[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFR] New description for fwknop



Franck Joncourt wrote:
> I am currently adding a new binary package in the fwknop source package.
> 
> The binary package is going to be called libfko-perl and here could be the
> description :

I'd recommend basing it on the description for the other packages in
the fwknop suite (which last passed through d-l-e in 2008). The same
goes for libfko0 - it should describe what the software is useful for,
not its implementation history. 

> Description: perl module wrapper for the libfko library.

(No need for punctuation, but it's "Perl" with a capital P.)

>  The FKO package provides an interface for the Firewall Knock
>  Operator (fwknop) library, libfko.

Oh, "the FKO package" in the Perl-package sense.

>  .
>  Fwknop is an open source implementation of Single Packet
>  Authorization (SPA) for access to networked resources and the libfko
>  library is an implementation of the fwknop back-end data processing
>  routines written in C.

It's in Debian main, so it's already obvious that it's open source;
and users have no particular reason to be interested in the language
it's implemented in - what they want to know is what good it'll do
them.  I'd recommend just going back to the boilerplate you've already
got:
 
 Description: FireWall KNock OPerator - Perl module
  The FireWall KNock OPerator implements an authorization scheme called
  Single Packet Authorization (SPA), based on Netfilter and libpcap.
  .
  Its main application is to protect services such as OpenSSH with
  an additional layer of security in order to make the exploitation of
  vulnerabilities (both 0-day and unpatched code) much more difficult.
  .
  The authorization server passively listens for authorization packets via
  libcap, so there is no service listening for network connections on the
  traditional port. Access to a protected service is only granted after a
  valid encrypted and non-replayed packet is detected.
  .
  This package provides the FKO module as a Perl interface for libfko.

And libfko0 could be something like:

 Description: FireWall KNock OPerator - shared library
  The FireWall KNock OPerator implements an authorization scheme called
  [...]
  valid encrypted and non-replayed packet is detected.
  .
  This package provides the runtime library for fwknop (written in C).

-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package


Reply to: