tags #541631 confirmed pending thanks On Sat, Aug 15, 2009 at 02:26:47AM +0200, Christoph Anton Mitterer wrote: > You may replace the current /etc/apg.conf with the attached one, which > provides some reasonable examples and another default.
Done. > The reason for replaceing -s by -c /dev/urandom: > I think without options, apg should be used "interactively",... but I doubt > that any user really want's to enter some characters there... > At least I do always just press return ;) Makes sense. > Using more characters is also reasonable for security, IMHO. A user can > still just copy&paste parts of the password. Also makes sense. > -n 6 and -a 0 are default anyway (at least according to the manpage, so I've > removed them. Verified in source, agreed. > Another idea would be to make apg.conf configurable via debconf, would be > nice to see :) I'm not going to do that for a dead upstream program. Please feel free to provide a patch and offer to help with committing translations etc. > Apart from that: The default listed in the manpage "apg -a 0 -M sncl -n 6 -x > 10 -m 8 (new style)" seems to be neither what is in the current apg.conf, > nor what apg does when that value is commented out (e.g. at least -t is also > done in that case). > So please clarify this what really happens (if the default is solely defined > by apg.conf, or if there's another internal default). there are defaults in the code, I have tried verified them as -a 0 -M sncl -n 6 -x 10 -m 8 -e (unset) -r (unset) -b (unset) -p (unset) -l (unset) -s (unset) -c (unset) -d (unset) -q (unset) -y (unset) -t (unset) but my understanding of the code in apg.c is low I am not going to change the man page though since your observation that -t is done, but I don't see any code setting hyph_req_present to a non-FALSE value other than if -t is found on the command line. Greetings Marc
