Re: [RFR] New description for fwknop
Franck Joncourt wrote:
> I am currently adding a new binary package in the fwknop source package.
>
> The binary package is going to be called libfko-perl and here could be the
> description :
I'd recommend basing it on the description for the other packages in
the fwknop suite (which last passed through d-l-e in 2008). The same
goes for libfko0 - it should describe what the software is useful for,
not its implementation history.
> Description: perl module wrapper for the libfko library.
(No need for punctuation, but it's "Perl" with a capital P.)
> The FKO package provides an interface for the Firewall Knock
> Operator (fwknop) library, libfko.
Oh, "the FKO package" in the Perl-package sense.
> .
> Fwknop is an open source implementation of Single Packet
> Authorization (SPA) for access to networked resources and the libfko
> library is an implementation of the fwknop back-end data processing
> routines written in C.
It's in Debian main, so it's already obvious that it's open source;
and users have no particular reason to be interested in the language
it's implemented in - what they want to know is what good it'll do
them. I'd recommend just going back to the boilerplate you've already
got:
Description: FireWall KNock OPerator - Perl module
The FireWall KNock OPerator implements an authorization scheme called
Single Packet Authorization (SPA), based on Netfilter and libpcap.
.
Its main application is to protect services such as OpenSSH with
an additional layer of security in order to make the exploitation of
vulnerabilities (both 0-day and unpatched code) much more difficult.
.
The authorization server passively listens for authorization packets via
libcap, so there is no service listening for network connections on the
traditional port. Access to a protected service is only granted after a
valid encrypted and non-replayed packet is detected.
.
This package provides the FKO module as a Perl interface for libfko.
And libfko0 could be something like:
Description: FireWall KNock OPerator - shared library
The FireWall KNock OPerator implements an authorization scheme called
[...]
valid encrypted and non-replayed packet is detected.
.
This package provides the runtime library for fwknop (written in C).
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: