Hello, On 24/05/2011 Justin B Rye wrote: > Christian PERRIER wrote: > > _Description: Continue with cryptsetup removal? > > Some unlocked dm-crypt devices (${cryptmap}) are in use on this system. > > If ${cryptmap} expands to a plain whitespace-separated list it's less > ugly to move it to the end. And here's a shorter way of avoiding > second person: > > This system has unlocked dm-crypt devices: ${cryptmap} > > > . > > If these devices are managed with cryptsetup, you might be unable to > > lock the devices after the package removal, though other tools can be > > used for managing dm-crypt devices. As a consequence, any further > > system shutdown or reboot is likely to lock the devices. > > You've lost the tools for locking them, and *therefore* a reboot will > lock them? That sounds more like a "however". I'd suggest reverting > it slightly to just: > > Any system shutdown or reboot will lock the devices. Thanks a lot for your suggestions. I simply adopted the template changes suggested by Justin B Rye. Though, I've few comments regarding the proposed description changes: > >> Package: cryptsetup > [...] > >> Description: configures encrypted block devices > > > > "encrypted devices management tools"? > > > > A verb sentence is discouraged in synopsis. Better use a noun phrase. > > > > I'm unsure whether crypsetup provides tools for general encrypted > > devices management or only tools to set them up, but you get the point. > > It seems to me that all this talk of devices is more abstract and > technical than there's any call for in a synopsis. Users searching > for cryptsetup aren't necessarily thinking in terms of needing to > configure a device - they're more likely to be looking for a way to > "lock my home directory"... > > I won't try to dumb it all the way down to that level, but maybe we > could use something like: > > Description: disk encryption support - commandline tools > > (And then of course "- library", "- development files", etc. The word > "commandline" is promoted out of the description, thus allowing us not > to use that word in the description for the library etc.) Great idea, adopted it. Thanks again. > > >> Cryptsetup provides a command-line interface for configuring encrypted > >> devices. This is done using the Linux kernel device mapper target > >> dm-crypt. This version of cryptsetup has integrated support for LUKS. > > It doesn't configure devices which are encrypted, it sets up > encryption on devices. Meanwhile we've lost "block devices" in the > synopsis, but here there's room for all that plus a parenthesised > outbreak of handholding. > > Cryptsetup provides an interface for configuring encryption on block > devices (such as /home or swap partitions), using the Linux kernel > device mapper target dm-crypt. Same here. > I've demoted the bit about LUKS into the second paragraph on suspicion > of being stale news about an implementation detail. Not sure about that one. The LUKS support is a major feature of cryptsetup, and this information is important for the shared library as well. > >> . > >> cryptsetup is backwards compatible with the on-disk format of cryptoloop, > >> but also supports more secure formats. This package includes support for > >> automatically configuring encrypted devices at boot time via the config > >> file /etc/crypttab. Additional features are cryptoroot support through > >> initramfs-tools and several supported ways to read a passphrase or key. > > > > Maybe avoid the leading lowercase in 2nd paragraph, which always looks > > ugly. Otherwise, no comment. > > It's especially odd given that the first para had "Cryptsetup". We > might as well say "It". > > I spent a while trying to turn this into a bulleted list, but on > second thoughts the original format is fine. > > It features integrated LUKS (Linux Unified Key Setup) support, and is > backwards compatible with the on-disk format of cryptoloop, but also > supports more secure formats. This package includes support for > automatically configuring encrypted devices at boot time via the config > file /etc/crypttab. Additional features are cryptoroot support through > initramfs-tools and several supported ways to read a passphrase or key. > > (Or would it make more sense to mention LUKS alongside the "more secure > formats"?) Yes. Your suggestion sounds like if cryptsetup supports more secure formats than LUKS. And that's definitelly wrong. LUKS is _the_ more secure format supported by cryptsetup. Here's my suggestion: Description: disk encryption support - commandline tools Cryptsetup provides an interface for configuring encryption on block devices (such as /home or swap partitions), using the Linux kernel device mapper target dm-crypt. It features integrated Linux Unified Key Setup (LUKS) support. . Cryptsetup is backwards compatible with the on-disk format of cryptoloop, but also supports more secure formats. This package includes support for automatically configuring encrypted devices at boot time via the config file /etc/crypttab. Additional features are cryptoroot support through initramfs-tools and several supported ways to read a passphrase or key. Greetings, jonas
Attachment:
signature.asc
Description: Digital signature