I suspect you'll see a second draft of this...
Christian PERRIER wrote:
> Rationale:
> --- igtf-policy-bundle.old/debian/templates.in 2014-04-24
> 08:41:06.143267631 +0200
> +++ igtf-policy-bundle/debian/templates.in 2014-04-29 19:07:52.910508550
> +0200
> @@ -1,23 +1,27 @@
> Template: igtf-policy-@PROFILE@/install_profile
> Type: boolean
> Default: true
> -_Description: Install the IGTF @PROFILE@ CAs in
> /etc/grid-security/certificates?
> - This package installs the IGTF CAs in /etc/grid-security/certificates.
> - There are two ways to deal with these certificates:
> - - yes: install all, except those in the exclude list
> - - no: install only CAs in the include list.
> - The include/exclude lists are covered by the next question.
> +_Description: Install the IGTF @PROFILE@ CA certificates in
> /etc/grid-security/certificates?
This could get a bit long if the profiles can have names like
"unaccredited" (looks like they can). Does it really need to specify
the install path here? I'd suggest moving that to the long
description only. And the long description should probably also
mention the effect produced by putting the files in this location
(that is, it means they're trusted).
> + This package installs the IGTF Certification Authority certificates in
> /etc/grid-security/certificates.
Maybe:
Please specify whether the IGTF Certification Authority certificates for
the @PROFILE@ profile should be installed as trusted in
/etc/grid-security/certificates.
> + .
> + If you choose this option, all certificates will be installed, except
> + those in the "exclude" list.
> + .
> + If you do not choose this option, only
> + certificates from the "include" list will be installed.
> + .
> + You will then have the opportunity to define the relevant list.
Wait, wait, wait. Is that what the original is saying? I thought it
was just asking whether the files should be installed (after all,
that's what the question in the synopsis asks), with a secondary
warning that there would be some sort of subsequent question about
whether the default policy should be inclusive or exclusive. But sure
enough, there doesn't seem to *be* any such follow-up question.
> This question must be entirely rephrase, imho, for various reasons:
>
> - debconf questions should not make reference to debconf widgets
> ("Yes" or "No" answers) as the exact way those are presented to users
> depends on the type of interface used for debconf....and the
> translation of the slang package (Yes or No may be localized...or not)
>
> The usual way to work this around is to use the "If you choose this
> option" formula as I did.
>
> - Using multiple paragraphs improves readability. Morevoer, the
> original template was using a non hardcoded "bullet" list and,
> therefore, the template probably looks weird on some interfaces.
I was thinking it could be boiled down to a single sentence along the
lines of "(deciding) whether certificates should be included by
default unless explicitly excluded, or vice versa." But perhaps that
might be too compressed.
> - Rephrasing the sentence mentioning the opportunity to tune lists
> should also avoid reference to the way the question will be asked.
>
> Il also made sure that "CA" is explained at least once.
Rethinking what the actual question is... should it perhaps be
_Description: Trust IGTF @PROFILE@ CAs by default?
Trusted IGTF Certification Authority certificates are installed in
/etc/grid-security/certificates.
.
Accept this option to have certificates included by default unless they
are explicitly excluded. Reject it to choose the reverse policy,
excluding them unless explicitly included.
.
You will then have the opportunity to define the list of exceptions.
(Or perhaps this is analogous to the ca-certificates debconf prompt
that asks "Trust new certificates from certificate authorities?"
If so, we've already got translations for that.)
>
> Template: igtf-policy-@PROFILE@/exclude_ca
> Type: multiselect
> Choices: ${exclude_ca}
> -_Description: Certificates to explicitly exclude
> - Select which certificates should not be installed in
> +_Description: Certificates to explicitly exclude:
> + Please select which certificates should not be installed in
> /etc/grid-security/certificates.
>
> Select and Multiselect templates should use a colon for the synopsis.
>
> We also standardized on "Please select" for such questions..
>
>
> Template: igtf-policy-@PROFILE@/include_ca
> Type: multiselect
> Choices: ${include_ca}
> -_Description: Certificates to explicitly include
> - Select which certificates should be installed in
> +_Description: Certificates to explicitly include:
> + Please select which certificates should be installed in
> /etc/grid-security/certificates.
>
> Ditto.
Well, these make sense.
Meanwhile in the control file...
> Package: igtf-policy-classic
[...]
> Description: IGTF classic profile for Authority Root Certificates
I know what a Root Certificate Authority is, and I can imagine what a
Root Authority Certificate might be, but what on earth is an
"Authority Root Certificate"? Google shows me no hits that aren't
either copies of this text or random chunks out of the middle of some
longer string of nouns (usually "Something Certificate Authority
Root Certificate Something Somethings"). I strongly suspect this is
garbled and should be... um... "CA Root Certificates", perhaps? Or
just "root certificates", since after all, that's what it calls them
below...
> The International Grid Trust Federation (IGTF) maintains a common
There's another confusing issue here: http://www.igtf.net/ says the
IGTF is the "InterOPERABLE GLOBAL Trust Federation". On the other
hand, the organisation's charter definitely calls it the InterNATIONAL
GRID Trust Federation. Has it officially changed?
(My patch sticks to the "-national Grid" version.)
> trust base for the benefit of distributed science and research
> computing infrastructures by maintaining a list of trust anchors, for
> accredited authorities. The distribution contains root certificates,
> certificate revocation list (CRL) locations, contact information, and
> signing policies.
> .
> This package contains the trust anchors for the classic profile.
Talking about maintaining an esoteric thing by maintaining a list of
esoteric things is awkward. And does "for accredited authorities"
mean:
a) it maintains the list on behalf of these authorities, or
b) the trust anchors are for the use of accredited authorities, or
c) the listed trust anchors constitute accredited authorities?
>From context I think it's meant to be (c), but I'm not sure that's
grammatical.
Then, mentioning the contents of the upstream "distribution" can be a
bit confusing from the point of view of someone who's trying to work
out what's in a Debian package. If I'm understanding it correctly
then this boilerplate paragraph might be more readable as:
The International Grid Trust Federation (IGTF) maintains a common trust
base for the benefit of distributed science and research computing
infrastructures. It provides a list of accredited trust anchors, with
root certificates, certificate revocation list locations, contact
information, and signing policies.
[...]
> Package: igtf-policy-unaccredited
[...]
> Description: IGTF unaccredited Authority Root Certificates
If the certificates are unaccredited, what do they claim to certify?
Or is it talking about unaccredited CAs?
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
diff -ru igtf-policy-bundle-1.56.pristine/debian/control
igtf-policy-bundle-1.56/debian/control
--- igtf-policy-bundle-1.56.pristine/debian/control 2014-04-17
15:23:47.000000000 +0100
+++ igtf-policy-bundle-1.56/debian/control 2014-04-29 20:32:54.071054133
+0100
@@ -14,13 +14,12 @@
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
-Description: IGTF classic profile for Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF classic profile for root certificates
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
.
This package contains the trust anchors for the classic profile.
@@ -29,13 +28,12 @@
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
-Description: IGTF MICS profile for Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF MICS profile for root certificates
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
.
This package contains the trust anchors for the MICS (Member Integrated
Credential Services) profile.
@@ -45,13 +43,12 @@
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
-Description: IGTF SLCS profile for Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF SLCS profile for root certificates
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
.
This package contains the trust anchors for the SLCS (Short Lived
Credential Services) profile.
@@ -61,13 +58,12 @@
Depends: ${misc:Depends}
Recommends: openssl
Suggests: ca-certificates
-Description: IGTF unaccredited Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF unaccredited root certificates
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
.
This package contains several unaccredited trust anchors. Use with
caution, as they come without any guarantees.
@@ -77,13 +73,12 @@
Depends: ${misc:Depends}
Recommends: openssl
Suggests: ca-certificates
-Description: IGTF experimental Authority Root Certificates
- The International Grid Trust Federation (IGTF) maintains a common
- trust base for the benefit of distributed science and research
- computing infrastructures by maintaining a list of trust anchors, for
- accredited authorities. The distribution contains root certificates,
- certificate revocation list (CRL) locations, contact information, and
- signing policies.
+Description: IGTF experimental root certificates
+ The International Grid Trust Federation (IGTF) maintains a common trust
+ base for the benefit of distributed science and research computing
+ infrastructures. It provides a list of accredited trust anchors, with
+ root certificates, certificate revocation list locations, contact
+ information, and signing policies.
.
This package contains several experimental trust anchors. Use with
caution, as they come without any guarantees.
diff -ru igtf-policy-bundle-1.56.pristine/debian/templates.in
igtf-policy-bundle-1.56/debian/templates.in
--- igtf-policy-bundle-1.56.pristine/debian/templates.in 2014-04-17
15:23:47.000000000 +0100
+++ igtf-policy-bundle-1.56/debian/templates.in 2014-04-29 20:46:16.984527381
+0100
@@ -1,23 +1,26 @@
Template: igtf-policy-@PROFILE@/install_profile
Type: boolean
Default: true
-_Description: Install the IGTF @PROFILE@ CAs in
/etc/grid-security/certificates?
- This package installs the IGTF CAs in /etc/grid-security/certificates.
- There are two ways to deal with these certificates:
- - yes: install all, except those in the exclude list
- - no: install only CAs in the include list.
- The include/exclude lists are covered by the next question.
+_Description: Trust IGTF @PROFILE@ CAs by default?
+ Trusted IGTF Certification Authority certificates are installed in
+ /etc/grid-security/certificates.
+ .
+ Accept this option to have certificates included by default unless they
+ are explicitly excluded. Reject it to choose the reverse policy,
+ excluding them unless explicitly included.
+ .
+ You will then have the opportunity to define the list of exceptions.
Template: igtf-policy-@PROFILE@/exclude_ca
Type: multiselect
Choices: ${exclude_ca}
-_Description: Certificates to explicitly exclude
- Select which certificates should not be installed in
+_Description: Certificates to explicitly exclude:
+ Please select which certificates should not be installed in
/etc/grid-security/certificates.
Template: igtf-policy-@PROFILE@/include_ca
Type: multiselect
Choices: ${include_ca}
-_Description: Certificates to explicitly include
- Select which certificates should be installed in
+_Description: Certificates to explicitly include:
+ Please select which certificates should be installed in
/etc/grid-security/certificates.
Template: igtf-policy-@PROFILE@/install_profile
Type: boolean
Default: true
_Description: Trust IGTF @PROFILE@ CAs by default?
Trusted IGTF Certification Authority certificates are installed in
/etc/grid-security/certificates.
.
Accept this option to have certificates included by default unless they
are explicitly excluded. Reject it to choose the reverse policy,
excluding them unless explicitly included.
.
You will then have the opportunity to define the list of exceptions.
Template: igtf-policy-@PROFILE@/exclude_ca
Type: multiselect
Choices: ${exclude_ca}
_Description: Certificates to explicitly exclude:
Please select which certificates should not be installed in
/etc/grid-security/certificates.
Template: igtf-policy-@PROFILE@/include_ca
Type: multiselect
Choices: ${include_ca}
_Description: Certificates to explicitly include:
Please select which certificates should be installed in
/etc/grid-security/certificates.
Source: igtf-policy-bundle
Section: misc
Priority: extra
Maintainer: Dennis van Dok <denni...@nikhef.nl>
Build-Depends: debhelper (>= 8.0.0), po-debconf
Standards-Version: 3.9.5
Homepage: http://www.igtf.net/
Vcs-Git: git://g...@github.com:dvandok/igtf-policy-bundle.git
Vcs-Browser: https://github.com/dvandok/igtf-policy-bundle
Package: igtf-policy-classic
Architecture: all
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
Description: IGTF classic profile for root certificates
The International Grid Trust Federation (IGTF) maintains a common trust
base for the benefit of distributed science and research computing
infrastructures. It provides a list of accredited trust anchors, with
root certificates, certificate revocation list locations, contact
information, and signing policies.
.
This package contains the trust anchors for the classic profile.
Package: igtf-policy-mics
Architecture: all
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
Description: IGTF MICS profile for root certificates
The International Grid Trust Federation (IGTF) maintains a common trust
base for the benefit of distributed science and research computing
infrastructures. It provides a list of accredited trust anchors, with
root certificates, certificate revocation list locations, contact
information, and signing policies.
.
This package contains the trust anchors for the MICS (Member Integrated
Credential Services) profile.
Package: igtf-policy-slcs
Architecture: all
Depends: ${misc:Depends}
Recommends: fetch-crl, openssl
Suggests: ca-certificates
Description: IGTF SLCS profile for root certificates
The International Grid Trust Federation (IGTF) maintains a common trust
base for the benefit of distributed science and research computing
infrastructures. It provides a list of accredited trust anchors, with
root certificates, certificate revocation list locations, contact
information, and signing policies.
.
This package contains the trust anchors for the SLCS (Short Lived
Credential Services) profile.
Package: igtf-policy-unaccredited
Architecture: all
Depends: ${misc:Depends}
Recommends: openssl
Suggests: ca-certificates
Description: IGTF unaccredited root certificates
The International Grid Trust Federation (IGTF) maintains a common trust
base for the benefit of distributed science and research computing
infrastructures. It provides a list of accredited trust anchors, with
root certificates, certificate revocation list locations, contact
information, and signing policies.
.
This package contains several unaccredited trust anchors. Use with
caution, as they come without any guarantees.
Package: igtf-policy-experimental
Architecture: all
Depends: ${misc:Depends}
Recommends: openssl
Suggests: ca-certificates
Description: IGTF experimental root certificates
The International Grid Trust Federation (IGTF) maintains a common trust
base for the benefit of distributed science and research computing
infrastructures. It provides a list of accredited trust anchors, with
root certificates, certificate revocation list locations, contact
information, and signing policies.
.
This package contains several experimental trust anchors. Use with
caution, as they come without any guarantees.
