Complete TWiki URLs will be constructed from this value plus the
string "twiki/".
> Template: twiki/wikiwebmaster
> Type: string
> Default: webmaster@localhost
> _Description: Email address of the webmaster for this TWiki:
> Please enter the email address that will receive new user registration
> mail. That address will be listed in the "oops" page when an error
> happens.
Slightly rephrased:
_Description: E-mail address of the webmaster for this TWiki:
Please enter the e-mail address that will receive new user registration
mails. This address will also be displayed in the "oops" page when
errors occur.
> Template: twiki/samplefiles
> Type: boolean
> Default: true
> _Description: Install default wiki Topic Set on initial install?
This is a bit misleading, since the question isn't really "what
should happen if it's an initial install?", it's "should this be
treated as an initial install?"
_Description: Perform install of default wiki Topic Set?
> TWiki includes a complete "starter kit" which includes user
> registration pages, documentation, and tutorials.
> .
> Only decline this optionif you're re-installing TWiki after deleting
^
> the package and want to keep the old data, or if you've got a TWiki
> data set from another install.
> .
> If data/Main/WebHome.txt is present, the starter kit will not be
> unpacked. The starter kit files can be found in
^
> /usr/share/twiki/twiki-data.tar.gz (and twiki-pub.tar.gz) if you
> want to install it manually or compare the topics with the new
> version.
Mostly good, but maybe the middle paragraph would be clearer as:
TWiki includes a complete "starter kit" which includes user
registration pages, documentation, and tutorials.
.
Accept this option unless you want to use an existing TWiki data
set (for instance, one left over from a previous installation).
.
If data/Main/WebHome.txt is present, the starter kit will not be
unpacked. The starter kit files can be found in
/usr/share/twiki/twiki-data.tar.gz (and twiki-pub.tar.gz) if you
want to install it manually or compare the topics with the new
version.
> Template: twiki/apacheUserCreationNote
> Type: note
> _Description: Admin User Registration configuration required
> After you have created yourself a user, edit the Main.TWikiAdminGroup
> to restrict Admin privileges to that user.
What has "Registration" got to do with it? And what's this about
editing something (where?) to restrict the privileges? That sounds
as if _everyone_ has Admin privileges until then... oh, wait, is
that bug #485562? So is that going to be fixed or not?
> Template: twiki/configuser
> Type: string
> Default: configuser
> _Description: User allowed to configure TWiki:
> Please enter the username allowed to access the configure script.
> .
> This user will be the only one allowed to access the configure script at
> ${site}/cgi-bin/configure.
Is this the same as the "Admin User" named above? (And shouldn't
the default name be something more like "twikiadmin"? But I'm
wandering off-topic...)
> Template: twiki/configpassword
> Type: password
> #flag:comment:2
> # Translators: do NOT translate "configuser"
> _Description: ${configuser} password:
> Please enter the password for '${configuser}' which will be the
> only user allowed to access the configure script at
> ${site}/cgi-bin/configure.
Couldn't this just be:
_Description: Administrator username:
Please enter the username of the admin user who will be allowed to
access the configure script at ${site}/cgi-bin/configure.
and then:
_Description: Administrator password:
Please enter the password of the admin user who will be allowed to
access the configure script at ${site}/cgi-bin/configure.
(And does it really mean "access" or just "run"?)
> Template: twiki/configpassword_again
> Type: password
> _Description: ${configuser} password confirmation:
> Please re-enter the {configuser} user's password, for verification.
^
Missing "$"; but why bother? It's clearer as:
_Description: Password confirmation:
Please re-enter the same password, for verification.
> Template: twiki/password_mismatch
> Type: error
> _Description: Password mismatch
> The passwords you entered didn't match. You will have to enter them again.
Fair enough.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: