Re: [RFR] templates://ipsec-tools/{racoon.templates}

To: debian-l10n-english@lists.debian.org
Cc: 677713@bugs.debian.org
Subject: Re: [RFR] templates://ipsec-tools/{racoon.templates}
From: Justin B Rye <jbr@edlug.org.uk>
Date: Sat, 16 Jun 2012 17:29:55 +0100
Message-id: <[🔎] 20120616162955.GA2596@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english@lists.debian.org, 677713@bugs.debian.org
In-reply-to: <[🔎] SmithReviewDebconf-ipsec-tools-rfr-1339853865@mykerinos>
References: <[🔎] SmithReviewDebconf-ipsec-tools-intent-1339844841@mykerinos> <[🔎] SmithReviewDebconf-ipsec-tools-rfr-1339853865@mykerinos>

Christian PERRIER wrote:
> Your review should be sent as an answer to this mail.

Things are moving fast, we must be close to a freeze!

[...]
>   Racoon can be configured two ways, either by directly editing
>   /etc/racoon/racoon.conf or using the racoon-tool administrative front end.

I was going to add another colon, but really, why count them?

    Racoon can be configured either directly, by editing
    /etc/racoon/racoon.conf, or via the racoon-tool administrative front end.

>   .
>   Use of the "direct" method is strongly recommended if you want to use all
> - the racoon examples on the Net, and if you want to use the fuul racoon feature
> - set.  You will have to directly edit /etc/racoon/racoon.conf and possibly
> + the racoon examples on the Net, and if you want to use the full
> + racoon features set. You will have to directly edit /etc/racoon/racoon.conf and possibly
>   manually set up the SPD via setkey.
> 
> Drop double space. I wonder whether we should capitalize "Racoon".
> 
> "feature" or "features"?

Set expression "feature set" (sometimes even written as one word, but
let's not).

>   .
>   Racoon-tool has been refreshed for racoon 0.8.0, and is for use in basic

"Refreshed" sounds as if it has been wiped with a lemon-soaked napkin;
does it mean "updated"?

>   configuration setups. It gives the benefit of managing the SPD along with the
>   IKE that Strongswan offers. IPv6, transport/tunnel mode (ESP/AH), PSK/X509

Upstream say "strongSwan".

> - auth and basic 'anonymous' VPN server are supported.
> + auth and basic "anonymous" VPN server are supported.
        ^,
Serial comma (d-l-e house style).  I see it's already single-spaced.

>   .
> - More information is available in /usr/share/doc/racoon/README.Debian
> + More information is available in /usr/share/doc/racoon/README.Debian.
> 
> Standard quoting and final sentence dot.
> 
> I also wonder whether it would make sense to explain the "SPD" acronym....:)

We could at least expand it to "Security Policy Database" the first
time (after all, Wikipedia thinks it's a German political party, while
Google is fairly sure it's an obstetric condition).

Meanwhile there's trouble brewing in the control file:

> Package: ipsec-tools
> Architecture: any
> Depends: ${shlibs:Depends}, ${misc:Depends}
> Description: IPsec tools for Linux

"Architecture: any" but it specifically requires a Linux kernel?
Either I'm misunderstanding multiarch or there's something wrong here.
And what's the point of saying "for Linux" in the synopsis anyway?  If
I'm on an amd64 machine searching the package archives, I'm going to
be pretty surprised to find anything that's only usable on Windows!
(The answer seems to be the historical detail that it's a port of
some BSD software... but it doesn't actually say that.)

>  IPsec-Tools is a port of the KAME IPsec utilities for Linux. It can be
>  used with the ipsec implementation in 2.6 and later kernels or with
>  the 2.4 backport of the ipsec changes.

It can't be used with 2.4 on Debian, because Debian hasn't supported
kernels as old as that for several releases!  This needs an update;
the sanest approach would probably be just to stop specifying version
numbers.

Also, this description basically fails to say what the software is for
and why I might want to install it.  Instead it just makes an obscure
reference to "KAME" as if that made everything obvious.  I would
suggest something more like this:

  Description: IPsec utilities
   IPsec (Internet Protocol security) offers end-to-end security for
   network traffic at the IP layer.
   .
   This package is a port of the utilities from the KAME IPsec
   implementation on BSD.

> Package: racoon
> Architecture: any

Again, should that be linux-any?

> Provides: ike-server
> Conflicts: ike-server
> Depends: ${misc:Depends}, ${shlibs:Depends}, ipsec-tools (= ${binary:Version}), debconf (>= 0.2.26) | debconf-2.0, adduser, ${perl:Depends}
> Description: IPsec IKE keying daemon

I last saw this strange expression "keying daemon" when we were
reviewing strongswan's Pluto back in 2009 (Google still doesn't show
anybody talking about "keying daemons" or "keying servers" in any
other context).  It seems to me that the most transparent way to do
this would be just to expand "IKE" and drop the word "key".

(Should it mention that it supports IKEv2, assuming it does?)

>  racoon is the KAME IKE (ipsec key exchange) server. It can be used with
>  the Linux ipsec implementation in 2.6 and later kernels or with
>  the 2.4 backport of the ipsec changes.

This has most of the same problems, along with another one from pluto:
IKE doesn't stand for "ipsec key exchange" (see RFC 2409).  Maybe:

  Description: IPsec Internet Key Exchange daemon
   IPsec (Internet Protocol security) offers end-to-end security for
   network traffic at the IP layer.
   .
   This package is a port of the IKE server from the KAME IPsec
   implementation on BSD.

Obligatory WhyTheName appendix: "racoon" is doubly mystifying, in that
it appears to be a *misspelled* arbitrary animal name.  Any clues?
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Template: racoon/config_mode
Type: select
__Choices: direct, racoon-tool
Default: direct
_Description: Configuration mode for racoon IKE daemon:
 Racoon can be configured either directly, by editing
 /etc/racoon/racoon.conf, or using the racoon-tool administrative front end.
 .
 Use of the "direct" method is strongly recommended if you want to use all
 the racoon examples on the Net, and if you want to use the full
 racoon feature set. You will have to directly edit /etc/racoon/racoon.conf and possibly
 manually set up the Security Policy Database via setkey.
 .
 Racoon-tool has been updated for racoon 0.8.0, and is for use in basic
 configuration setups. It gives the benefit of managing the SPD along with the
 IKE that strongSwan offers. IPv6, transport/tunnel mode (ESP/AH), PSK/X509
 auth, and basic "anonymous" VPN server are supported.
 .
 More information is available in /usr/share/doc/racoon/README.Debian.

Source: ipsec-tools
Section: net
Priority: extra
Maintainer: Matthew Grant <matthewgrant5@gmail.com>
Build-Depends: debhelper (>=7.0.50~), flex, bison, libkrb5-dev, libssl-dev (>= 0.9.6), libpam0g-dev, po-debconf, chrpath, hardening-wrapper, libldap2-dev
Standards-Version: 3.9.3
Vcs-Git: git://anonscm.debian.org/collab-maint/ipsec-tools.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/ipsec-tools.git
Homepage: http://ipsec-tools.sourceforge.net/

Package: ipsec-tools
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: IPsec utilities
 IPsec (Internet Protocol security) offers end-to-end security for
 network traffic at the IP layer.
 .
 This package is a Linux port of the utilities from the KAME IPsec
 implementation on BSD.

Package: racoon
Architecture: any
Provides: ike-server
Conflicts: ike-server
Depends: ${misc:Depends}, ${shlibs:Depends}, ipsec-tools (= ${binary:Version}), debconf (>= 0.2.26) | debconf-2.0, adduser, ${perl:Depends}
Description: IPsec Internet Key Exchange daemon
 IPsec (Internet Protocol security) offers end-to-end security for
 network traffic at the IP layer.
 .
 This package is a Linux port of the IKE server from the KAME IPsec
 implementation on BSD.

diff -ru ipsec-tools-0.8.0.pristine/debian/control ipsec-tools-0.8.0/debian/control
--- ipsec-tools-0.8.0.pristine/debian/control	2012-06-15 00:32:24.000000000 +0100
+++ ipsec-tools-0.8.0/debian/control	2012-06-16 17:23:18.895392509 +0100
@@ -11,17 +11,21 @@
 Package: ipsec-tools
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: IPsec tools for Linux
- IPsec-Tools is a port of the KAME IPsec utilities for Linux. It can be
- used with the ipsec implementation in 2.6 and later kernels or with
- the 2.4 backport of the ipsec changes.
+Description: IPsec utilities
+ IPsec (Internet Protocol security) offers end-to-end security for
+ network traffic at the IP layer.
+ .
+ This package is a Linux port of the utilities from the KAME IPsec
+ implementation on BSD.
 
 Package: racoon
 Architecture: any
 Provides: ike-server
 Conflicts: ike-server
 Depends: ${misc:Depends}, ${shlibs:Depends}, ipsec-tools (= ${binary:Version}), debconf (>= 0.2.26) | debconf-2.0, adduser, ${perl:Depends}
-Description: IPsec IKE keying daemon
- racoon is the KAME IKE (ipsec key exchange) server. It can be used with
- the Linux ipsec implementation in 2.6 and later kernels or with
- the 2.4 backport of the ipsec changes.
+Description: IPsec Internet Key Exchange daemon
+ IPsec (Internet Protocol security) offers end-to-end security for
+ network traffic at the IP layer.
+ .
+ This package is a Linux port of the IKE server from the KAME IPsec
+ implementation on BSD.
diff -ru ipsec-tools-0.8.0.pristine/debian/racoon.templates ipsec-tools-0.8.0/debian/racoon.templates
--- ipsec-tools-0.8.0.pristine/debian/racoon.templates	2012-06-15 00:39:17.000000000 +0100
+++ ipsec-tools-0.8.0/debian/racoon.templates	2012-06-16 17:26:00.731392576 +0100
@@ -1,22 +1,19 @@
 Template: racoon/config_mode
 Type: select
 __Choices: direct, racoon-tool
-# The above choices have to be left as they are as the values are used directly
-# in the postinst script.  They do not need translation.
-# Please explain what they are in any rewritten description.
 Default: direct
-_Description: Configuration mode for racoon IKE daemon.
- Racoon can be configured two ways, either by directly editing
- /etc/racoon/racoon.conf or using the racoon-tool administrative front end.
+_Description: Configuration mode for racoon IKE daemon:
+ Racoon can be configured either directly, by editing
+ /etc/racoon/racoon.conf, or using the racoon-tool administrative front end.
  .
  Use of the "direct" method is strongly recommended if you want to use all
- the racoon examples on the Net, and if you want to use the fuul racoon feature
- set.  You will have to directly edit /etc/racoon/racoon.conf and possibly
- manually set up the SPD via setkey.
+ the racoon examples on the Net, and if you want to use the full
+ racoon feature set. You will have to directly edit /etc/racoon/racoon.conf and possibly
+ manually set up the Security Policy Database via setkey.
  .
- Racoon-tool has been refreshed for racoon 0.8.0, and is for use in basic
+ Racoon-tool has been updated for racoon 0.8.0, and is for use in basic
  configuration setups. It gives the benefit of managing the SPD along with the
- IKE that Strongswan offers. IPv6, transport/tunnel mode (ESP/AH), PSK/X509
- auth and basic 'anonymous' VPN server are supported.
+ IKE that strongSwan offers. IPv6, transport/tunnel mode (ESP/AH), PSK/X509
+ auth, and basic "anonymous" VPN server are supported.
  .
- More information is available in /usr/share/doc/racoon/README.Debian
+ More information is available in /usr/share/doc/racoon/README.Debian.

Reply to:

Follow-Ups:
- Re: [RFR] templates://ipsec-tools/{racoon.templates}
  - From: Justin B Rye <jbr@edlug.org.uk>

References:
- [ITR] templates://ipsec-tools/{racoon.templates}
  - From: Christian PERRIER <bubulle@debian.org>
- [RFR] templates://ipsec-tools/{racoon.templates}
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Review more new debconf templates of fglrx-driver [non-free]
Next by Date: Re: Review more new debconf templates of fglrx-driver [non-free]
Previous by thread: Bug#677713: Info received ([RFR] templates://ipsec-tools/{racoon.templates})
Next by thread: Re: [RFR] templates://ipsec-tools/{racoon.templates}
Index(es):
- Date
- Thread