Re: Bug#745761: [RFR] templates://igtf-policy-bundle/{templates.in}

To: debian-l10n-english@lists.debian.org
Cc: 745761@bugs.debian.org
Subject: Re: Bug#745761: [RFR] templates://igtf-policy-bundle/{templates.in}
From: Justin B Rye <justin.byam.rye@gmail.com>
Date: Wed, 30 Apr 2014 12:31:24 +0100
Message-id: <[🔎] 20140430113124.GA1241@xibalba.demon.co.uk>
Mail-followup-to: debian-l10n-english@lists.debian.org, 745761@bugs.debian.org
In-reply-to: <[🔎] 536042F5.4010203@nikhef.nl>
References: <[🔎] SmithReviewDebconf-igtf-policy-bundle-intent-1398746780@mykerinos> <[🔎] SmithReviewDebconf-igtf-policy-bundle-rfr-1398791333@mykerinos> <[🔎] 20140429194807.GA12534@xibalba.demon.co.uk> <[🔎] 536042F5.4010203@nikhef.nl>

Dennis van Dok wrote:
> Justin B Rye wrote:
>> I suspect you'll see a second draft of this...
[...]
>> Maybe:
>>     Please specify whether the IGTF Certification Authority certificates for
>>     the @PROFILE@ profile should be installed as trusted in
>>     /etc/grid-security/certificates.
> 
> Somehow "installed as trusted" feels like it might mean more than just
> "installed", where it is really "installed, and therefore trusted". It's
> the ambiguity of the language I guess.

I thought about adding parentheses: "installed (as trusted)".  But
that seemed fussy, and then I ended up doing it completely differently
anyway:

[...]
>> Rethinking what the actual question is... should it perhaps be
>> 
>>  _Description: Trust IGTF @PROFILE@ CAs by default?
>>   Trusted IGTF Certification Authority certificates are installed in
>>   /etc/grid-security/certificates.
>>   .
>>   Accept this option to have certificates included by default unless they
>>   are explicitly excluded. Reject it to choose the reverse policy,
>>   excluding them unless explicitly included.
>>   .
>>   You will then have the opportunity to define the list of exceptions.
> 
> That's bang on, although I'm still not sure about the 'trust' in the
> synopsis.

I'd like to avoid just saying "install".  This is a prompt that
comes up while the user is installing a package; asking if they
want to install the files that are part of that package is
confusing.  Of course it's clearer when there's room to say "in
directory foo", but even then there's the problem that merely
asking whether files should be put in a directory fails to convey
the significance of the decision.

We could try something like "include certificates in trusted
set", but on the whole I think this'll do - compare
 "Trust new certificates from certificate authorities?"
in (/var/lib/dpkg/info/)ca-certificates.templates.
 
>> Meanwhile in the control file...
>> 
>>> Package: igtf-policy-classic
>> [...]
>>> Description: IGTF classic profile for Authority Root Certificates
>> 
>> I know what a Root Certificate Authority is, and I can imagine what a
>> Root Authority Certificate might be, but what on earth is an
>> "Authority Root Certificate"?  Google shows me no hits that aren't
>> either copies of this text or random chunks out of the middle of some
>> longer string of nouns (usually "Something Certificate Authority
>> Root Certificate Something Somethings").  I strongly suspect this is
>> garbled and should be... um... "CA Root Certificates", perhaps?  Or
>> just "root certificates", since after all, that's what it calls them
>> below...
> 
> I think 'Certificate Authorities' is best. After all, not all these are
> in fact *Root* CAs. Some of them are intermediates.

So:
    Description: IGTF classic profile for Certificate Authorities

>>>  The International Grid Trust Federation (IGTF) maintains a common
>> 
>> There's another confusing issue here: http://www.igtf.net/ says the
>> IGTF is the "InterOPERABLE GLOBAL Trust Federation".  On the other
>> hand, the organisation's charter definitely calls it the InterNATIONAL
>> GRID Trust Federation.  Has it officially changed?
> 
> I could ask but I've never heard it referred to as Interoperable or Global.

I notice the HTML source on their homepage also has commented-out
mentions of the International Grid version... oh well, as long as
nobody's asking me to sign their GPG key.
 
>>    The International Grid Trust Federation (IGTF) maintains a common trust
>>    base for the benefit of distributed science and research computing
>>    infrastructures. It provides a list of accredited trust anchors, with
>>    root certificates, certificate revocation list locations, contact
>>    information, and signing policies.
> 
> Already much better!

"Distributed science and research computing infrastructures" is
still a bit unclear.  Plausible parsings include:
 * distributed-science and research-computing infrastructures
 * distributed-science-and-research computing-infrastructures
 * distributed science-and-research-computing infrastructures
Fortunately they're all much of a muchness...

>> [...]
>>> Package: igtf-policy-unaccredited
>> [...]
>>> Description: IGTF unaccredited Authority Root Certificates
>> 
>> If the certificates are unaccredited, what do they claim to certify?
>> Or is it talking about unaccredited CAs?
> 
> Yes, the CAs are unaccredited so it should probably read: "IGTF
> unaccredited Certificate Authorities"

And this brings it into line with the others.

Second draft changing just those synopses attached.
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ru igtf-policy-bundle-1.56.pristine/debian/control igtf-policy-bundle-1.56/debian/control
--- igtf-policy-bundle-1.56.pristine/debian/control	2014-04-17 15:23:47.000000000 +0100
+++ igtf-policy-bundle-1.56/debian/control	2014-04-30 12:25:36.537763697 +0100
@@ -14,13 +14,12 @@
 Depends: ${misc:Depends}
 Recommends: fetch-crl, openssl
 Suggests: ca-certificates
-Description: IGTF classic profile for Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF classic profile for Certificate Authorities
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
  .
  This package contains the trust anchors for the classic profile.
 
@@ -29,13 +28,12 @@
 Depends: ${misc:Depends}
 Recommends: fetch-crl, openssl
 Suggests: ca-certificates
-Description: IGTF MICS profile for Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF MICS profile for Certificate Authorities
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
  .
  This package contains the trust anchors for the MICS (Member Integrated
  Credential Services) profile.
@@ -45,13 +43,12 @@
 Depends: ${misc:Depends}
 Recommends: fetch-crl, openssl
 Suggests: ca-certificates
-Description: IGTF SLCS profile for Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF SLCS profile for Certificate Authorities
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
  .
  This package contains the trust anchors for the SLCS (Short Lived
  Credential Services) profile.
@@ -61,13 +58,12 @@
 Depends: ${misc:Depends}
 Recommends: openssl
 Suggests: ca-certificates
-Description: IGTF unaccredited Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF unaccredited Certificate Authorities
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
  .
  This package contains several unaccredited trust anchors. Use with
  caution, as they come without any guarantees.
@@ -77,13 +73,12 @@
 Depends: ${misc:Depends}
 Recommends: openssl
 Suggests: ca-certificates
-Description: IGTF experimental Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF experimental Certificate Authorities
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
  .
  This package contains several experimental trust anchors. Use with
  caution, as they come without any guarantees.
diff -ru igtf-policy-bundle-1.56.pristine/debian/templates.in igtf-policy-bundle-1.56/debian/templates.in
--- igtf-policy-bundle-1.56.pristine/debian/templates.in	2014-04-17 15:23:47.000000000 +0100
+++ igtf-policy-bundle-1.56/debian/templates.in	2014-04-29 20:46:16.984527381 +0100
@@ -1,23 +1,26 @@
 Template: igtf-policy-@PROFILE@/install_profile
 Type: boolean
 Default: true
-_Description: Install the IGTF @PROFILE@ CAs in /etc/grid-security/certificates?
- This package installs the IGTF CAs in /etc/grid-security/certificates.
- There are two ways to deal with these certificates:
- - yes: install all, except those in the exclude list
- - no: install only CAs in the include list.
- The include/exclude lists are covered by the next question.
+_Description: Trust IGTF @PROFILE@ CAs by default?
+ Trusted IGTF Certification Authority certificates are installed in
+ /etc/grid-security/certificates.
+ .
+ Accept this option to have certificates included by default unless they
+ are explicitly excluded. Reject it to choose the reverse policy,
+ excluding them unless explicitly included.
+ .
+ You will then have the opportunity to define the list of exceptions.
 
 Template: igtf-policy-@PROFILE@/exclude_ca
 Type: multiselect
 Choices: ${exclude_ca}
-_Description: Certificates to explicitly exclude
- Select which certificates should not be installed in
+_Description: Certificates to explicitly exclude:
+ Please select which certificates should not be installed in
  /etc/grid-security/certificates.
 
 Template: igtf-policy-@PROFILE@/include_ca
 Type: multiselect
 Choices: ${include_ca}
-_Description: Certificates to explicitly include
- Select which certificates should be installed in
+_Description: Certificates to explicitly include:
+ Please select which certificates should be installed in
  /etc/grid-security/certificates.

Template: igtf-policy-@PROFILE@/install_profile
Type: boolean
Default: true
_Description: Trust IGTF @PROFILE@ CAs by default?
 Trusted IGTF Certification Authority certificates are installed in
 /etc/grid-security/certificates.
 .
 Accept this option to have certificates included by default unless they
 are explicitly excluded. Reject it to choose the reverse policy,
 excluding them unless explicitly included.
 .
 You will then have the opportunity to define the list of exceptions.

Template: igtf-policy-@PROFILE@/exclude_ca
Type: multiselect
Choices: ${exclude_ca}
_Description: Certificates to explicitly exclude:
 Please select which certificates should not be installed in
 /etc/grid-security/certificates.

Template: igtf-policy-@PROFILE@/include_ca
Type: multiselect
Choices: ${include_ca}
_Description: Certificates to explicitly include:
 Please select which certificates should be installed in
 /etc/grid-security/certificates.

Source: igtf-policy-bundle
Section: misc
Priority: extra
Maintainer: Dennis van Dok <dennisvd@nikhef.nl>
Build-Depends: debhelper (>= 8.0.0), po-debconf
Standards-Version: 3.9.5
Homepage: http://www.igtf.net/
Vcs-Git: git://git@github.com:dvandok/igtf-policy-bundle.git
Vcs-Browser: https://github.com/dvandok/igtf-policy-bundle


Package: igtf-policy-classic
Architecture: all
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
Description: IGTF classic profile for Certificate Authorities
 The International Grid Trust Federation (IGTF) maintains a common trust
 base for the benefit of distributed science and research computing
 infrastructures. It provides a list of accredited trust anchors, with
 root certificates, certificate revocation list locations, contact
 information, and signing policies.
 .
 This package contains the trust anchors for the classic profile.

Package: igtf-policy-mics
Architecture: all
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
Description: IGTF MICS profile for Certificate Authorities
 The International Grid Trust Federation (IGTF) maintains a common trust
 base for the benefit of distributed science and research computing
 infrastructures. It provides a list of accredited trust anchors, with
 root certificates, certificate revocation list locations, contact
 information, and signing policies.
 .
 This package contains the trust anchors for the MICS (Member Integrated
 Credential Services) profile.

Package: igtf-policy-slcs
Architecture: all
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
Description: IGTF SLCS profile for Certificate Authorities
 The International Grid Trust Federation (IGTF) maintains a common trust
 base for the benefit of distributed science and research computing
 infrastructures. It provides a list of accredited trust anchors, with
 root certificates, certificate revocation list locations, contact
 information, and signing policies.
 .
 This package contains the trust anchors for the SLCS (Short Lived
 Credential Services) profile.

Package: igtf-policy-unaccredited
Architecture: all
Depends: ${misc:Depends}
Recommends: openssl
Suggests: ca-certificates
Description: IGTF unaccredited Certificate Authorities
 The International Grid Trust Federation (IGTF) maintains a common trust
 base for the benefit of distributed science and research computing
 infrastructures. It provides a list of accredited trust anchors, with
 root certificates, certificate revocation list locations, contact
 information, and signing policies.
 .
 This package contains several unaccredited trust anchors. Use with
 caution, as they come without any guarantees.

Package: igtf-policy-experimental
Architecture: all
Depends: ${misc:Depends}
Recommends: openssl
Suggests: ca-certificates
Description: IGTF experimental Certificate Authorities
 The International Grid Trust Federation (IGTF) maintains a common trust
 base for the benefit of distributed science and research computing
 infrastructures. It provides a list of accredited trust anchors, with
 root certificates, certificate revocation list locations, contact
 information, and signing policies.
 .
 This package contains several experimental trust anchors. Use with
 caution, as they come without any guarantees.

Reply to:

References:
- [ITR] templates://igtf-policy-bundle/{templates.in}
  - From: Christian PERRIER <bubulle@debian.org>
- [RFR] templates://igtf-policy-bundle/{templates.in}
  - From: Christian PERRIER <bubulle@debian.org>
- Re: [RFR] templates://igtf-policy-bundle/{templates.in}
  - From: Justin B Rye <justin.byam.rye@gmail.com>
- Re: Bug#745761: [RFR] templates://igtf-policy-bundle/{templates.in}
  - From: Dennis van Dok <dennisvd@nikhef.nl>

Prev by Date: Re: [RFR] templates://igtf-policy-bundle/{templates.in}
Next by Date: Re: Bug#745761: [RFR] templates://igtf-policy-bundle/{templates.in}
Previous by thread: Re: Bug#745761: [RFR] templates://igtf-policy-bundle/{templates.in}
Next by thread: Re: [RFR] templates://igtf-policy-bundle/{templates.in}
Index(es):
- Date
- Thread