Re: [RFR] templates://debian-security-support/{debian-security-support.templates}

[Justin B Rye <justin.byam.rye@gmail.com>]

Christian PERRIER wrote:
> Rationale:
> --- debian-security-support.old/debian/debian-security-support.templates	2014-05-17 08:16:08.229777212 +0200
> +++ debian-security-support/debian/debian-security-support.templates	2014-05-17 08:18:22.759776423 +0200
> @@ -1,18 +1,20 @@
>  Template: debian-security-support/ended
>  Type: text
> -_Description: Security support has ended for one or more packages
> +#flag:translate!:4
> +_Description: No more security support for one or more packages

This makes the warning messages for "ended" and "limited" support less
similar.  That's not necessarily a bad thing, I suppose.  I was thinking
translators might have less work to do if it's

   _Description: Ended security support for one or more packages

>   Unfortunately, security support for some packages needed to be stopped
>   before the end of the regular security maintenance life cycle.

No, "needed" is simple past, which implies that the situation
described (i.e. the need for curtailed security support) has ended;
what we want here is present perfect (the "has" construction), which
implies that the situation described has continuing relevance.

    Unfortunately, it has been necessary to end security support for some
    packages before the end of the regular security maintenance life cycle.

Likewise in the other template:

    Unfortunately, it has been necessary to limit security support for some
    packages.

>   .
> - The following packages found on your system are affected by this.
> + The following packages found on this system are affected by this:
>   .
>   ${MESSAGE}

I gather this template text is echoed by runtime messages from
binaries in the package (since there's a messages.po with the same
grammar problem).  Should I give you a patch for that too?

And the man page, if you like.  I see for a start there's confusion
about whether it's "check-support-status" or "check-supported-status".
Oh, and while I'm poking about outside the usual file list, I notice
kdelibs is listed twice in security-support-limited.

[...]
> -Description: Identify installed packages with ended/limited security support
> +Description: identify installed packages with ended/limited security support

Well, it's not a capitalised verb phrase any longer, but you haven't
managed to cram it into DevRef's preferred noun phrase format; that
would need something like
   Description: identifier for installed packages with ended/limited security support
Or maybe "detector"... but that's awkward.  How about:

   Description: security support coverage checker

> - For some Debian packages, maintaining security support is not
> + For some packages, maintaining security support is not
>   feasible for the planned life cycle. For other packages, security
>   support is limited, it does not cover the full feature set.

Talking about "the regular security maintenance life cycle" worked in
the templates, but here it's not clear what "life cycle" you're
talking about - it might be the "software life cycle" (from
proof-of-concept to mature project to death-by-bitrot) of the
packages.  And besides, once we start setting things up to allow an
oldstable-LTS with incomplete security coverage, surely that *is* the
planned security maintenance life cycle?

Then the second sentence has a "comma splice", and it's not 100% clear
that "the full feature set" is talking about features of the software.

> Unbrand the package description which makes it more easily usable by
> derivative distributions (that's debatable because of the package name
> itself but it doesn't really hurt anyway)

In fact that's a bit of a problem, since the cycle we're talking about
is the Debian release cycle.  But maybe we can say:

    For some packages, it is not feasible to maintain full security
    support for all use cases through the full distribution release
    cycle.

This (like my revised synopsis) loses the idea that "ended" and
"limited" support are treated as separate issues, but that's
introduced in the next paragraph anyway.

>  This package provides a program to identify installed packages
>  where support had to be ended prematurely or is limited, and alerts
>  the administrator in that case.

The same problem with simple-past "had to".

   This package provides a program to identify installed packages for
   which support has had to be limited or prematurely ended, and to
   alert the administrator.

Do I understand that it does this by *containing lists* of packages
with such limits?  Okay, so if LibreOffice (say) declares that the
version of their software in stable is now unsupported, how is that
information going to reach users who have debian-security-support
already installed (apart from "via the security mailinglists they
should also be subscribed to", that is)?  I would have expected this
package to have a cron-job downloading new lists and comparing them to
"dpkg -l" output, or maybe to receive package updates via the security
repository and automatically check for alerts via an apt hook.  But
instead it seems to be essentially manual - is that correct?

If you don't want intemperate bug reports from people who guessed
wrong, you ought to answer this question in the package description.
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff -ru debian-security-support-2014.05.16.pristine/debian/control debian-security-support-2014.05.16/debian/control
--- debian-security-support-2014.05.16.pristine/debian/control	2014-05-16 20:10:28.000000000 +0100
+++ debian-security-support-2014.05.16/debian/control	2014-05-17 12:03:26.984812535 +0100
@@ -17,11 +17,11 @@
 Depends: ${misc:Depends},
     adduser,
     gettext-base,
-Description: Identify installed packages with ended/limited security support
- For some Debian packages, maintaining security support is not
- feasible for the planned life cycle. For other packages, security
- support is limited, it does not cover the full feature set.
+Description: security support coverage checker
+ For some packages, it is not feasible to maintain full security
+ support for all use cases through the full distribution release
+ cycle.
  .
- This package provides a program to identify installed packages
- where support had to be ended prematurely or is limited, and alerts
- the administrator in that case.
+ This package provides a program to identify installed packages for
+ which support has had to be limited or prematurely ended, and to
+ alert the administrator.
diff -ru debian-security-support-2014.05.16.pristine/debian/debian-security-support.templates debian-security-support-2014.05.16/debian/debian-security-support.templates
--- debian-security-support-2014.05.16.pristine/debian/debian-security-support.templates	2014-04-06 18:57:13.000000000 +0100
+++ debian-security-support-2014.05.16/debian/debian-security-support.templates	2014-05-17 11:49:12.989568117 +0100
@@ -1,18 +1,21 @@
 Template: debian-security-support/ended
 Type: text
-_Description: Security support has ended for one or more packages
- Unfortunately, security support for some packages needed to be stopped
- before the end of the regular security maintenance life cycle.
+#flag:translate!:4
+_Description: Ended security support for one or more packages
+ Unfortunately, it has been necessary to end security support for some
+ packages before the end of the regular security maintenance life cycle.
  .
- The following packages found on your system are affected by this.
+ The following packages found on this system are affected by this:
  .
  ${MESSAGE}
 
 Template: debian-security-support/limited
 Type: text
-_Description: Security support is limited for one or more packages
- Unfortunately, security support for some packages had to be limited.
+#flag:translate!:4
+_Description: Limited security support for one or more packages
+ Unfortunately, it has been necessary to limit security support for some
+ packages.
  .
- The following packages found on your system are affected by this.
+ The following packages found on this system are affected by this:
  .
  ${MESSAGE}

Template: debian-security-support/ended
Type: text
#flag:translate!:4
_Description: Ended security support for one or more packages
 Unfortunately, it has been necessary to end security support for some
 packages before the end of the regular security maintenance life cycle.
 .
 The following packages found on this system are affected by this:
 .
 ${MESSAGE}

Template: debian-security-support/limited
Type: text
#flag:translate!:4
_Description: Limited security support for one or more packages
 Unfortunately, it has been necessary to limit security support for some
 packages.
 .
 The following packages found on this system are affected by this:
 .
 ${MESSAGE}

Source: debian-security-support
Section: admin
Priority: optional
Maintainer: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Uploaders: Debian Security Team <team@security.debian.org>
Build-Depends: debhelper (>= 8~),
    asciidoc,
    gettext,
    libfile-slurp-perl,
    libtest-command-perl,
    libtest-differences-perl,
    xmlto,
Standards-Version: 3.9.5

Package: debian-security-support
Architecture: all
Depends: ${misc:Depends},
    adduser,
    gettext-base,
Description: security support coverage checker
 For some packages, it is not feasible to maintain full security
 support for all use cases through the full distribution release
 cycle.
 .
 This package provides a program to identify installed packages for
 which support has had to be limited or prematurely ended, and to
 alert the administrator.