Please find, for review, the debconf templates and packages descriptions for the yubico-pam source package. This review will last from Tuesday, January 10, 2012 to Friday, January 20, 2012. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, a summary will be sent to the review bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Rationale: --- yubico-pam.old/debian/libpam-yubico.templates 2012-01-06 08:20:50.146163927 +0100 +++ yubico-pam/debian/libpam-yubico.templates 2012-01-10 05:45:15.008853360 +0100 @@ -2,12 +2,12 @@ Type: string Default: mode=client try_first_pass id=N key=K _Description: Parameters for Yubico PAM: - The Yubico PAM module supports two modes of operation - online + The Yubico PAM module supports two modes of operation: online validation of YubiKey OTPs or offline validation of YubiKey HMAC-SHA-1 responses to challenges. . The default is online validation, and for that to work you need to get - an API key (they are free) at https://upgrade.yubico.com/getapikey/ and + a free API key at https://upgrade.yubico.com/getapikey/ and enter the key id as "id=NNNN" and the base64 secret as "key=...". . All the available parameters for the Yubico PAM module are described Use a colon to introduce the two modes Minro style change to avoid a parenthesis in 2nd paragraph @@ -17,4 +17,5 @@ Type: note _Description: Yubico PAM module disabled by default To avoid locking anyone out of their system, the Yubico PAM module is - not activated by default. Use the program `pam-auth-update' to enable it. + not activated by default. It can be enabled with the "pam-auth-update" + command. This template can be considered debconf abuse. See debconf-devel(5) for details about why notes are usually considered as Evil, particularly at high priority. Most of the time, there is consensus about considering that such notices belong to README.Debian. In case you prefer keeping this note, use the quotes on which we standardized in our reviews. --- yubico-pam.old/debian/control 2012-01-06 08:20:50.146163927 +0100 +++ yubico-pam/debian/control 2012-01-10 05:48:02.420785836 +0100 @@ -25,16 +25,16 @@ debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends} -Description: Yubico two-factor password+OTP (YubiKey) PAM module - This is the Yubico PAM module. It enables you to set up your system to - require two-factor authentication with your normal username and password - and a YubiKey OTP that is validated against an online validation service. +Description: two-factor password+OTP (YubiKey) PAM module + This package provides the Yubico PAM module. It allows using + two-factor authentication with existing logins and passwords + and a YubiKey OTP (one-time password) that is validated against an online validation service. Avoiding to being the description by Yubico avoids a leading capital. Also, the most improtant information is what it is, not how it's named..:) "This is <foo>" is usually to replace with "This package provides..." "It allows you" : not necessarily "me". More generally speaking we suggest avoiding possessive form. I'm also unsure about "It enables you to ...." Explain what OTP stands for . - The default validation service is the free YubiCloud, but you can easily - set up and use your own validation service. + The default validation service is the free YubiCloud. It is also + possible to setup a custom local validation service. Again, avoid personnalization. . A second mode of operation is available using the YubiKeys HMAC-SHA-1 - Challenge-Response functionality. Using this mode, you can accomplish - offline validation using a YubiKey, for example on a laptop computer. - This only works for local logins though, and not for logging in using - for example SSH. + Challenge-Response functionality. Using this mode, + offline validation can be done with a YubiKey, for example on a laptop computer. + This only works for local logins though, and not for remote logins such + as SSH. Again avoid personnalization, use neutral wording...and slightly rephrase the end of the sentence. --
Template: libpam-yubico/module_args Type: string Default: mode=client try_first_pass id=N key=K _Description: Parameters for Yubico PAM: The Yubico PAM module supports two modes of operation: online validation of YubiKey OTPs or offline validation of YubiKey HMAC-SHA-1 responses to challenges. . The default is online validation, and for that to work you need to get a free API key at https://upgrade.yubico.com/getapikey/ and enter the key id as "id=NNNN" and the base64 secret as "key=...". . All the available parameters for the Yubico PAM module are described in /usr/share/doc/libpam-yubico/README.gz. Template: libpam-yubico/disabled_by_default Type: note _Description: Yubico PAM module disabled by default To avoid locking anyone out of their system, the Yubico PAM module is not activated by default. It can be enabled with the "pam-auth-update" command.
--- yubico-pam.old/debian/libpam-yubico.templates 2012-01-06 08:20:50.146163927 +0100 +++ yubico-pam/debian/libpam-yubico.templates 2012-01-10 05:45:15.008853360 +0100 @@ -2,12 +2,12 @@ Type: string Default: mode=client try_first_pass id=N key=K _Description: Parameters for Yubico PAM: - The Yubico PAM module supports two modes of operation - online + The Yubico PAM module supports two modes of operation: online validation of YubiKey OTPs or offline validation of YubiKey HMAC-SHA-1 responses to challenges. . The default is online validation, and for that to work you need to get - an API key (they are free) at https://upgrade.yubico.com/getapikey/ and + a free API key at https://upgrade.yubico.com/getapikey/ and enter the key id as "id=NNNN" and the base64 secret as "key=...". . All the available parameters for the Yubico PAM module are described @@ -17,4 +17,5 @@ Type: note _Description: Yubico PAM module disabled by default To avoid locking anyone out of their system, the Yubico PAM module is - not activated by default. Use the program `pam-auth-update' to enable it. + not activated by default. It can be enabled with the "pam-auth-update" + command. --- yubico-pam.old/debian/control 2012-01-06 08:20:50.146163927 +0100 +++ yubico-pam/debian/control 2012-01-10 19:49:00.146331309 +0100 @@ -25,16 +25,16 @@ debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends} -Description: Yubico two-factor password+OTP (YubiKey) PAM module - This is the Yubico PAM module. It enables you to set up your system to - require two-factor authentication with your normal username and password - and a YubiKey OTP that is validated against an online validation service. +Description: two-factor password+OTP (YubiKey) PAM module + This package provides the Yubico PAM module. It allows using + two-factor authentication with existing logins and passwords + and a YubiKey OTP (one-time password) that is validated against an online validation service. . - The default validation service is the free YubiCloud, but you can easily - set up and use your own validation service. + The default validation service is the free YubiCloud. It is also + possible to setup a custom local validation service. . A second mode of operation is available using the YubiKeys HMAC-SHA-1 - Challenge-Response functionality. Using this mode, you can accomplish - offline validation using a YubiKey, for example on a laptop computer. - This only works for local logins though, and not for logging in using - for example SSH. + Challenge-Response functionality. Using this mode, + offline validation can be done with a YubiKey, for example on a laptop computer. + This only works for local logins though, and not for remote logins such + as SSH. --- yubico-pam.old/debian/changelog 2012-01-06 08:20:50.146163927 +0100 +++ yubico-pam/debian/changelog 2012-01-06 18:35:42.918934587 +0100 @@ -1,3 +1,11 @@ +yubico-pam (2.10-2) UNRELEASED; urgency=low + + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. Closes: #654848 + * [Debconf translation updates] + + -- Christian Perrier <bubulle@debian.org> Fri, 06 Jan 2012 18:35:42 +0100 + yubico-pam (2.10-1) unstable; urgency=low * Initial release.
Source: yubico-pam Maintainer: Yubico Open Source Maintainers <ossmaint@yubico.com> Uploaders: Fredrik Thulin <fredrik@yubico.com>, Simon Josefsson <simon@josefsson.org> Section: admin Priority: optional Build-Depends: debhelper (>= 8), po-debconf, pkg-config, cdbs, libykclient-dev (>= 2.4), libpam0g-dev, libldap2-dev, libykpers-1-dev (>= 1.5.2), libyubikey-dev Standards-Version: 3.9.2 Homepage: http://code.google.com/p/yubico-pam/ DM-Upload-Allowed: yes Package: libpam-yubico Architecture: any Depends: libpam-runtime (>= 1.0.1-6~), libykclient3 (>= 2.4), libldap-2.4-2, libykpers-1-1 (>= 1.5.2), debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends} Description: two-factor password+OTP (YubiKey) PAM module This package provides the Yubico PAM module. It allows using two-factor authentication with existing logins and passwords and a YubiKey OTP (one-time password) that is validated against an online validation service. . The default validation service is the free YubiCloud. It is also possible to setup a custom local validation service. . A second mode of operation is available using the YubiKeys HMAC-SHA-1 Challenge-Response functionality. Using this mode, offline validation can be done with a YubiKey, for example on a laptop computer. This only works for local logins though, and not for remote logins such as SSH.
Attachment:
signature.asc
Description: Digital signature