Re: [RFR] templates://wireshark/{templates}
Christian Perrier wrote:
> Your review should be sent as an answer to this mail.
This makes a nice change - I'm just shuffling words about, without
ever once being tempted to submit a bug report.
> Template: wireshark-common/install-setuid
> Type: boolean
> Default: false
> +_Description: Do you want dumpcap to be installed "setuid root"?
Or for sysadmins who are only following orders:
Description: Should dumpcap be installed "setuid root"?
> Dumpcap can be installed with the set-user-id bit set, so members of
> group wireshark will be able to run it with the permissions of the
> + "root" user. It is the preferred way of capturing packets using
> Wireshark/Tshark over running Wireshark/Tshark as root, because that
> + way most of the code will run with less privileges.
I don't like "it is the preferred X over Y". And now that it
mentions "privileges", I realise that "permissions" above isn't
right, and that nothing here quite makes it explicit that dumpcap
needs special privileges in order to function.
Dumpcap can be installed with the set-user-id bit set, so members of
the group "wireshark" will have the privileges required to use it.
This way of capturing packets using Wireshark/Tshark is recommended
over the alternative of running them directly as superuser, because
less of the code will run with elevated privileges.
In the control file:
> -Description: network traffic analyser (common files)
> - Wireshark is a network traffic analyzer, or "sniffer", for Unix and
> - Unix-like operating systems. A sniffer is a tool used to capture
> +Description: network traffic analyser - common files
s/yse/yze/g (see following line). An etymologically unjustifiable Z
in this case, but it's the en_US standard.
> + Wireshark is a network traffic analyzer, or "sniffer". A sniffer is a tool used to capture
> packets off the wire. Wireshark decodes numerous protocols (too many
> to list).
Reducing the repetition from the synopsis, and then running with it:
Wireshark is a network "sniffer" - a tool that captures and analyzes
packets off the wire. Wireshark can decode too many protocols to list
here.
> Drop "for Unix and Unix-like" which is not relevant in the context of
> a Debian package.
Especially when there's a wireshark-win32-1.2.1.exe! Hang on; add:
Homepage: http://www.wireshark.org/
> Package: wireshark-dev
[...]
> This package provides idl2wrs and other necessary files to develop
> new packet dissectors.
The last bit's trying to qualify "necessary", but would work better
as:
This package provides idl2wrs and other files necessary for developing
new packet dissectors.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Template: wireshark-common/install-setuid
Type: boolean
Default: false
_Description: Should dumpcap be installed "setuid root"?
Dumpcap can be installed with the set-user-id bit set, so members of
the group "wireshark" will have the privileges required to use it.
This way of capturing packets using Wireshark/Tshark is recommended
over the alternative of running them directly as superuser, because
less of the code will run with elevated privileges.
.
Enabling this feature may be a security risk, so it is disabled by
default. If in doubt, it is suggested to leave it disabled.
Source: wireshark
Section: net
Priority: optional
Maintainer: Frederic Peters <fpeters@debian.org>
Uploaders: Joost Yervante Damad <andete@debian.org>
Standards-Version: 3.8.2
Build-Depends: libgtk2.0-dev (>=2.4.0-0), libpcap0.8-dev, flex, libz-dev, dpatch, debhelper (>= 6), po-debconf, libtool, python, automake1.9, autoconf, autotools-dev, libc-ares-dev, xsltproc, docbook-xsl (>= 1.64.1.0-0), libpcre3-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], bison, libgnutls-dev, python-support (>= 0.3), portaudio19-dev, libkrb5-dev, liblua5.1-0-dev, libsmi2-dev, libgeoip-dev
Build-Conflicts: libsnmp4.2-dev, libsnmp-dev
XS-Python-Version: all
Homepage: http://www.wireshark.org/
Package: wireshark-common
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libsmi2-common, debconf
Recommends: wireshark (>= ${binary:Version}) | tshark (>= ${binary:Version})
Replaces: ethereal-common (<< 1.0.0-3)
Conflicts: ethereal-common (<< 1.0.0-3)
Description: network traffic analyzer - common files
Wireshark is a network "sniffer" - a tool that captures and analyzes
packets off the wire. Wireshark can decode too many protocols to list
here.
.
This package provides files common to both wireshark (the GTK+ version)
and tshark (the console version).
Package: wireshark
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, wireshark-common (= ${binary:Version})
Replaces: ethereal (<< 1.0.0-3)
Conflicts: ethereal (<< 1.0.0-3)
Description: network traffic analyzer - GTK+ version
Wireshark is a network "sniffer" - a tool that captures and analyzes
packets off the wire. Wireshark can decode too many protocols to list
here.
.
This package provides the GTK+ version of wireshark.
Package: tshark
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, wireshark-common (= ${binary:Version})
Replaces: tethereal (<< 1.0.0-3)
Conflicts: tethereal (<< 1.0.0-3)
Description: network traffic analyzer - console version
Wireshark is a network "sniffer" - a tool that captures and analyzes
packets off the wire. Wireshark can decode too many protocols to list
here.
.
This package provides the console version of wireshark, named
"tshark".
Package: wireshark-dev
Architecture: any
Section: devel
Depends: ${shlibs:Depends}, ${misc:Depends}, omniidl4 (>= 4.0.1-2), libpcap0.8-dev, libtool, libglib2.0-dev, ${python:Depends}, snacc, autotools-dev, debhelper, cdbs, automake1.9, autoconf
Replaces: ethereal-dev (<< 1.0.0-3)
Conflicts: ethereal-dev (<< 1.0.0-3)
XB-Python-Version: ${python:Versions}
Description: network traffic analyzer - development tools
Wireshark is a network "sniffer" - a tool that captures and analyzes
packets off the wire. Wireshark can decode too many protocols to list
here.
.
This package provides idl2wrs and other files necessary for developing
new packet dissectors.
--- ../wireshark-1.2.1.pristine/debian/templates 2009-09-03 12:10:00.000000000 +0100
+++ debian/templates 2009-09-03 12:35:09.000000000 +0100
@@ -1,12 +1,12 @@
Template: wireshark-common/install-setuid
Type: boolean
Default: false
-_Description: Do you want dumpcap to be installed setuid root?
+_Description: Should dumpcap be installed "setuid root"?
Dumpcap can be installed with the set-user-id bit set, so members of
- group wireshark will be able to run it with the permissions of the
- 'root' user. It is the preferred way of capturing packets using
- Wireshark/Tshark over running Wireshark/Tshark as root, because that
- way most of the code will run with less priveges.
+ the group "wireshark" will have the privileges required to use it.
+ This way of capturing packets using Wireshark/Tshark is recommended
+ over the alternative of running them directly as superuser, because
+ less of the code will run with elevated privileges.
.
Enabling this feature may be a security risk, so it is disabled by
- default. If in doubt, it is suggested to leave it disabled.
+ default. If in doubt, it is suggested to leave it disabled.
--- ../wireshark-1.2.1.pristine/debian/control 2009-09-03 12:10:00.000000000 +0100
+++ debian/control 2009-09-03 12:35:54.000000000 +0100
@@ -7,6 +7,7 @@
Build-Depends: libgtk2.0-dev (>=2.4.0-0), libpcap0.8-dev, flex, libz-dev, dpatch, debhelper (>= 6), po-debconf, libtool, python, automake1.9, autoconf, autotools-dev, libc-ares-dev, xsltproc, docbook-xsl (>= 1.64.1.0-0), libpcre3-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], bison, libgnutls-dev, python-support (>= 0.3), portaudio19-dev, libkrb5-dev, liblua5.1-0-dev, libsmi2-dev, libgeoip-dev
Build-Conflicts: libsnmp4.2-dev, libsnmp-dev
XS-Python-Version: all
+Homepage: http://www.wireshark.org/
Package: wireshark-common
Architecture: any
@@ -14,11 +15,10 @@
Recommends: wireshark (>= ${binary:Version}) | tshark (>= ${binary:Version})
Replaces: ethereal-common (<< 1.0.0-3)
Conflicts: ethereal-common (<< 1.0.0-3)
-Description: network traffic analyser (common files)
- Wireshark is a network traffic analyzer, or "sniffer", for Unix and
- Unix-like operating systems. A sniffer is a tool used to capture
- packets off the wire. Wireshark decodes numerous protocols (too many
- to list).
+Description: network traffic analyzer - common files
+ Wireshark is a network "sniffer" - a tool that captures and analyzes
+ packets off the wire. Wireshark can decode too many protocols to list
+ here.
.
This package provides files common to both wireshark (the GTK+ version)
and tshark (the console version).
@@ -28,24 +28,22 @@
Depends: ${shlibs:Depends}, ${misc:Depends}, wireshark-common (= ${binary:Version})
Replaces: ethereal (<< 1.0.0-3)
Conflicts: ethereal (<< 1.0.0-3)
-Description: network traffic analyzer
- Wireshark is a network traffic analyzer, or "sniffer", for Unix and
- Unix-like operating systems. A sniffer is a tool used to capture
- packets off the wire. Wireshark decodes numerous protocols (too many
- to list).
+Description: network traffic analyzer - GTK+ version
+ Wireshark is a network "sniffer" - a tool that captures and analyzes
+ packets off the wire. Wireshark can decode too many protocols to list
+ here.
.
- This package provides wireshark (the GTK+ version)
+ This package provides the GTK+ version of wireshark.
Package: tshark
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, wireshark-common (= ${binary:Version})
Replaces: tethereal (<< 1.0.0-3)
Conflicts: tethereal (<< 1.0.0-3)
-Description: network traffic analyzer (console)
- Wireshark is a network traffic analyzer, or "sniffer", for Unix and
- Unix-like operating systems. A sniffer is a tool used to capture
- packets off the wire. Wireshark decodes numerous protocols (too many
- to list).
+Description: network traffic analyzer - console version
+ Wireshark is a network "sniffer" - a tool that captures and analyzes
+ packets off the wire. Wireshark can decode too many protocols to list
+ here.
.
This package provides the console version of wireshark, named
"tshark".
@@ -57,12 +55,10 @@
Replaces: ethereal-dev (<< 1.0.0-3)
Conflicts: ethereal-dev (<< 1.0.0-3)
XB-Python-Version: ${python:Versions}
-Description: network traffic analyser (development tools)
- Wireshark is a network traffic analyzer, or "sniffer", for Unix and
- Unix-like operating systems. A sniffer is a tool used to capture
- packets off the wire. Wireshark decodes numerous protocols (too many
- to list).
+Description: network traffic analyzer - development tools
+ Wireshark is a network "sniffer" - a tool that captures and analyzes
+ packets off the wire. Wireshark can decode too many protocols to list
+ here.
.
- This package provides idl2wrs and other necessary files to develop
+ This package provides idl2wrs and other files necessary for developing
new packet dissectors.
-
Reply to: