Hello,
On 24/05/2011 Justin B Rye wrote:
> Christian PERRIER wrote:
> > _Description: Continue with cryptsetup removal?
> > Some unlocked dm-crypt devices (${cryptmap}) are in use on this system.
>
> If ${cryptmap} expands to a plain whitespace-separated list it's less
> ugly to move it to the end. And here's a shorter way of avoiding
> second person:
>
> This system has unlocked dm-crypt devices: ${cryptmap}
>
> > .
> > If these devices are managed with cryptsetup, you might be unable to
> > lock the devices after the package removal, though other tools can be
> > used for managing dm-crypt devices. As a consequence, any further
> > system shutdown or reboot is likely to lock the devices.
>
> You've lost the tools for locking them, and *therefore* a reboot will
> lock them? That sounds more like a "however". I'd suggest reverting
> it slightly to just:
>
> Any system shutdown or reboot will lock the devices.
Thanks a lot for your suggestions. I simply adopted the template changes
suggested by Justin B Rye.
Though, I've few comments regarding the proposed description changes:
> >> Package: cryptsetup
> [...]
> >> Description: configures encrypted block devices
> >
> > "encrypted devices management tools"?
> >
> > A verb sentence is discouraged in synopsis. Better use a noun phrase.
> >
> > I'm unsure whether crypsetup provides tools for general encrypted
> > devices management or only tools to set them up, but you get the point.
>
> It seems to me that all this talk of devices is more abstract and
> technical than there's any call for in a synopsis. Users searching
> for cryptsetup aren't necessarily thinking in terms of needing to
> configure a device - they're more likely to be looking for a way to
> "lock my home directory"...
>
> I won't try to dumb it all the way down to that level, but maybe we
> could use something like:
>
> Description: disk encryption support - commandline tools
>
> (And then of course "- library", "- development files", etc. The word
> "commandline" is promoted out of the description, thus allowing us not
> to use that word in the description for the library etc.)
Great idea, adopted it. Thanks again.
>
> >> Cryptsetup provides a command-line interface for configuring encrypted
> >> devices. This is done using the Linux kernel device mapper target
> >> dm-crypt. This version of cryptsetup has integrated support for LUKS.
>
> It doesn't configure devices which are encrypted, it sets up
> encryption on devices. Meanwhile we've lost "block devices" in the
> synopsis, but here there's room for all that plus a parenthesised
> outbreak of handholding.
>
> Cryptsetup provides an interface for configuring encryption on block
> devices (such as /home or swap partitions), using the Linux kernel
> device mapper target dm-crypt.
Same here.
> I've demoted the bit about LUKS into the second paragraph on suspicion
> of being stale news about an implementation detail.
Not sure about that one. The LUKS support is a major feature of
cryptsetup, and this information is important for the shared library as
well.
> >> .
> >> cryptsetup is backwards compatible with the on-disk format of cryptoloop,
> >> but also supports more secure formats. This package includes support for
> >> automatically configuring encrypted devices at boot time via the config
> >> file /etc/crypttab. Additional features are cryptoroot support through
> >> initramfs-tools and several supported ways to read a passphrase or key.
> >
> > Maybe avoid the leading lowercase in 2nd paragraph, which always looks
> > ugly. Otherwise, no comment.
>
> It's especially odd given that the first para had "Cryptsetup". We
> might as well say "It".
>
> I spent a while trying to turn this into a bulleted list, but on
> second thoughts the original format is fine.
>
> It features integrated LUKS (Linux Unified Key Setup) support, and is
> backwards compatible with the on-disk format of cryptoloop, but also
> supports more secure formats. This package includes support for
> automatically configuring encrypted devices at boot time via the config
> file /etc/crypttab. Additional features are cryptoroot support through
> initramfs-tools and several supported ways to read a passphrase or key.
>
> (Or would it make more sense to mention LUKS alongside the "more secure
> formats"?)
Yes. Your suggestion sounds like if cryptsetup supports more secure
formats than LUKS. And that's definitelly wrong. LUKS is _the_ more
secure format supported by cryptsetup.
Here's my suggestion:
Description: disk encryption support - commandline tools
Cryptsetup provides an interface for configuring encryption on block
devices (such as /home or swap partitions), using the Linux kernel
device mapper target dm-crypt. It features integrated Linux Unified Key
Setup (LUKS) support.
.
Cryptsetup is backwards compatible with the on-disk format of cryptoloop,
but also supports more secure formats. This package includes support for
automatically configuring encrypted devices at boot time via the config
file /etc/crypttab. Additional features are cryptoroot support through
initramfs-tools and several supported ways to read a passphrase or key.
Greetings,
jonas
Attachment:
signature.asc
Description: Digital signature