Re: kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet

To: debian-l10n-english@lists.debian.org
Cc: Nick Andrik <nick.andrik@gmail.com>
Subject: Re: kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet
From: Justin B Rye <jbr@edlug.org.uk>
Date: Tue, 6 Nov 2012 13:40:57 +0000
Message-id: <[🔎] 20121106134057.GA12825@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english@lists.debian.org, Nick Andrik <nick.andrik@gmail.com>
In-reply-to: <[🔎] CANn5kOteRp7AxN9LHoAa5utV5o96n5aDY8aDJt1PQGv2CV5Wsw@mail.gmail.com>
References: <[🔎] CANn5kOteRp7AxN9LHoAa5utV5o96n5aDY8aDJt1PQGv2CV5Wsw@mail.gmail.com>

Nick Andrik wrote:
> Could you please make a review on the newly prepared kismet package?

Okay, here are some comments; I suspect I'll need some corrections
before my revised version is ready.  Starting with the templates:

> Template: kismet/install-setuid
> Type: boolean
> Default: true
> _Description: Should Kismet be installed to run with setuid privs?

Well, for a start "privs" is jargon.  I would like to be able to find
a way of avoiding "setuid" too, but I don't think that's possible -
this isn't a simple case of "should it run as root?"

>  Kismet can be installed as setuid (recommended) or as standard (root required).

I don't think "standard" works.

>  Running Kismet as setuid is recommended over running it as root, because
>  most parts of Kismet (such as the UI and the parts that decode packets) will
>  not run with elevated privileges, reducing the risk of bugs leading to
>  system-wide harm.

I'd like to try to rearrange this so that it has something more like
an explanation of what setuid is (and what problem it solves) at the
start.  My current suggestion:

   Kismet needs root privileges for some of its functions. To minimize
   the amount of code that runs with elevated privileges (and reduce the
   risk of bugs doing system-wide damage) it is recommended to install
   Kismet with the "setuid" bit set, which will allow it to grant these
   privileges automatically to the processes that need them, excluding
   the user interface and packet decoding parts.

(This leaves unstated the alternative of getting root "manually".)

>  .
>  For more detailed information, please see the "Suidroot & Security" section
>  of the Kismet README at:
>  http://www.kismetwireless.net/README
>  or
>  /usr/share/doc/kismet/README

We don't need to point at two different copies - that's the default
location for a Kismet README under Debian anyway.  (And why not
mention that it's section 4?)

>  .
>  Enabling this feature allows users in the 'kismet' group to run Kismet (and
>  capture packets, change wireless card state, etc).  Do NOT enable setuid 
>  Kismet if you have untrusted users on your system.
>  .
>  Most users running Kismet on personal laptops should install it as setuid.

This is all okay - I've just edited it to match the standard
debian-l10n-english "stylesheet", with double quotes and single-spaced
sentences.

> 
> Template: kismet/install-users
> Type: string
> _Description: Users to add to the kismet group
>  Only users in the kismet group are able to use kismet under the setuid model.
>  .
>  List users, separated by spaces, to be added to the group.

It's easy to misinterpret "list users" as a noun phrase, and then be
further confused at the mental image of people separated by spaces...
make it:

   Please specify the users to be added to the group, as a
   space-separated list.

>  .
>  NOTE: After adding users to a group, typically they must log out and log in
>  again before the group is recognized.

I'm never keen on "PAY ATTENTION TO THIS BIT" signs, and I'd rephrase
the sentence to avoid subject-reference confusion:

   Note that currently logged-in users who are added to a group will
   typically need to log out and log in again before it is recognized.

(In fact you can "re-log-in on the spot" by saying "su - $USER", but
CLI-phobics don't need to hear about that.)

Meanwhile in the control file:

> Package: kismet
> Architecture: any
> Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libcap2-bin
> Suggests: kismet-plugins, festival, gpsd
> Description: Wireless sniffing and monitoring - core
>  Kismet is an 802.11 layer2 wireless network detector, sniffer, and
>  intrusion detection system.  It will work with any wireless card
>  that supports raw monitoring (rfmon) mode and can sniff 802.11b,
>  802.11a, and 802.11g traffic.

Ah, slightly improved phrasing from the Squeeze version.  But
 * no need to capitalise "Wireless";
 * in principle the old "...monitoring tool" synopsis had better
   DevRef compliance (as a noun phrase describing the package), but
   this works well enough;
 * I'd say "layer-2" (possibly even "layer two");
 * we're standardising on single-spaced sentences;
 * it needs a comma after "mode" to make it clear that "can sniff" is
   syntactically parallel to "work", not "supports" (it isn't saying
   "any card that supports foo and can sniff bar and baz");
 * you've updated the old blurb that only said it could do 802.11b,
   but the README says it can do 802.11n, too!  (Also, why list
   802.11b before 802.11a?)

So I've got:

  Description: wireless sniffing and monitoring - core
   Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
   intrusion detection system. It will work with any wireless card that
   supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
   802.11g, and 802.11n traffic.

>  .
>  It can use festival to play audio alarms for network events,
>  can speak out network summary on discovery, and optionally works with
>  gpsd to map scanning.

Er, now I'm confused.  The Squeeze version used to suggest sox, and
said it could use (a) sox and (b) festival to (a) play alarms and (b)
speak, but now it seems to be saying I need to install festival just
to make it go beep.  Is that true?  Also:
 * I'm not convinced "speak out" works as a transitive verb like
   this, though it's hard to find an alternative;
 * "optionally works" is redundant (unless it's got a configuration
   option "BROKEN=NO");
 * what does "to map scanning" mean?
Retreating into vagueness, my suggestion is:

   It can use other programs to play audio alarms for network events,
   announce network summaries as speech, or provide GPS coordinates.

>  .
>  This is the main package containing the core, client and server.
                                                       ^
Insert serial comma for consistency.

> 
> Package: kismet-plugins
> Architecture: any
> Depends: ${shlibs:Depends}, ${misc:Depends}, kismet(= ${binary:Version})
> Enhances: kismet
> Description: Wireless sniffing and monitoring - plugins
>  Kismet is an 802.11 layer2 wireless network detector, sniffer, and
>  intrusion detection system.  It will work with any wireless card
>  that supports raw monitoring (rfmon) mode and can sniff 802.11b,
>  802.11a, and 802.11g traffic.
>  .
>  It can use festival to play audio alarms for network events,
>  can speak out network summary on discovery, and optionally works with
>  gpsd to map scanning.

All as above.  Hang on, though - shouldn't it suggest spectools?

>  .
>  This package contains the following extra plugins for kismet:
>  autowep: Easily detect the WEP key from BSSID and SSID
>  btscan: Basic scan support for Bluetooth, aka 802.15.1
>  dot15d4: Support for 802.15.4 protocol
>  ptw: Performs the Aircrack-NG PTW attack against data captured by Kismet
>  spectools: Links to the Spectools spectrum analyzer network export

These linebreaks will be reflowed in most displays; you need to make
it a proper indented list, with bullet points.  I'll also rephrase
them slightly:

   This package provides the following extra plugins for Kismet:
    * autowep: detects the WEP key from BSSID and SSID;
    * btscan: basic scan support for the 802.15.1 (Bluetooth) protocol;
    * dot15d4: support for the 802.15.4 Personal Area Network protocol;
    * ptw: performs the Aircrack-NG PTW attack against captured data;
    * spectools: imports data from the spectools spectrum analyzer.

-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ru old/control new/control
--- old/control	2012-11-06 11:16:34.222725429 +0000
+++ new/control	2012-11-06 13:35:38.330724003 +0000
@@ -12,37 +12,35 @@
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libcap2-bin
 Suggests: kismet-plugins, festival, gpsd
-Description: Wireless sniffing and monitoring - core
- Kismet is an 802.11 layer2 wireless network detector, sniffer, and
- intrusion detection system.  It will work with any wireless card
- that supports raw monitoring (rfmon) mode and can sniff 802.11b,
- 802.11a, and 802.11g traffic.
+Description: wireless sniffing and monitoring - core
+ Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
+ intrusion detection system. It will work with any wireless card that
+ supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
+ 802.11g, and 802.11n traffic.
  .
- It can use festival to play audio alarms for network events,
- can speak out network summary on discovery, and optionally works with
- gpsd to map scanning.
+ It can use other programs to play audio alarms for network events,
+ announce network summaries as speech, or provide GPS coordinates.
  .
- This is the main package containing the core, client and server.
+ This is the main package containing the core, client, and server.
 
 Package: kismet-plugins
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, kismet(= ${binary:Version})
 Enhances: kismet
 Description: Wireless sniffing and monitoring - plugins
- Kismet is an 802.11 layer2 wireless network detector, sniffer, and
- intrusion detection system.  It will work with any wireless card
- that supports raw monitoring (rfmon) mode and can sniff 802.11b,
- 802.11a, and 802.11g traffic.
+ Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
+ intrusion detection system. It will work with any wireless card that
+ supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
+ 802.11g, and 802.11n traffic.
  .
- It can use festival to play audio alarms for network events,
- can speak out network summary on discovery, and optionally works with
- gpsd to map scanning.
+ It can use other programs to play audio alarms for network events,
+ announce network summaries as speech, or provide GPS coordinates.
  .
- This package contains the following extra plugins for kismet:
- autowep: Easily detect the WEP key from BSSID and SSID
- btscan: Basic scan support for Bluetooth, aka 802.15.1
- dot15d4: Support for 802.15.4 protocol
- ptw: Performs the Aircrack-NG PTW attack against data captured by Kismet
- spectools: Links to the Spectools spectrum analyzer network export
+ This package provides the following extra plugins for Kismet:
+  * autowep: detects the WEP key from BSSID and SSID;
+  * btscan: basic scan support for the 802.15.1 (Bluetooth) protocol;
+  * dot15d4: support for the 802.15.4 Personal Area Network protocol;
+  * ptw: performs the Aircrack-NG PTW attack against captured data;
+  * spectools: imports data from the spectools spectrum analyzer.
 
 
diff -ru old/kismet.templates new/kismet.templates
--- old/kismet.templates	2012-11-06 11:16:35.450724020 +0000
+++ new/kismet.templates	2012-11-06 13:37:36.730724222 +0000
@@ -2,31 +2,31 @@
 Template: kismet/install-setuid
 Type: boolean
 Default: true
-_Description: Should Kismet be installed to run with setuid privs?
- Kismet can be installed as setuid (recommended) or as standard (root required).
- Running Kismet as setuid is recommended over running it as root, because
- most parts of Kismet (such as the UI and the parts that decode packets) will
- not run with elevated privileges, reducing the risk of bugs leading to
- system-wide harm.
+_Description: Install Kismet "setuid root"?
+ Kismet needs root privileges for some of its functions. To minimize
+ the amount of code that runs with elevated privileges (and reduce the
+ risk of bugs doing system-wide damage) it is recommended to install
+ Kismet with the "setuid" bit set, which will allow it to grant these
+ privileges automatically to the processes that need them, excluding
+ the user interface and packet decoding parts.
  .
- For more detailed information, please see the "Suidroot & Security" section
- of the Kismet README at:
- http://www.kismetwireless.net/README
- or
- /usr/share/doc/kismet/README
+ For more detailed information, see section 4 of the Kismet README
+ ("Suidroot & Security").
  .
- Enabling this feature allows users in the 'kismet' group to run Kismet (and
- capture packets, change wireless card state, etc).  Do NOT enable setuid 
- Kismet if you have untrusted users on your system.
+ Enabling this feature allows users in the "kismet" group to run Kismet
+ (and capture packets, change wireless card state, etc). Do NOT accept
+ this option if you have untrusted users on your system.
  .
  Most users running Kismet on personal laptops should install it as setuid.
 
 Template: kismet/install-users
 Type: string
 _Description: Users to add to the kismet group
- Only users in the kismet group are able to use kismet under the setuid model.
+ Only users in the kismet group are able to use kismet under the setuid
+ model.
  .
- List users, separated by spaces, to be added to the group.
+ Please specify the users to be added to the group, as a
+ space-separated list.
  .
- NOTE: After adding users to a group, typically they must log out and log in
- again before the group is recognized.
+ Note that currently logged-in users who are added to a group will
+ typically need to log out and log in again before it is recognized.

Template: kismet/install-setuid
Type: boolean
Default: true
_Description: Install Kismet "setuid root"?
 Kismet needs root privileges for some of its functions. To minimize
 the amount of code that runs with elevated privileges (and reduce the
 risk of bugs doing system-wide damage) it is recommended to install
 Kismet with the "setuid" bit set, which will allow it to grant these
 privileges automatically to the processes that need them, excluding
 the user interface and packet decoding parts.
 .
 For more detailed information, see section 4 of the Kismet README
 ("Suidroot & Security").
 .
 Enabling this feature allows users in the "kismet" group to run Kismet
 (and capture packets, change wireless card state, etc). Do NOT accept
 this option if you have untrusted users on your system.
 .
 Most users running Kismet on personal laptops should install it as setuid.

Template: kismet/install-users
Type: string
_Description: Users to add to the kismet group
 Only users in the kismet group are able to use kismet under the setuid
 model.
 .
 Please specify the users to be added to the group, as a
 space-separated list.
 .
 Note that currently logged-in users who are added to a group will
 typically need to log out and log in again before it is recognized.

Source: kismet
Section: net
Priority: optional
Homepage: http://www.kismetwireless.net/
Maintainer: Nick Andrik <nick.andrik@gmail.com>
Build-Depends: cdbs, debhelper(>=8), po-debconf, autotools-dev,
 libncurses5-dev, libpcap-dev, libpcre3-dev, libcap-dev, libnl2-dev,
 pkg-config, libbluetooth-dev, libusb-dev, libssl-dev
Standards-Version: 3.9.4

Package: kismet
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libcap2-bin
Suggests: kismet-plugins, festival, gpsd
Description: wireless sniffing and monitoring - core
 Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
 intrusion detection system. It will work with any wireless card that
 supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
 802.11g, and 802.11n traffic.
 .
 It can use other programs to play audio alarms for network events,
 announce network summaries as speech, or provide GPS coordinates.
 .
 This is the main package containing the core, client, and server.

Package: kismet-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, kismet(= ${binary:Version})
Enhances: kismet
Description: Wireless sniffing and monitoring - plugins
 Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
 intrusion detection system. It will work with any wireless card that
 supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
 802.11g, and 802.11n traffic.
 .
 It can use other programs to play audio alarms for network events,
 announce network summaries as speech, or provide GPS coordinates.
 .
 This package provides the following extra plugins for Kismet:
  * autowep: detects the WEP key from BSSID and SSID;
  * btscan: basic scan support for the 802.15.1 (Bluetooth) protocol;
  * dot15d4: support for the 802.15.4 Personal Area Network protocol;
  * ptw: performs the Aircrack-NG PTW attack against captured data;
  * spectools: imports data from the spectools spectrum analyzer.

Reply to:

Follow-Ups:
- Re: kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet
  - From: Nick Andrik <nick.andrik@gmail.com>

References:
- kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet
  - From: Nick Andrik <nick.andrik@gmail.com>

Prev by Date: kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet
Next by Date: Guess what! So i'm looking out for boyfriend!
Previous by thread: kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet
Next by thread: Re: kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet
Index(es):
- Date
- Thread