Please find, for review, the debconf templates and packages descriptions for the openvas-server source package.
This review will last from Sunday, January 04, 2009 to Wednesday, January 14, 2009.
Please send reviews as unified diffs (diff -u) against the original
files. Comments about your proposed changes will be appreciated.
Your review should be sent as an answer to this mail.
When appropriate, I will send intermediate requests for review, with
"[RFRn]" (n>=2) as a subject tag.
When we will reach a consensus, I send a "Last Chance For
Comments" mail with "[LCFC]" as a subject tag.
Finally, the reviewed templates will be sent to the package maintainer
as a bug report, and a mail will be sent to this list with "[BTS]" as
a subject tag.
Rationale:
--- ../openvas-server.old/debian/openvas-server.templates 2009-01-04 14:15:23.368345744 +0100
+++ debian/openvas-server.templates 2009-01-04 14:34:12.184346215 +0100
@@ -3,46 +3,51 @@
_Description: OpenVAS daemon certificate generation
You will need to provide the relevant information to create an SSL
certificate for your OpenVAS daemon. Note that this information will
- *NOT* be sent to echo anybody (everything stays local), but anyone
+ remain local to this system, but anyone
with the ability to connect to your OpenVAS daemon will be able to
- retrieve this information.
+ see it.
Make the sentence simpler and easier to understand.
Template: openvas-server/califetime
Type: string
Default: 1460
-_Description: CA certificate life time in days:
- Provide the life time of the Certificate Authority used to generate
+_Description: Certificate authority certificate life time (days):
+ Please choose the lifetime of the Certificate Authority certificate that
+ will be used to generate
the OpenVAS daemon certificate.
life time or "lifetime" ?
"CA" is jargon and can be expanded in the synopsis...
Use the "standardized" "please choose" formulation.
I'm unsure, though that this is something that we choose (meaning that
a local CA certificate will be created) or provide...
Template: openvas-server/srvlifetime
Type: string
Default: 365
-_Description: Server certificate life time in days:
- Provide the life time of the OpenVAS daemon certificate. Notice that the
- OpenVAS clients will not connect to servers with expired certificates
- so set this value for as long as you want this installation to last.
- You can always regenerate this certificate later by removing the certificate
- file stored in /var/lib/openvas/CA/ and running 'openvas-mkcert'
+_Description: Server certificate life time (days):
+ Please choose the lifetime of the OpenVAS daemon certificate.
+ .
+ Please note that the
+ OpenVAS clients will not connect to servers with expired certificates.
+ As a consequence, it is recommended to choose a duration that exceeds
+ the time you plan to run this server.
+ .
+ This certificate can be regenerated later by removing the certificate
+ file stored in /var/lib/openvas/CA/ and running "openvas-mkcert".
Split in paragraphs for readability.
Use "Please <foo>" style....
The "as a consequence" sentence still has room for
improvement. Justin...:-)
I use double quotes. Justin, this is contrary to what we did up to now
but re-reading many sources and discussiong with Steve Langasek made
me change my mind. Using double quotes is the well established
standard for US English and we decided to stick with US English, so....
Template: openvas-server/country
Type: string
-_Description: Your country (two letter code):
- Enter your country's two letter code.
+_Description: Country (two letter code):
+ Please enter the two letter code for the country where this server resides.
I went around to check if we already reviewed the other packages that
ask similar questions.
Actually, we can find:
- nessusd and openvas-server (both share their tempaltes, apparently)
- openswan and strongswan (ditto)
openswan and strongswan make it clear that the information will be
used in the X.509 certificate they create by saying:
"Please enter the state or province name for the X509 certificate request."
The tricky point is making it clear that the "location" information
will go in the certicicate and should be related to the locaiton of
the server (actually, this is my opinion).
I'm opened to suggestions. As of now, what I propose is what I find
the best.
Template: openvas-server/province
Type: string
-_Description: Your state or province:
- Enter the state or provice you reside in.
+_Description: State or province:
+ Please enter the state or province where this server resides.
Removing the "Your". Where *I* live is not relevant. What's relevant
is the location of my server or the location of my organization.
Template: openvas-server/location
Type: string
-_Description: Your location:
- Enter your location (e.g. town).
+_Description: Location:
+ Please enter the location (e.g. town) where this server resides.
Template: openvas-server/organization
Type: string
Default: OpenVAS
-_Description: Your organisation:
- Enter the name of your organization or company.
+_Description: Organisation:
+ Please enter the name of the organization this server belongs to.
--- ../openvas-server.old/debian/control 2009-01-04 14:15:23.380495021 +0100
+++ debian/control 2009-01-04 14:32:13.964346041 +0100
@@ -11,30 +11,30 @@
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, openvas-plugins
Suggests: openvas-client
-Description: Remote network security auditor, the server
+Description: remote network security auditor - server
Lowercase. See DevRef....
Separate the common part with the specific part by an hyphen...the
method we standardized in other reviews.
The OpenVAS Security Scanner is a security auditing tool. It makes
possible to test security modules in an attempt to find vulnerable
spots that should be fixed.
.
It is made up of two parts: a server, and a client. The server/daemon,
openvasd, is in charge of the attacks, whereas the client,
- OpenVAS-Client, provides the user a nice X11/GTK+ interface.
+ OpenVAS-Client, provides the user a X11/GTK+ interface.
Removing "nice". That may be seen as "advertizing" (see DevRef).
.
- This package contains the server.
+ This package provides the server.
The usual wording for what's in a package....
Package: openvas-server-dev
Section: devel
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: libopenvas1-dev, libopenvasnasl1-dev
-Description: OpenVAS server static libraries and headers
+Description: remote network security auditor - static libraries and headers
The OpenVAS Security Scanner is a security auditing tool. It makes
possible to test security modules in an attempt to find vulnerable
spots that should be fixed.
.
It is made up of two parts: a server, and a client. The server/daemon,
openvasd, is in charge of the attacks, whereas the client,
- OpenVAS-Client, provides the user a nice X11/GTK+ interface.
+ OpenVAS-Client, provides the user a X11/GTK+ interface.
.
- This package contains the required static libraries, headers of the server.
+ This package provides the required static libraries, headers of the server.
--
Template: openvas-server/certificate Type: note _Description: OpenVAS daemon certificate generation You will need to provide the relevant information to create an SSL certificate for your OpenVAS daemon. Note that this information will remain local to this system, but anyone with the ability to connect to your OpenVAS daemon will be able to see it. Template: openvas-server/califetime Type: string Default: 1460 _Description: Certificate authority certificate life time (days): Please choose the lifetime of the Certificate Authority certificate that will be used to generate the OpenVAS daemon certificate. Template: openvas-server/srvlifetime Type: string Default: 365 _Description: Server certificate life time (days): Please choose the lifetime of the OpenVAS daemon certificate. . Please note that the OpenVAS clients will not connect to servers with expired certificates. As a consequence, it is recommended to choose a duration that exceeds the time you plan to run this server. . This certificate can be regenerated later by removing the certificate file stored in /var/lib/openvas/CA/ and running "openvas-mkcert". Template: openvas-server/country Type: string _Description: Country (two letter code): Please enter the two letter code for the country where this server resides. Template: openvas-server/province Type: string _Description: State or province: Please enter the state or province where this server resides. Template: openvas-server/location Type: string _Description: Location: Please enter the location (e.g. town) where this server resides. Template: openvas-server/organization Type: string Default: OpenVAS _Description: Organisation: Please enter the name of the organization this server belongs to.
--- ../openvas-server.old/debian/openvas-server.templates 2009-01-04 14:15:23.368345744 +0100
+++ debian/openvas-server.templates 2009-01-04 14:34:12.184346215 +0100
@@ -3,46 +3,51 @@
_Description: OpenVAS daemon certificate generation
You will need to provide the relevant information to create an SSL
certificate for your OpenVAS daemon. Note that this information will
- *NOT* be sent to echo anybody (everything stays local), but anyone
+ remain local to this system, but anyone
with the ability to connect to your OpenVAS daemon will be able to
- retrieve this information.
+ see it.
Template: openvas-server/califetime
Type: string
Default: 1460
-_Description: CA certificate life time in days:
- Provide the life time of the Certificate Authority used to generate
+_Description: Certificate authority certificate life time (days):
+ Please choose the lifetime of the Certificate Authority certificate that
+ will be used to generate
the OpenVAS daemon certificate.
Template: openvas-server/srvlifetime
Type: string
Default: 365
-_Description: Server certificate life time in days:
- Provide the life time of the OpenVAS daemon certificate. Notice that the
- OpenVAS clients will not connect to servers with expired certificates
- so set this value for as long as you want this installation to last.
- You can always regenerate this certificate later by removing the certificate
- file stored in /var/lib/openvas/CA/ and running 'openvas-mkcert'
+_Description: Server certificate life time (days):
+ Please choose the lifetime of the OpenVAS daemon certificate.
+ .
+ Please note that the
+ OpenVAS clients will not connect to servers with expired certificates.
+ As a consequence, it is recommended to choose a duration that exceeds
+ the time you plan to run this server.
+ .
+ This certificate can be regenerated later by removing the certificate
+ file stored in /var/lib/openvas/CA/ and running "openvas-mkcert".
Template: openvas-server/country
Type: string
-_Description: Your country (two letter code):
- Enter your country's two letter code.
+_Description: Country (two letter code):
+ Please enter the two letter code for the country where this server resides.
Template: openvas-server/province
Type: string
-_Description: Your state or province:
- Enter the state or provice you reside in.
+_Description: State or province:
+ Please enter the state or province where this server resides.
Template: openvas-server/location
Type: string
-_Description: Your location:
- Enter your location (e.g. town).
+_Description: Location:
+ Please enter the location (e.g. town) where this server resides.
Template: openvas-server/organization
Type: string
Default: OpenVAS
-_Description: Your organisation:
- Enter the name of your organization or company.
+_Description: Organisation:
+ Please enter the name of the organization this server belongs to.
--- ../openvas-server.old/debian/control 2009-01-04 14:15:23.380495021 +0100
+++ debian/control 2009-01-04 14:32:13.964346041 +0100
@@ -11,30 +11,30 @@
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, openvas-plugins
Suggests: openvas-client
-Description: Remote network security auditor, the server
+Description: remote network security auditor - server
The OpenVAS Security Scanner is a security auditing tool. It makes
possible to test security modules in an attempt to find vulnerable
spots that should be fixed.
.
It is made up of two parts: a server, and a client. The server/daemon,
openvasd, is in charge of the attacks, whereas the client,
- OpenVAS-Client, provides the user a nice X11/GTK+ interface.
+ OpenVAS-Client, provides the user a X11/GTK+ interface.
.
- This package contains the server.
+ This package provides the server.
Package: openvas-server-dev
Section: devel
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: libopenvas1-dev, libopenvasnasl1-dev
-Description: OpenVAS server static libraries and headers
+Description: remote network security auditor - static libraries and headers
The OpenVAS Security Scanner is a security auditing tool. It makes
possible to test security modules in an attempt to find vulnerable
spots that should be fixed.
.
It is made up of two parts: a server, and a client. The server/daemon,
openvasd, is in charge of the attacks, whereas the client,
- OpenVAS-Client, provides the user a nice X11/GTK+ interface.
+ OpenVAS-Client, provides the user a X11/GTK+ interface.
.
- This package contains the required static libraries, headers of the server.
+ This package provides the required static libraries, headers of the server.
Source: openvas-server
Section: admin
Priority: optional
Maintainer: Tim Brown <timb@nth-dimension.org.uk>
Uploaders: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Build-Depends: debhelper (>= 6), autotools-dev, libgcrypt11-dev, libgnutls-dev, libopenvas1-dev (>= 2.0.0), libopenvasnasl1-dev (>= 2.0.0), libpcap0.8-dev, libwrap0-dev, po-debconf
Standards-Version: 3.7.3
Homepage: http://www.openvas.org/
Package: openvas-server
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, openvas-plugins
Suggests: openvas-client
Description: remote network security auditor - server
The OpenVAS Security Scanner is a security auditing tool. It makes
possible to test security modules in an attempt to find vulnerable
spots that should be fixed.
.
It is made up of two parts: a server, and a client. The server/daemon,
openvasd, is in charge of the attacks, whereas the client,
OpenVAS-Client, provides the user a X11/GTK+ interface.
.
This package provides the server.
Package: openvas-server-dev
Section: devel
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: libopenvas1-dev, libopenvasnasl1-dev
Description: remote network security auditor - static libraries and headers
The OpenVAS Security Scanner is a security auditing tool. It makes
possible to test security modules in an attempt to find vulnerable
spots that should be fixed.
.
It is made up of two parts: a server, and a client. The server/daemon,
openvasd, is in charge of the attacks, whereas the client,
OpenVAS-Client, provides the user a X11/GTK+ interface.
.
This package provides the required static libraries, headers of the server.
Attachment:
signature.asc
Description: Digital signature