Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}

To: debian-l10n-english@lists.debian.org
Cc: 719950@bugs.debian.org
Subject: Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}
From: Justin B Rye <justin.byam.rye@gmail.com>
Date: Tue, 27 Aug 2013 20:42:40 +0100
Message-id: <[🔎] 20130827194240.GA23477@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english@lists.debian.org, 719950@bugs.debian.org
In-reply-to: <[🔎] 521CE23A.2030105@debian.org>
References: <[🔎] SmithReviewDebconf-miniupnpd-intent-1376719608@mykerinos> <[🔎] SmithReviewDebconf-miniupnpd-rfr-1377156645@mykerinos> <[🔎] 20130822110847.GA25213@xibalba.demon.co.uk> <[🔎] 521CE23A.2030105@debian.org>

Thomas Goirand wrote:
> Justin B Rye wrote:
>>>  _Description: Start the MiniUPnP daemon?
>> 
>> Hang on, it's not asking if it should happen this once.  We usually
>> phrase this as something like
>> 
>>    _Description: Start the MiniUPnP daemon at boot?
> 
> Which I don't like, because it's not only at boot time, but also right
> after the package is installed.

Hmmm, okay, so maybe the best way to phrase it is:

      _Description: Start the MiniUPnP daemon automatically?

and have the rest explained in the long description - that is,

>>> + Please choose this option if you want to automatically start the MiniUPnP daemon at boot time.

      Choose this option if the MiniUPnP daemon should start automatically,
      now and at boot time.

(which incidentally gets rid of an unnecessary pronoun.)
 
>> Why does it default to false?
> 
> Because that's otherwise a security concern. If installed using the
> non-interactive mode, then it may be possible that MiniUPNPd listens on
> the WAN, which is just bad. So, by default, it's best to have it
> disabled, and only activate when we are sure that the user has answered
> properly to the Debconf questions.

Okay.  It just struck me as odd that you'd expect people to choose to
install it if they weren't planning on running it (it's not as if it's
pulled in by Avahi); but then again I wrote this before I'd taken in
the fact that this is happening on a router, where you're entitled to
be a bit more "paranoid".
 
>>>  Template: miniupnpd/listen
>>>  Type: string
>>> +_Description: IP address to listen for UPnP queries on the local network:
>> 
>> It's the IP address to listen on⁁ on the local network, which is ugly!
>> Maybe:
>> 
>>    _Description: Local address to listen on for UPnP queries:
> 
> Hum... I would like to insist hard that we want a LAN address here. If
> by mistake, MiniUPNPd listens on the WAN IP, then there is security
> consequences.

You're right, I was overlooking the fact that the IP address of my
router's WAN interface is necessarily a "local" address.  So maybe
this should be

      _Description: LAN address to listen on for UPnP queries:

>>> + The MiniUPnP daemon will listen for requests on the local network. Please
>>>   enter the IP address it should listen on.
>>>
>>> Just avoid possessive articles.You know the rationale: "that might
>>> not be "my" network.
>> 
>> Well, it's the LAN where I have superuser access on the router, so it
>> probably is "my local network" if only in the sense of being local to
>> me.  And cutting out possessives can often result in the text being
>> so uninformative that it would be better just to throw out the whole
>> phrase (this is often true for "the system").  But fortunately "the 
>> local network" feels completely natural. 
> 
> What do you suggest then? Keep the sentence as it is right now?

Yes, I left it as the above.
 
[...]
>> I also proposed that it should have a paragraph summarising why users
>> might or might not want to enable it.  If there are no such
>> considerations, why bother making it configurable?  But the pros and
>> cons aren't obvious to me.
> 
> I think this goes beyond the scope of a Debconf template.

At present debconf is asking sysadmins to make a decision without
providing them with any way of working out what the right answer is,
or what's at stake.  Is this something I can safely try out if I'm
using IPv6 and shouldn't bother with otherwise, or is it a matter of
weighing significant security concerns against a non-zero risk of
blocking existing connections, or what?

>>>  Description: daemon providing UPnP Internet Gateway Device (IGD) services
>> 
>> It's UPnP plus NAT-PMP now; and do we really need to mention IGD here?
> 
> I believe we do. It may help having relevant search results and is on
> topic. For example, there's linux-igd as well (which is the reason why
> miniupnpd is "mini").

Well, it's still in the long description, though I notice now that
I've left out "IGD" there.  We've got a bit of spare space...

>>    Description: UPnP and NAT-PMP daemon for gateway routers

Maybe that could become:

      Description: UPnP IGD and NAT-PMP daemon for gateway routers

What do people think?  I've left it out of my revised draft for now.

>>     MiniUPnPd is a small daemon which can be installed on a NAT router to
>>     provide UPnP Internet Gateway Device and Port Mapping Protocol services,
>>     enabling clients on the LAN to ask for port redirections. It is
>>     compatible with peer-to-peer software, messaging applications, and games
>>     consoles that connect to online services (including XBOX Live and the
>>     Playstation Network).
> 
> Nice! Thanks for your work and suggestions Justin.

I've also just noticed that "XBOX Live" is trademarked as "Xbox LIVE".
Oh, and it's Play_S_tation Network, of course it is.
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ru miniupnpd-1.8.20130730.pristine/debian/control miniupnpd-1.8.20130730/debian/control
--- miniupnpd-1.8.20130730.pristine/debian/control	2013-08-01 23:27:34.000000000 +0100
+++ miniupnpd-1.8.20130730/debian/control	2013-08-27 20:40:55.869630139 +0100
@@ -11,12 +11,10 @@
 Package: miniupnpd
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}, debconf, iptables, iproute, uuid-runtime, net-tools
-Description: daemon providing UPnP Internet Gateway Device (IGD) services
- MiniUPnPd is a small daemon providing UPnP Internet Gateway Device (IGD)
- services to your network. UPnP and NAT-PMP are used to improve internet
- connectivity for devices behind a NAT router. Any peer to peer network
- application such as games, IM, etc. can benefit from a NAT router supporting
- UPnP and/or NAT-PMP. For example the latest generation Microsoft XBOX 360 and
- Sony Playstation 3 game machines use UPnP commands to enable the online play
- with the XBOX Live service and the Playstation Network. It has been reported
- that MiniUPnPd is correctly working with the two consoles.
+Description: UPnP and NAT-PMP daemon for gateway routers
+ MiniUPnPd is a small daemon which can be installed on a NAT router to
+ provide UPnP Internet Gateway Device and Port Mapping Protocol services,
+ enabling clients on the LAN to ask for port redirections. It is
+ compatible with peer-to-peer software, messaging applications, and games
+ consoles that connect to online services (including Xbox LIVE and the
+ PlayStation Network).
diff -ru miniupnpd-1.8.20130730.pristine/debian/miniupnpd.templates miniupnpd-1.8.20130730/debian/miniupnpd.templates
--- miniupnpd-1.8.20130730.pristine/debian/miniupnpd.templates	2013-08-01 23:27:34.000000000 +0100
+++ miniupnpd-1.8.20130730/debian/miniupnpd.templates	2013-08-27 20:38:46.633426097 +0100
@@ -1,25 +1,27 @@
 Template: miniupnpd/start_daemon
 Type: boolean
 Default: false
-_Description: Start the MiniUPnP daemon?
- Select if the MiniUPnP daemon should started automatically at boot time.
+_Description: Start the MiniUPnP daemon automatically?
+ Choose this option if the MiniUPnP daemon should start automatically,
+ now and at boot time.
 
 Template: miniupnpd/listen
 Type: string
-_Description: IP address to listen for UPnP queries on your LAN:
- The MiniUPnP daemon will listen for requests on your local network. Please
+_Description: LAN IP address to listen on for UPnP queries:
+ The MiniUPnP daemon will listen for requests on the local network. Please
  enter the IP address it should listen on.
 
 Template: miniupnpd/iface
 Type: string
-_Description: External WAN network interface where to open ports:
- The MiniUPnP daemon will listen on a specific IP address on your LAN, then it
- will open ports on your WAN interface. Enter the name of your WAN network
- interface on which the MiniUPnP daemon will do the port forwarding.
+_Description: External WAN network interface to open ports on:
+ The MiniUPnP daemon will listen on a specific IP address on the local
+ network, then open ports on the WAN interface. Please enter the name of
+ the WAN network interface on which the MiniUPnP daemon should perform
+ port forwarding.
 
 Template: miniupnpd/ip6script
 Type: boolean
 Default: false
-_Description: Enable ip6tables script?
- Uppon startup of the MiniUPnP daemon, the init script can initialize the
- MiniUPnP IPv6 firewall chain.
+_Description: Enable IPv6 firewall chain?
+ Please specify whether the MiniUPnP daemon should run its
+ ip6tables script on startup to initialize the IPv6 firewall chain.

Template: miniupnpd/start_daemon
Type: boolean
Default: false
_Description: Start the MiniUPnP daemon automatically?
 Choose this option if the MiniUPnP daemon should start automatically,
 now and at boot time.

Template: miniupnpd/listen
Type: string
_Description: LAN IP address to listen on for UPnP queries:
 The MiniUPnP daemon will listen for requests on the local network. Please
 enter the IP address it should listen on.

Template: miniupnpd/iface
Type: string
_Description: External WAN network interface to open ports on:
 The MiniUPnP daemon will listen on a specific IP address on the local
 network, then open ports on the WAN interface. Please enter the name of
 the WAN network interface on which the MiniUPnP daemon should perform
 port forwarding.

Template: miniupnpd/ip6script
Type: boolean
Default: false
_Description: Enable IPv6 firewall chain?
 Please specify whether the MiniUPnP daemon should run its
 ip6tables script on startup to initialize the IPv6 firewall chain.

Source: miniupnpd
Section: net
Priority: optional
Maintainer: Thomas Goirand <zigo@debian.org>
Build-Depends: debhelper (>= 9), iptables-dev, po-debconf, libnfnetlink-dev
Standards-Version: 3.9.4
Homepage: http://miniupnp.free.fr/
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=users/zigo/miniupnpd.git
Vcs-Git: http://anonscm.debian.org/git/users/zigo/miniupnpd.git

Package: miniupnpd
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}, debconf, iptables, iproute, uuid-runtime, net-tools
Description: UPnP and NAT-PMP daemon for gateway routers
 MiniUPnPd is a small daemon which can be installed on a NAT router to
 provide UPnP Internet Gateway Device and Port Mapping Protocol services,
 enabling clients on the LAN to ask for port redirections. It is
 compatible with peer-to-peer software, messaging applications, and games
 consoles that connect to online services (including Xbox LIVE and the
 PlayStation Network).

Reply to:

References:
- [ITR] templates://miniupnpd/{miniupnpd.templates}
  - From: Christian PERRIER <bubulle@debian.org>
- [RFR] templates://miniupnpd/{miniupnpd.templates}
  - From: Christian PERRIER <bubulle@debian.org>
- Re: [RFR] templates://miniupnpd/{miniupnpd.templates}
  - From: Justin B Rye <justin.byam.rye@gmail.com>
- Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}
Next by Date: Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}
Previous by thread: Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}
Next by thread: Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}
Index(es):
- Date
- Thread