Please find, for review, the debconf templates and packages descriptions for the openvas-server source package. This review will last from Sunday, January 04, 2009 to Wednesday, January 14, 2009. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Rationale: --- ../openvas-server.old/debian/openvas-server.templates 2009-01-04 14:15:23.368345744 +0100 +++ debian/openvas-server.templates 2009-01-04 14:34:12.184346215 +0100 @@ -3,46 +3,51 @@ _Description: OpenVAS daemon certificate generation You will need to provide the relevant information to create an SSL certificate for your OpenVAS daemon. Note that this information will - *NOT* be sent to echo anybody (everything stays local), but anyone + remain local to this system, but anyone with the ability to connect to your OpenVAS daemon will be able to - retrieve this information. + see it. Make the sentence simpler and easier to understand. Template: openvas-server/califetime Type: string Default: 1460 -_Description: CA certificate life time in days: - Provide the life time of the Certificate Authority used to generate +_Description: Certificate authority certificate life time (days): + Please choose the lifetime of the Certificate Authority certificate that + will be used to generate the OpenVAS daemon certificate. life time or "lifetime" ? "CA" is jargon and can be expanded in the synopsis... Use the "standardized" "please choose" formulation. I'm unsure, though that this is something that we choose (meaning that a local CA certificate will be created) or provide... Template: openvas-server/srvlifetime Type: string Default: 365 -_Description: Server certificate life time in days: - Provide the life time of the OpenVAS daemon certificate. Notice that the - OpenVAS clients will not connect to servers with expired certificates - so set this value for as long as you want this installation to last. - You can always regenerate this certificate later by removing the certificate - file stored in /var/lib/openvas/CA/ and running 'openvas-mkcert' +_Description: Server certificate life time (days): + Please choose the lifetime of the OpenVAS daemon certificate. + . + Please note that the + OpenVAS clients will not connect to servers with expired certificates. + As a consequence, it is recommended to choose a duration that exceeds + the time you plan to run this server. + . + This certificate can be regenerated later by removing the certificate + file stored in /var/lib/openvas/CA/ and running "openvas-mkcert". Split in paragraphs for readability. Use "Please <foo>" style.... The "as a consequence" sentence still has room for improvement. Justin...:-) I use double quotes. Justin, this is contrary to what we did up to now but re-reading many sources and discussiong with Steve Langasek made me change my mind. Using double quotes is the well established standard for US English and we decided to stick with US English, so.... Template: openvas-server/country Type: string -_Description: Your country (two letter code): - Enter your country's two letter code. +_Description: Country (two letter code): + Please enter the two letter code for the country where this server resides. I went around to check if we already reviewed the other packages that ask similar questions. Actually, we can find: - nessusd and openvas-server (both share their tempaltes, apparently) - openswan and strongswan (ditto) openswan and strongswan make it clear that the information will be used in the X.509 certificate they create by saying: "Please enter the state or province name for the X509 certificate request." The tricky point is making it clear that the "location" information will go in the certicicate and should be related to the locaiton of the server (actually, this is my opinion). I'm opened to suggestions. As of now, what I propose is what I find the best. Template: openvas-server/province Type: string -_Description: Your state or province: - Enter the state or provice you reside in. +_Description: State or province: + Please enter the state or province where this server resides. Removing the "Your". Where *I* live is not relevant. What's relevant is the location of my server or the location of my organization. Template: openvas-server/location Type: string -_Description: Your location: - Enter your location (e.g. town). +_Description: Location: + Please enter the location (e.g. town) where this server resides. Template: openvas-server/organization Type: string Default: OpenVAS -_Description: Your organisation: - Enter the name of your organization or company. +_Description: Organisation: + Please enter the name of the organization this server belongs to. --- ../openvas-server.old/debian/control 2009-01-04 14:15:23.380495021 +0100 +++ debian/control 2009-01-04 14:32:13.964346041 +0100 @@ -11,30 +11,30 @@ Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openvas-plugins Suggests: openvas-client -Description: Remote network security auditor, the server +Description: remote network security auditor - server Lowercase. See DevRef.... Separate the common part with the specific part by an hyphen...the method we standardized in other reviews. The OpenVAS Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, openvasd, is in charge of the attacks, whereas the client, - OpenVAS-Client, provides the user a nice X11/GTK+ interface. + OpenVAS-Client, provides the user a X11/GTK+ interface. Removing "nice". That may be seen as "advertizing" (see DevRef). . - This package contains the server. + This package provides the server. The usual wording for what's in a package.... Package: openvas-server-dev Section: devel Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: libopenvas1-dev, libopenvasnasl1-dev -Description: OpenVAS server static libraries and headers +Description: remote network security auditor - static libraries and headers The OpenVAS Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, openvasd, is in charge of the attacks, whereas the client, - OpenVAS-Client, provides the user a nice X11/GTK+ interface. + OpenVAS-Client, provides the user a X11/GTK+ interface. . - This package contains the required static libraries, headers of the server. + This package provides the required static libraries, headers of the server. --
Template: openvas-server/certificate Type: note _Description: OpenVAS daemon certificate generation You will need to provide the relevant information to create an SSL certificate for your OpenVAS daemon. Note that this information will remain local to this system, but anyone with the ability to connect to your OpenVAS daemon will be able to see it. Template: openvas-server/califetime Type: string Default: 1460 _Description: Certificate authority certificate life time (days): Please choose the lifetime of the Certificate Authority certificate that will be used to generate the OpenVAS daemon certificate. Template: openvas-server/srvlifetime Type: string Default: 365 _Description: Server certificate life time (days): Please choose the lifetime of the OpenVAS daemon certificate. . Please note that the OpenVAS clients will not connect to servers with expired certificates. As a consequence, it is recommended to choose a duration that exceeds the time you plan to run this server. . This certificate can be regenerated later by removing the certificate file stored in /var/lib/openvas/CA/ and running "openvas-mkcert". Template: openvas-server/country Type: string _Description: Country (two letter code): Please enter the two letter code for the country where this server resides. Template: openvas-server/province Type: string _Description: State or province: Please enter the state or province where this server resides. Template: openvas-server/location Type: string _Description: Location: Please enter the location (e.g. town) where this server resides. Template: openvas-server/organization Type: string Default: OpenVAS _Description: Organisation: Please enter the name of the organization this server belongs to.
--- ../openvas-server.old/debian/openvas-server.templates 2009-01-04 14:15:23.368345744 +0100 +++ debian/openvas-server.templates 2009-01-04 14:34:12.184346215 +0100 @@ -3,46 +3,51 @@ _Description: OpenVAS daemon certificate generation You will need to provide the relevant information to create an SSL certificate for your OpenVAS daemon. Note that this information will - *NOT* be sent to echo anybody (everything stays local), but anyone + remain local to this system, but anyone with the ability to connect to your OpenVAS daemon will be able to - retrieve this information. + see it. Template: openvas-server/califetime Type: string Default: 1460 -_Description: CA certificate life time in days: - Provide the life time of the Certificate Authority used to generate +_Description: Certificate authority certificate life time (days): + Please choose the lifetime of the Certificate Authority certificate that + will be used to generate the OpenVAS daemon certificate. Template: openvas-server/srvlifetime Type: string Default: 365 -_Description: Server certificate life time in days: - Provide the life time of the OpenVAS daemon certificate. Notice that the - OpenVAS clients will not connect to servers with expired certificates - so set this value for as long as you want this installation to last. - You can always regenerate this certificate later by removing the certificate - file stored in /var/lib/openvas/CA/ and running 'openvas-mkcert' +_Description: Server certificate life time (days): + Please choose the lifetime of the OpenVAS daemon certificate. + . + Please note that the + OpenVAS clients will not connect to servers with expired certificates. + As a consequence, it is recommended to choose a duration that exceeds + the time you plan to run this server. + . + This certificate can be regenerated later by removing the certificate + file stored in /var/lib/openvas/CA/ and running "openvas-mkcert". Template: openvas-server/country Type: string -_Description: Your country (two letter code): - Enter your country's two letter code. +_Description: Country (two letter code): + Please enter the two letter code for the country where this server resides. Template: openvas-server/province Type: string -_Description: Your state or province: - Enter the state or provice you reside in. +_Description: State or province: + Please enter the state or province where this server resides. Template: openvas-server/location Type: string -_Description: Your location: - Enter your location (e.g. town). +_Description: Location: + Please enter the location (e.g. town) where this server resides. Template: openvas-server/organization Type: string Default: OpenVAS -_Description: Your organisation: - Enter the name of your organization or company. +_Description: Organisation: + Please enter the name of the organization this server belongs to. --- ../openvas-server.old/debian/control 2009-01-04 14:15:23.380495021 +0100 +++ debian/control 2009-01-04 14:32:13.964346041 +0100 @@ -11,30 +11,30 @@ Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openvas-plugins Suggests: openvas-client -Description: Remote network security auditor, the server +Description: remote network security auditor - server The OpenVAS Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, openvasd, is in charge of the attacks, whereas the client, - OpenVAS-Client, provides the user a nice X11/GTK+ interface. + OpenVAS-Client, provides the user a X11/GTK+ interface. . - This package contains the server. + This package provides the server. Package: openvas-server-dev Section: devel Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: libopenvas1-dev, libopenvasnasl1-dev -Description: OpenVAS server static libraries and headers +Description: remote network security auditor - static libraries and headers The OpenVAS Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, openvasd, is in charge of the attacks, whereas the client, - OpenVAS-Client, provides the user a nice X11/GTK+ interface. + OpenVAS-Client, provides the user a X11/GTK+ interface. . - This package contains the required static libraries, headers of the server. + This package provides the required static libraries, headers of the server.
Source: openvas-server Section: admin Priority: optional Maintainer: Tim Brown <timb@nth-dimension.org.uk> Uploaders: Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Build-Depends: debhelper (>= 6), autotools-dev, libgcrypt11-dev, libgnutls-dev, libopenvas1-dev (>= 2.0.0), libopenvasnasl1-dev (>= 2.0.0), libpcap0.8-dev, libwrap0-dev, po-debconf Standards-Version: 3.7.3 Homepage: http://www.openvas.org/ Package: openvas-server Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openvas-plugins Suggests: openvas-client Description: remote network security auditor - server The OpenVAS Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, openvasd, is in charge of the attacks, whereas the client, OpenVAS-Client, provides the user a X11/GTK+ interface. . This package provides the server. Package: openvas-server-dev Section: devel Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: libopenvas1-dev, libopenvasnasl1-dev Description: remote network security auditor - static libraries and headers The OpenVAS Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, openvasd, is in charge of the attacks, whereas the client, OpenVAS-Client, provides the user a X11/GTK+ interface. . This package provides the required static libraries, headers of the server.
Attachment:
signature.asc
Description: Digital signature