Please find, for review, the debconf templates and packages descriptions for the yubico-pam source package.
This review will last from Tuesday, January 10, 2012 to Friday, January 20, 2012.
Please send reviews as unified diffs (diff -u) against the original
files. Comments about your proposed changes will be appreciated.
Your review should be sent as an answer to this mail.
When appropriate, I will send intermediate requests for review, with
"[RFRn]" (n>=2) as a subject tag.
When we will reach a consensus, I send a "Last Chance For
Comments" mail with "[LCFC]" as a subject tag.
Finally, a summary will be sent to the review bug report,
and a mail will be sent to this list with "[BTS]" as a subject tag.
Rationale:
--- yubico-pam.old/debian/libpam-yubico.templates 2012-01-06 08:20:50.146163927 +0100
+++ yubico-pam/debian/libpam-yubico.templates 2012-01-10 05:45:15.008853360 +0100
@@ -2,12 +2,12 @@
Type: string
Default: mode=client try_first_pass id=N key=K
_Description: Parameters for Yubico PAM:
- The Yubico PAM module supports two modes of operation - online
+ The Yubico PAM module supports two modes of operation: online
validation of YubiKey OTPs or offline validation of YubiKey HMAC-SHA-1
responses to challenges.
.
The default is online validation, and for that to work you need to get
- an API key (they are free) at https://upgrade.yubico.com/getapikey/ and
+ a free API key at https://upgrade.yubico.com/getapikey/ and
enter the key id as "id=NNNN" and the base64 secret as "key=...".
.
All the available parameters for the Yubico PAM module are described
Use a colon to introduce the two modes
Minro style change to avoid a parenthesis in 2nd paragraph
@@ -17,4 +17,5 @@
Type: note
_Description: Yubico PAM module disabled by default
To avoid locking anyone out of their system, the Yubico PAM module is
- not activated by default. Use the program `pam-auth-update' to enable it.
+ not activated by default. It can be enabled with the "pam-auth-update"
+ command.
This template can be considered debconf abuse. See debconf-devel(5)
for details about why notes are usually considered as Evil,
particularly at high priority. Most of the time, there is consensus
about considering that such notices belong to README.Debian.
In case you prefer keeping this note, use the quotes on which we
standardized in our reviews.
--- yubico-pam.old/debian/control 2012-01-06 08:20:50.146163927 +0100
+++ yubico-pam/debian/control 2012-01-10 05:48:02.420785836 +0100
@@ -25,16 +25,16 @@
debconf | debconf-2.0,
${shlibs:Depends},
${misc:Depends}
-Description: Yubico two-factor password+OTP (YubiKey) PAM module
- This is the Yubico PAM module. It enables you to set up your system to
- require two-factor authentication with your normal username and password
- and a YubiKey OTP that is validated against an online validation service.
+Description: two-factor password+OTP (YubiKey) PAM module
+ This package provides the Yubico PAM module. It allows using
+ two-factor authentication with existing logins and passwords
+ and a YubiKey OTP (one-time password) that is validated against an online validation service.
Avoiding to being the description by Yubico avoids a leading
capital. Also, the most improtant information is what it is, not how
it's named..:)
"This is <foo>" is usually to replace with "This package provides..."
"It allows you" : not necessarily "me". More generally speaking we
suggest avoiding possessive form. I'm also unsure about "It enables
you to ...."
Explain what OTP stands for
.
- The default validation service is the free YubiCloud, but you can easily
- set up and use your own validation service.
+ The default validation service is the free YubiCloud. It is also
+ possible to setup a custom local validation service.
Again, avoid personnalization.
.
A second mode of operation is available using the YubiKeys HMAC-SHA-1
- Challenge-Response functionality. Using this mode, you can accomplish
- offline validation using a YubiKey, for example on a laptop computer.
- This only works for local logins though, and not for logging in using
- for example SSH.
+ Challenge-Response functionality. Using this mode,
+ offline validation can be done with a YubiKey, for example on a laptop computer.
+ This only works for local logins though, and not for remote logins such
+ as SSH.
Again avoid personnalization, use neutral wording...and slightly
rephrase the end of the sentence.
--
Template: libpam-yubico/module_args Type: string Default: mode=client try_first_pass id=N key=K _Description: Parameters for Yubico PAM: The Yubico PAM module supports two modes of operation: online validation of YubiKey OTPs or offline validation of YubiKey HMAC-SHA-1 responses to challenges. . The default is online validation, and for that to work you need to get a free API key at https://upgrade.yubico.com/getapikey/ and enter the key id as "id=NNNN" and the base64 secret as "key=...". . All the available parameters for the Yubico PAM module are described in /usr/share/doc/libpam-yubico/README.gz. Template: libpam-yubico/disabled_by_default Type: note _Description: Yubico PAM module disabled by default To avoid locking anyone out of their system, the Yubico PAM module is not activated by default. It can be enabled with the "pam-auth-update" command.
--- yubico-pam.old/debian/libpam-yubico.templates 2012-01-06 08:20:50.146163927 +0100
+++ yubico-pam/debian/libpam-yubico.templates 2012-01-10 05:45:15.008853360 +0100
@@ -2,12 +2,12 @@
Type: string
Default: mode=client try_first_pass id=N key=K
_Description: Parameters for Yubico PAM:
- The Yubico PAM module supports two modes of operation - online
+ The Yubico PAM module supports two modes of operation: online
validation of YubiKey OTPs or offline validation of YubiKey HMAC-SHA-1
responses to challenges.
.
The default is online validation, and for that to work you need to get
- an API key (they are free) at https://upgrade.yubico.com/getapikey/ and
+ a free API key at https://upgrade.yubico.com/getapikey/ and
enter the key id as "id=NNNN" and the base64 secret as "key=...".
.
All the available parameters for the Yubico PAM module are described
@@ -17,4 +17,5 @@
Type: note
_Description: Yubico PAM module disabled by default
To avoid locking anyone out of their system, the Yubico PAM module is
- not activated by default. Use the program `pam-auth-update' to enable it.
+ not activated by default. It can be enabled with the "pam-auth-update"
+ command.
--- yubico-pam.old/debian/control 2012-01-06 08:20:50.146163927 +0100
+++ yubico-pam/debian/control 2012-01-10 19:49:00.146331309 +0100
@@ -25,16 +25,16 @@
debconf | debconf-2.0,
${shlibs:Depends},
${misc:Depends}
-Description: Yubico two-factor password+OTP (YubiKey) PAM module
- This is the Yubico PAM module. It enables you to set up your system to
- require two-factor authentication with your normal username and password
- and a YubiKey OTP that is validated against an online validation service.
+Description: two-factor password+OTP (YubiKey) PAM module
+ This package provides the Yubico PAM module. It allows using
+ two-factor authentication with existing logins and passwords
+ and a YubiKey OTP (one-time password) that is validated against an online validation service.
.
- The default validation service is the free YubiCloud, but you can easily
- set up and use your own validation service.
+ The default validation service is the free YubiCloud. It is also
+ possible to setup a custom local validation service.
.
A second mode of operation is available using the YubiKeys HMAC-SHA-1
- Challenge-Response functionality. Using this mode, you can accomplish
- offline validation using a YubiKey, for example on a laptop computer.
- This only works for local logins though, and not for logging in using
- for example SSH.
+ Challenge-Response functionality. Using this mode,
+ offline validation can be done with a YubiKey, for example on a laptop computer.
+ This only works for local logins though, and not for remote logins such
+ as SSH.
--- yubico-pam.old/debian/changelog 2012-01-06 08:20:50.146163927 +0100
+++ yubico-pam/debian/changelog 2012-01-06 18:35:42.918934587 +0100
@@ -1,3 +1,11 @@
+yubico-pam (2.10-2) UNRELEASED; urgency=low
+
+ * Debconf templates and debian/control reviewed by the debian-l10n-
+ english team as part of the Smith review project. Closes: #654848
+ * [Debconf translation updates]
+
+ -- Christian Perrier <bubulle@debian.org> Fri, 06 Jan 2012 18:35:42 +0100
+
yubico-pam (2.10-1) unstable; urgency=low
* Initial release.
Source: yubico-pam
Maintainer: Yubico Open Source Maintainers <ossmaint@yubico.com>
Uploaders: Fredrik Thulin <fredrik@yubico.com>, Simon Josefsson <simon@josefsson.org>
Section: admin
Priority: optional
Build-Depends: debhelper (>= 8),
po-debconf,
pkg-config,
cdbs,
libykclient-dev (>= 2.4),
libpam0g-dev,
libldap2-dev,
libykpers-1-dev (>= 1.5.2),
libyubikey-dev
Standards-Version: 3.9.2
Homepage: http://code.google.com/p/yubico-pam/
DM-Upload-Allowed: yes
Package: libpam-yubico
Architecture: any
Depends: libpam-runtime (>= 1.0.1-6~),
libykclient3 (>= 2.4),
libldap-2.4-2,
libykpers-1-1 (>= 1.5.2),
debconf | debconf-2.0,
${shlibs:Depends},
${misc:Depends}
Description: two-factor password+OTP (YubiKey) PAM module
This package provides the Yubico PAM module. It allows using
two-factor authentication with existing logins and passwords
and a YubiKey OTP (one-time password) that is validated against an online validation service.
.
The default validation service is the free YubiCloud. It is also
possible to setup a custom local validation service.
.
A second mode of operation is available using the YubiKeys HMAC-SHA-1
Challenge-Response functionality. Using this mode,
offline validation can be done with a YubiKey, for example on a laptop computer.
This only works for local logins though, and not for remote logins such
as SSH.
Attachment:
signature.asc
Description: Digital signature