Re: Bug#719950: [RFR] templates://miniupnpd/{miniupnpd.templates}
Thomas Goirand wrote:
> Justin B Rye wrote:
>>> _Description: Start the MiniUPnP daemon?
>>
>> Hang on, it's not asking if it should happen this once. We usually
>> phrase this as something like
>>
>> _Description: Start the MiniUPnP daemon at boot?
>
> Which I don't like, because it's not only at boot time, but also right
> after the package is installed.
Hmmm, okay, so maybe the best way to phrase it is:
_Description: Start the MiniUPnP daemon automatically?
and have the rest explained in the long description - that is,
>>> + Please choose this option if you want to automatically start the MiniUPnP daemon at boot time.
Choose this option if the MiniUPnP daemon should start automatically,
now and at boot time.
(which incidentally gets rid of an unnecessary pronoun.)
>> Why does it default to false?
>
> Because that's otherwise a security concern. If installed using the
> non-interactive mode, then it may be possible that MiniUPNPd listens on
> the WAN, which is just bad. So, by default, it's best to have it
> disabled, and only activate when we are sure that the user has answered
> properly to the Debconf questions.
Okay. It just struck me as odd that you'd expect people to choose to
install it if they weren't planning on running it (it's not as if it's
pulled in by Avahi); but then again I wrote this before I'd taken in
the fact that this is happening on a router, where you're entitled to
be a bit more "paranoid".
>>> Template: miniupnpd/listen
>>> Type: string
>>> +_Description: IP address to listen for UPnP queries on the local network:
>>
>> It's the IP address to listen on⁁ on the local network, which is ugly!
>> Maybe:
>>
>> _Description: Local address to listen on for UPnP queries:
>
> Hum... I would like to insist hard that we want a LAN address here. If
> by mistake, MiniUPNPd listens on the WAN IP, then there is security
> consequences.
You're right, I was overlooking the fact that the IP address of my
router's WAN interface is necessarily a "local" address. So maybe
this should be
_Description: LAN address to listen on for UPnP queries:
>>> + The MiniUPnP daemon will listen for requests on the local network. Please
>>> enter the IP address it should listen on.
>>>
>>> Just avoid possessive articles.You know the rationale: "that might
>>> not be "my" network.
>>
>> Well, it's the LAN where I have superuser access on the router, so it
>> probably is "my local network" if only in the sense of being local to
>> me. And cutting out possessives can often result in the text being
>> so uninformative that it would be better just to throw out the whole
>> phrase (this is often true for "the system"). But fortunately "the
>> local network" feels completely natural.
>
> What do you suggest then? Keep the sentence as it is right now?
Yes, I left it as the above.
[...]
>> I also proposed that it should have a paragraph summarising why users
>> might or might not want to enable it. If there are no such
>> considerations, why bother making it configurable? But the pros and
>> cons aren't obvious to me.
>
> I think this goes beyond the scope of a Debconf template.
At present debconf is asking sysadmins to make a decision without
providing them with any way of working out what the right answer is,
or what's at stake. Is this something I can safely try out if I'm
using IPv6 and shouldn't bother with otherwise, or is it a matter of
weighing significant security concerns against a non-zero risk of
blocking existing connections, or what?
>>> Description: daemon providing UPnP Internet Gateway Device (IGD) services
>>
>> It's UPnP plus NAT-PMP now; and do we really need to mention IGD here?
>
> I believe we do. It may help having relevant search results and is on
> topic. For example, there's linux-igd as well (which is the reason why
> miniupnpd is "mini").
Well, it's still in the long description, though I notice now that
I've left out "IGD" there. We've got a bit of spare space...
>> Description: UPnP and NAT-PMP daemon for gateway routers
Maybe that could become:
Description: UPnP IGD and NAT-PMP daemon for gateway routers
What do people think? I've left it out of my revised draft for now.
>> MiniUPnPd is a small daemon which can be installed on a NAT router to
>> provide UPnP Internet Gateway Device and Port Mapping Protocol services,
>> enabling clients on the LAN to ask for port redirections. It is
>> compatible with peer-to-peer software, messaging applications, and games
>> consoles that connect to online services (including XBOX Live and the
>> Playstation Network).
>
> Nice! Thanks for your work and suggestions Justin.
I've also just noticed that "XBOX Live" is trademarked as "Xbox LIVE".
Oh, and it's Play_S_tation Network, of course it is.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
diff -ru miniupnpd-1.8.20130730.pristine/debian/control miniupnpd-1.8.20130730/debian/control
--- miniupnpd-1.8.20130730.pristine/debian/control 2013-08-01 23:27:34.000000000 +0100
+++ miniupnpd-1.8.20130730/debian/control 2013-08-27 20:40:55.869630139 +0100
@@ -11,12 +11,10 @@
Package: miniupnpd
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}, debconf, iptables, iproute, uuid-runtime, net-tools
-Description: daemon providing UPnP Internet Gateway Device (IGD) services
- MiniUPnPd is a small daemon providing UPnP Internet Gateway Device (IGD)
- services to your network. UPnP and NAT-PMP are used to improve internet
- connectivity for devices behind a NAT router. Any peer to peer network
- application such as games, IM, etc. can benefit from a NAT router supporting
- UPnP and/or NAT-PMP. For example the latest generation Microsoft XBOX 360 and
- Sony Playstation 3 game machines use UPnP commands to enable the online play
- with the XBOX Live service and the Playstation Network. It has been reported
- that MiniUPnPd is correctly working with the two consoles.
+Description: UPnP and NAT-PMP daemon for gateway routers
+ MiniUPnPd is a small daemon which can be installed on a NAT router to
+ provide UPnP Internet Gateway Device and Port Mapping Protocol services,
+ enabling clients on the LAN to ask for port redirections. It is
+ compatible with peer-to-peer software, messaging applications, and games
+ consoles that connect to online services (including Xbox LIVE and the
+ PlayStation Network).
diff -ru miniupnpd-1.8.20130730.pristine/debian/miniupnpd.templates miniupnpd-1.8.20130730/debian/miniupnpd.templates
--- miniupnpd-1.8.20130730.pristine/debian/miniupnpd.templates 2013-08-01 23:27:34.000000000 +0100
+++ miniupnpd-1.8.20130730/debian/miniupnpd.templates 2013-08-27 20:38:46.633426097 +0100
@@ -1,25 +1,27 @@
Template: miniupnpd/start_daemon
Type: boolean
Default: false
-_Description: Start the MiniUPnP daemon?
- Select if the MiniUPnP daemon should started automatically at boot time.
+_Description: Start the MiniUPnP daemon automatically?
+ Choose this option if the MiniUPnP daemon should start automatically,
+ now and at boot time.
Template: miniupnpd/listen
Type: string
-_Description: IP address to listen for UPnP queries on your LAN:
- The MiniUPnP daemon will listen for requests on your local network. Please
+_Description: LAN IP address to listen on for UPnP queries:
+ The MiniUPnP daemon will listen for requests on the local network. Please
enter the IP address it should listen on.
Template: miniupnpd/iface
Type: string
-_Description: External WAN network interface where to open ports:
- The MiniUPnP daemon will listen on a specific IP address on your LAN, then it
- will open ports on your WAN interface. Enter the name of your WAN network
- interface on which the MiniUPnP daemon will do the port forwarding.
+_Description: External WAN network interface to open ports on:
+ The MiniUPnP daemon will listen on a specific IP address on the local
+ network, then open ports on the WAN interface. Please enter the name of
+ the WAN network interface on which the MiniUPnP daemon should perform
+ port forwarding.
Template: miniupnpd/ip6script
Type: boolean
Default: false
-_Description: Enable ip6tables script?
- Uppon startup of the MiniUPnP daemon, the init script can initialize the
- MiniUPnP IPv6 firewall chain.
+_Description: Enable IPv6 firewall chain?
+ Please specify whether the MiniUPnP daemon should run its
+ ip6tables script on startup to initialize the IPv6 firewall chain.
Template: miniupnpd/start_daemon
Type: boolean
Default: false
_Description: Start the MiniUPnP daemon automatically?
Choose this option if the MiniUPnP daemon should start automatically,
now and at boot time.
Template: miniupnpd/listen
Type: string
_Description: LAN IP address to listen on for UPnP queries:
The MiniUPnP daemon will listen for requests on the local network. Please
enter the IP address it should listen on.
Template: miniupnpd/iface
Type: string
_Description: External WAN network interface to open ports on:
The MiniUPnP daemon will listen on a specific IP address on the local
network, then open ports on the WAN interface. Please enter the name of
the WAN network interface on which the MiniUPnP daemon should perform
port forwarding.
Template: miniupnpd/ip6script
Type: boolean
Default: false
_Description: Enable IPv6 firewall chain?
Please specify whether the MiniUPnP daemon should run its
ip6tables script on startup to initialize the IPv6 firewall chain.
Source: miniupnpd
Section: net
Priority: optional
Maintainer: Thomas Goirand <zigo@debian.org>
Build-Depends: debhelper (>= 9), iptables-dev, po-debconf, libnfnetlink-dev
Standards-Version: 3.9.4
Homepage: http://miniupnp.free.fr/
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=users/zigo/miniupnpd.git
Vcs-Git: http://anonscm.debian.org/git/users/zigo/miniupnpd.git
Package: miniupnpd
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}, debconf, iptables, iproute, uuid-runtime, net-tools
Description: UPnP and NAT-PMP daemon for gateway routers
MiniUPnPd is a small daemon which can be installed on a NAT router to
provide UPnP Internet Gateway Device and Port Mapping Protocol services,
enabling clients on the LAN to ask for port redirections. It is
compatible with peer-to-peer software, messaging applications, and games
consoles that connect to online services (including Xbox LIVE and the
PlayStation Network).
Reply to: