[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for review: fwknop package

Justin B Rye wrote:

>> Template: fwknop-server/easy_setup
>> Type: boolean
>> Default: false
>> _Description: Setup fwknop to protect the ssh port ?
> No space before the question mark in English. 

Ok, that is a French habit, or at least I think so :)

> How about:
>   _Description: Configure fwknop to protect the SSH port?
> (Throughout: the noun is "(a) setup", the verb is "(to) set up".)


>>  The fwknopd configuration does not appear to have been setup yet.
> Unless there's a significant risk of debconf guessing wrong, it can
> probably afford to say that it *has not* been set up.  And instead
> of overusing the words "setup" and "configuration", how about
> something more informative: 
>    The FireWall KNock OPerator daemon has not been set up yet.
>>  Therefore
>>  this install process can setup fwknopd in order to protect your ssh port with
>>  an easily configured Rijndael shared key, but it is recommended to move to a
>>  GnuPG configuration.
> Reorganising it:
>    This install process can configure fwknopd to protect the SSH port with a
>    simple Rijndael shared key, but moving to a GnuPG setup is recommended.

I would say that sounds better.

>> Template: fwknop-server/hostname
>> Type: string
>> _Description: Machine hostname:
>>  The fwknop-server needs to know the machine hostname.
> (What, and it can't access /bin/hostname?)

As far as I know this is not implemented. I am going to ask upstream in
case there is something behind that. Otherwise, I think I can remove
this question and update the configuration file according to the
hostname and dnsdomainename commands for the current release.

Thanks for pointing that out.

>> Template: fwknop-server/pcap_iface
>> Type: string
>> _Description: Sniffing interface:
>>  By default, fwknop-server runs with the PCAP strategy, and then needs to know 
>>  which ethernet interface has to be put in promiscuous mode.
> If I'm understanding "with the PCAP strategy" correctly,
>    By default, fwknop-server uses libpcap, and needs to know which Ethernet
>    interface should be put in promiscuous mode.

You are right.

*PCAP strategy* is a term employed in fwknop to define a way to run
fwknop. More than one strategy is available, and the user can pick one
according to the server settings.

I prefer your sentence. You do not use specific terms related to fwknop.
People can be afraid of both SPA and Rijndael in case they try the
package and are not familiar with it, so removing __PCAP strategy__
seems a good idea.

>> Template: fwknop-server/key
>> Type: string
>> _Description: Encryption key to use:
>>  By default, SPA packets are encrypted with the Rijndael block cipher which 
>>  requires an encryption key ; This password must be at least eight characters
>>  in length.
> s/ which/, which/ and s/ ;/. /


Many thanks.

Franck Joncourt
http://debian.org - http://smhteam.info/wiki/
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: