Re: aeromail: Request for review

To: debian-l10n-english@lists.debian.org
Cc: Harald Jenny <harald@a-little-linux-box.at>
Subject: Re: aeromail: Request for review
From: Justin B Rye <jbr@edlug.org.uk>
Date: Thu, 15 Apr 2010 02:03:48 +0100
Message-id: <20100415010348.GA32732@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english@lists.debian.org, Harald Jenny <harald@a-little-linux-box.at>
In-reply-to: <20100414230749.GA7225@harald-has.a-little-linux-box.at>
References: <20100414230749.GA7225@harald-has.a-little-linux-box.at>

I won't got round to amavisd-milter until tomorrow, so until then
I'll point you at my stock collection of d-l-e hints:
	http://www.xibalba.demon.co.uk/jbr/linux/esl.html

Harald Jenny wrote:
> Package: aeromail
> Architecture: all
> Depends: ${misc:Depends}, apache2 | httpd, php5 | php5-cgi, php5-imap
> Description: PHP-based webmail with minimal dependencies

Mentioning the language it's written in is usually Too Much
Information in a short description, and in this case it's also a
"useless use of -based".  The long description (and dependencies)
still make it clear, and of course there are also debtags.

  Description: webmail system with minimal dependencies

(Inserting "system" on the grounds that aeromail isn't "a webmail".)

>  AeroMail is a small yet powerful webmail application which allows access
>  to an imap based mailserver without the need for a ldap or sql backend. 

I would replace "allows" with the slightly more active "gives".
Capitalise initialisms, and it's pronounced "an LDAP".  Another
useless use of -based: IMAP-based servers are IMAP servers.  Oh, and
end users still tend to expect a hyphen in back-end.

   AeroMail is a small yet powerful webmail application which gives access
   to an IMAP mail server without the need for an LDAP or SQL back-end.

Or perhaps less technical:                 for a database back-end.

>  .
>  This application does only depend on php's imap extensions, a webserver and
>  imap access in order to provide you with a simple webinterface which allows
>  you to view, create and delete email, not only on a normal pc or laptop but
>  also on mobile devices.

Trimming a few words you don't need (partly to avoid directly
addressing the user, who might want to use this package to set up
webmail for somebody else):

   This application depends only on PHP's IMAP extensions, a web server, and
   IMAP access in order to provide a simple web interface for viewing,
   creating, and deleting email, not only on normal PCs or laptops but
   also on mobile devices.

If ${misc:Depends} may drag in other things that it technically
Depends on, replace "depends only on" with "only needs".

Now on to the template:
> Template: aeromail/config_management
> Type: note

Is a debconf note really necessary?  Couldn't there just be a README
pointer in the web interface's out-of-order page?

> _Description: Config management for AeroMail
                Configuration
>  AeroMail's whole configuration is done via it's own web interface and as a
                                                ^
>  matter of simplicity it is kept inside a plain text file. This design has
>  some serious security implications which AeroMail tries to mitigate by not
>  allowing to normal operation if both the responsible php script is present
>  and the current configuration file is writable by the webserver. [...]

"Responsible" for modifying the file, presumably?  I don't quite
understand how the presence of AeroMail and its scripts can be
independent.

It didn't really need this much of a rewrite:

   AeroMail's configuration can be managed entirely via its web interface, and
   is stored for the sake of simplicity inside a plain text file. This design
   has some serious security implications which AeroMail tries to mitigate by
   not allowing normal operation if the current configuration file is writable
   for the web server while the PHP configuration script is present.

Or maybe less melodramatically:

   is stored for the sake of simplicity inside a plain text file. To mitigate
   potential security issues, AeroMail does not allow normal operation if the
   current configuration file is writable for the web server while the PHP
   configuration script is present.

>  [...]                                                            In order to
>  keep the installation and upgrade process of this package as secure as
>  possible, no changes to the actual configuration can be made without prior
>  manual intervention. For a documentation of the procedure please take a look
>  at README.Debian which details all related steps.

Add a paragraph break.

This sounds vaguely paradoxical (I can't change it until I've
changed it to make it possible to change it).  I assume it doesn't
mean that no changes can ever be made without manual intervention
prior to each change... does it mean:

   .
   In order to keep the installation and upgrade process as secure as possible,
   the configuration script is disabled by default. For documentation of all
   the steps involved in manually enabling it, see the README.Debian file.

-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ur aeromail.old/aeromail.templates aeromail/aeromail.templates
--- aeromail.old/aeromail.templates	2010-04-15 00:30:45.000000000 +0100
+++ aeromail/aeromail.templates	2010-04-15 02:01:13.000000000 +0100
@@ -1,12 +1,12 @@
 Template: aeromail/config_management
 Type: note
-_Description: Config management for AeroMail
- AeroMail's whole configuration is done via it's own web interface and as a
- matter of simplicity it is kept inside a plain text file. This design has
- some serious security implications which AeroMail tries to mitigate by not
- allowing to normal operation if both the responsible php script is present
- and the current configuration file is writable by the webserver. In order to
- keep the installation and upgrade process of this package as secure as
- possible, no changes to the actual configuration can be made without prior
- manual intervention. For a documentation of the procedure please take a look
- at README.Debian which details all related steps.
+_Description: Configuration management for AeroMail
+ AeroMail's configuration can be managed entirely via its web interface, and
+ is stored for the sake of simplicity inside a plain text file. This design
+ has some serious security implications which AeroMail tries to mitigate by
+ not allowing normal operation if the current configuration file is writable
+ for the web server while the PHP configuration script is present.
+ .
+ In order to keep the installation and upgrade process as secure as possible,
+ the configuration script is disabled by default. For documentation of all
+ the steps involved in manually enabling it, see the README.Debian file.
diff -ur aeromail.old/control aeromail/control
--- aeromail.old/control	2010-04-15 00:30:44.000000000 +0100
+++ aeromail/control	2010-04-15 01:59:57.000000000 +0100
@@ -9,11 +9,11 @@
 Package: aeromail
 Architecture: all
 Depends: ${misc:Depends}, apache2 | httpd, php5 | php5-cgi, php5-imap
-Description: PHP-based webmail with minimal dependencies
- AeroMail is a small yet powerful webmail application which allows access
- to an imap based mailserver without the need for a ldap or sql backend. 
+Description: webmail system with minimal dependencies
+ AeroMail is a small yet powerful webmail application which gives access
+ to an IMAP mail server without the need for an LDAP or SQL back-end.
  .
- This application does only depend on php's imap extensions, a webserver and
- imap access in order to provide you with a simple webinterface which allows
- you to view, create and delete email, not only on a normal pc or laptop but
+ This application depends only on PHP's IMAP extensions, a web server and
+ IMAP access in order to provide a simple web interface for viewing,
+ creating, and deleting email, not only on a normal PCs or laptops but
  also on mobile devices.

Source: aeromail
Section: web
Priority: optional
Maintainer: Harald Jenny <harald@a-little-linux-box.at>
Build-Depends: debhelper (>= 6.0.7), po-debconf
Homepage: http://www.nicolaas.net/aeromail/
Standards-Version: 3.8.4

Package: aeromail
Architecture: all
Depends: ${misc:Depends}, apache2 | httpd, php5 | php5-cgi, php5-imap
Description: webmail system with minimal dependencies
 AeroMail is a small yet powerful webmail application which gives access
 to an IMAP mail server without the need for an LDAP or SQL back-end.
 .
 This application depends only on PHP's IMAP extensions, a web server and
 IMAP access in order to provide a simple web interface for viewing,
 creating, and deleting email, not only on a normal PCs or laptops but
 also on mobile devices.

Template: aeromail/config_management
Type: note
_Description: Configuration management for AeroMail
 AeroMail's configuration can be managed entirely via its web interface, and
 is stored for the sake of simplicity inside a plain text file. This design
 has some serious security implications which AeroMail tries to mitigate by
 not allowing normal operation if the current configuration file is writable
 for the web server while the PHP configuration script is present.
 .
 In order to keep the installation and upgrade process as secure as possible,
 the configuration script is disabled by default. For documentation of all
 the steps involved in manually enabling it, see the README.Debian file.

Reply to:

Follow-Ups:
- Re: aeromail: Request for review
  - From: Christian PERRIER <bubulle@debian.org>

References:
- aeromail: Request for review
  - From: Harald Jenny <harald@a-little-linux-box.at>

Prev by Date: amavisd-milter: Request for review
Next by Date: Re: aeromail: Request for review
Previous by thread: aeromail: Request for review
Next by thread: Re: aeromail: Request for review
Index(es):
- Date
- Thread