Bug#832611: ITP: tinyssh -- Tiny SSH server

To: Jan Mojzis <jan.mojzis@gmail.com>, 832611@bugs.debian.org
Subject: Bug#832611: ITP: tinyssh -- Tiny SSH server
From: Konstantin Khomoutov <flatworm@users.sourceforge.net>
Date: Wed, 27 Jul 2016 18:57:17 +0300
Message-id: <[🔎] 20160727185717.80d413e62a2bc387e4bd67bd@domain007.com>
Reply-to: Konstantin Khomoutov <flatworm@users.sourceforge.net>, 832611@bugs.debian.org
In-reply-to: <[🔎] 20160727141337.3358.45150.reportbug@apache.kobka>
References: <[🔎] 20160727141337.3358.45150.reportbug@apache.kobka>

On Wed, 27 Jul 2016 16:13:37 +0200
Jan Mojzis <jan.mojzis@gmail.com> wrote:

[...]
> This is tiny SSH server which implement 'less'.

This phrase reads as if that SSH server implements "less" which is a
well-known piece of software implementing full-screen paging on a
terminal.  I would hence rephrase this:

"TinySSH is a minimalistic SSH server which implements only a subset of
SSHv2 features".

> TinySSH supports only secure crypto (min 128-bit security,
> protected against cache-timing attacks).
> Unnecessary features (such SSH1 protocol, compression, scp,
> sftp,

Oh, really?  SFTP is pretty much the sole sensible way to get a file
uploaded to a remote server these days, or fetch something back.
I do understand the goals of your project reflect your own use cases
but the package description must be ambivalent which means it's not
you who decides which features are necessary and which are not.

So "Unnecessary" is supposedly not the correct word to use here,
and I would actually reverse the narration:
1) After the short description, state what the server does support.
2) Then state what is omitted.

> ...), unsafe crypto (such rsa, dsa, hmac-md5, hmac-sha1, 3des,
> arcfour, ...) and unsafe features (such password or hostbased
> authentication) are simply NOT implemented.

"such" in these cases requires "as" to become "such as".
The phrase would become "... unsafe crypto (such as rsa, dsa, ...)".

> TinySSH has less than 100000 words of code, so it's very easy
> auditable.

Please change to "... very easily auditable".

On the other hand, there are two problems with this phrase.

1) It's quite subjective: "words of code" (by the way, what's this?
   typically, people tend to measure lines of code) is too abstract.
   100k words of tangled mess might be harder to audit than 200k words
   of lucid code, you know ;-)

2) "Auditable" is not "audited".  OpenSSH might be N times larger,
   but it was audited, and actually is under constant scrutiny of
   various folks.

Hence I'd just drop this bit or at least change it to something like
"...should be relatively easy to audit".

Overall, please comb the description text to replace abbreviations
(crypto → cryptography, min → minimal / minimum / whatever applicable
etc) and refrain from "it's" in place of "it is".

Reply to:

References:
- Bug#832611: ITP: tinyssh -- Tiny SSH server
  - From: Jan Mojzis <jan.mojzis@gmail.com>

Prev by Date: Bug#832611: ITP: tinyssh -- Tiny SSH server
Next by Date: Processed: ITP: android-platform-external-jsilver -- Pure-Java implementation of Clearsilver
Previous by thread: Bug#832611: ITP: tinyssh -- Tiny SSH server
Next by thread: Bug#832613: ITP: kronatools -- explore hierarchical metagenomic data with zoomable pie charts
Index(es):
- Date
- Thread