Re: Bug#705794: [RFR] templates://squid-deb-proxy/{squid-deb-proxy.templates}
Michael Vogt wrote:
>>> Template: squid-deb-proxy/ppa-enable
>>> Type: boolean
>>> Default: false
>>> -_Description: Allow PPA (Personal Package Archive) access?
>>> - Squid-deb-proxy by default will not allow PPA repositories from launchpad.
>>> - Selecting Y in this option will activate PPA repo access.
>>> +_Description: Allow PPA access?
>>> + By default, squid-deb-proxy does not allow to access Personal Packages
>>> + Archive (PPA) repositories from Launchpad.
>>
>> Disallowed! "Allow" needs an object; here the simple fix would be to
>> say "allow access to [...]". But why are we using the word "allow" in
>> the first place? Installing squid-deb-proxy has no effect on whether
>> I'm *permitted* to point my sources.list at a PPA; this debconf
>> question just determines whether squid-deb-proxy will manage a cache
>> to optimise package downloads from it.
>
> The way squid-deb-proxy works is that it has a whitelist of
> repositories it will connect to. If you connect to a different one it
> will give you a "403 access denied". So in that sense its about
> "permitting access", not only about caching (or the lack of
> caching).
So it can in fact be granting (continued) access, as long as admins
answer "Y" to this question and get Launchpad PPAs added to the
whitelist; fair enough, then, it probably should say "allow":
By default, squid-deb-proxy does not allow access to Personal Package
Archive (PPA) repositories on Launchpad.
.
Choosing this option will whitelist these repositories.
> You could of course enable the proxy for ftp.debian.org and disable it
> for other source via apt.conf but that seems to be a corner-case.
>
> The main use-case for this is that a admin can install it without any
> configuration on the client and server and it will only allow access
> to package sources that are considered official.
You'd need to back that up with something in the firewall, since any
user capable of installing things from PPAs is also capable of
uninstalling s-d-p-client, but that's doable.
>> It's "Personal Package Archive (PPA) repositories". But I would avoid
>> "access [...] from Launchpad" - make it "repositories on Launchpad".
>>
>> By default, squid-deb-proxy does not provide caching for Personal
>> Package Archive (PPA) repositories on Launchpad.
>
> Thanks! I will fix this.
>
>>> + .
>>> + Choosing this option will allow this.
>>
>> Again avoiding my least favourite word:
>>
>> Choosing this option will activate this support.
>>
>> (It also helps smooth over the repeated "this".)
>
> Thanks again, that sounds better indeed.
My revised patch says "will whitelist these repositories", making it
clearer what the mechanism is (and incidentally eliminating the
repeated word).
[...]
>> My suggestion:
>>
>> Description: Squid proxy configuration to optimize package downloads
>> This package contains a Squid proxy configuration to manage a cache of
>> .deb package downloads, using a dedicated directory and port.
> [..]
>
> I would like to mention in some way that the config is different from
> the stock config to accommodate for deb package. Not sure what the
> best way for this is (its too early in the morning and I haven't had a
> cup of tea yet ;)
Maybe it would fit in like this:
Description: Squid proxy configuration to optimize package downloads
This package contains a Squid proxy configuration to manage a cache of
.deb downloads, with optimizations for the types of file present in
package repositories, and using a dedicated directory and port.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
diff -ru squid-deb-proxy-0.7.pristine/debian/control squid-deb-proxy-0.7/debian/control
--- squid-deb-proxy-0.7.pristine/debian/control 2013-04-09 18:12:46.000000000 +0100
+++ squid-deb-proxy-0.7/debian/control 2013-04-29 10:22:26.947461077 +0100
@@ -17,19 +17,16 @@
${misc:Depends},
squid3
Recommends: avahi-utils
-Description: Squid proxy configuration optimized for deb packages
- This package contains a squid proxy configuration that is optimized
- for downloading deb packages. It defaults to a different cache
- directory and port than the regular squid cache.
- .
- The config default to allowing cached access from a local network
- to *.archive.ubuntu.com.
+Description: Squid proxy configuration to optimize package downloads
+ This package contains a Squid proxy configuration to manage a cache of
+ .deb downloads, with optimizations for the types of file present in
+ package repositories, and using a dedicated directory and port.
Package: squid-deb-proxy-client
Architecture: all
Depends: ${misc:Depends}, avahi-utils, apt (>= 0.7.25.3ubuntu1), python
-Description: Automatic proxy discovery for apt based on avahi
- This package contains a helper for the apt http method to discover
+Description: automatic proxy discovery for APT based on Avahi
+ This package contains a helper for the APT http method to discover
proxies that publish their service as _apt_proxy._tcp.
.
It was written to be installed on clients that should use
@@ -41,12 +38,12 @@
Section: debian-installer
Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}, configured-network,
-Description: Automatic proxy discovery for apt based on avahi (udeb)
- This package contains a helper for the apt http method to discover
+Description: automatic proxy discovery for APT based on Avahi (udeb)
+ This package contains a helper for the APT http method to discover
proxies that publish their service as _apt_proxy._tcp.
.
It was written to be installed on clients that should use
squid-deb-proxy automatically, but it will work with any proxy
that publishes the service as _apt_proxy._tcp.
.
- This package contains the udeb only
+ This package contains the udeb for use with the Debian Installer.
diff -ru squid-deb-proxy-0.7.pristine/debian/squid-deb-proxy.templates squid-deb-proxy-0.7/debian/squid-deb-proxy.templates
--- squid-deb-proxy-0.7.pristine/debian/squid-deb-proxy.templates 2013-04-06 17:35:46.000000000 +0100
+++ squid-deb-proxy-0.7/debian/squid-deb-proxy.templates 2013-04-29 09:49:15.687311523 +0100
@@ -1,16 +1,17 @@
Template: squid-deb-proxy/ppa-enable
Type: boolean
Default: false
-_Description: Allow PPA (Personal Package Archive) access?
- Squid-deb-proxy by default will not allow PPA repositories from launchpad.
- Selecting Y in this option will activate PPA repo access.
+_Description: Allow PPA access?
+ By default, squid-deb-proxy does not allow access to Personal Package
+ Archive (PPA) repositories on Launchpad.
+ .
+ Choosing this option will whitelist these repositories.
Template: squid-deb-proxy/acl-disable
Type: boolean
Default: false
_Description: Allow unrestricted network access?
- Squid-deb-proxy restricts access to the cache to private networks
- only by default.
- Selecting Y in this option will allow unrestricted access of all IPs
- to access the cache. Selecting N will only allow private networks
- (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to access the cache.
+ By default, squid-deb-proxy allows access to the cache from private
+ networks only (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
+ .
+ Choosing this option will allow other IP addresses to access the cache.
Template: squid-deb-proxy/ppa-enable
Type: boolean
Default: false
_Description: Allow PPA access?
By default, squid-deb-proxy does not allow access to Personal Package
Archive (PPA) repositories on Launchpad.
.
Choosing this option will whitelist these repositories.
Template: squid-deb-proxy/acl-disable
Type: boolean
Default: false
_Description: Allow unrestricted network access?
By default, squid-deb-proxy allows access to the cache from private
networks only (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
.
Choosing this option will allow other IP addresses to access the cache.
Source: squid-deb-proxy
Section: net
Priority: extra
Maintainer: Michael Vogt <mvo@debian.org>
Build-Depends: debhelper (>= 7.0.50),
gettext,
intltool,
pkg-config,
po-debconf
Standards-Version: 3.9.4
Vcs-Bzr: https://code.launchpad.net/~squid-deb-proxy-developers/squid-deb-proxy/trunk
Homepage: https://launchpad.net/squid-deb-proxy
Package: squid-deb-proxy
Architecture: all
Depends: ${python:Depends},
${misc:Depends},
squid3
Recommends: avahi-utils
Description: Squid proxy configuration to optimize package downloads
This package contains a Squid proxy configuration to manage a cache of
.deb downloads, with optimizations for the types of file present in
package repositories, and using a dedicated directory and port.
Package: squid-deb-proxy-client
Architecture: all
Depends: ${misc:Depends}, avahi-utils, apt (>= 0.7.25.3ubuntu1), python
Description: automatic proxy discovery for APT based on Avahi
This package contains a helper for the APT http method to discover
proxies that publish their service as _apt_proxy._tcp.
.
It was written to be installed on clients that should use
squid-deb-proxy automatically, but it will work with any proxy
that publishes the service as _apt_proxy._tcp.
Package: squid-deb-proxy-client-udeb
XC-Package-Type: udeb
Section: debian-installer
Architecture: all
Depends: ${shlibs:Depends}, ${misc:Depends}, configured-network,
Description: automatic proxy discovery for APT based on Avahi (udeb)
This package contains a helper for the APT http method to discover
proxies that publish their service as _apt_proxy._tcp.
.
It was written to be installed on clients that should use
squid-deb-proxy automatically, but it will work with any proxy
that publishes the service as _apt_proxy._tcp.
.
This package contains the udeb for use with the Debian Installer.
Reply to: