Quoting Jonathan Wiltshire ([email protected]): There are spaces problems in the review. Please read on:
> Template: strongswan/rsa_key_length
> Type: string
> Default: 2048
> -_Description: The length of the created RSA key (in bits):
> - Please enter the length of the created RSA key. It should not be less than
> - 1024 bits because this should be considered unsecure and you will probably
> - not need anything more than 2048 bits because it only slows the
> - authentication process down and is not needed at the moment.
> +_Description: RSA key length:
> + Please enter the length of RSA key you wish to generate. A value of less
> than
> + 1024 bits is not considered secure. A value of more than 2048 bits will
> + probably affect performance.
If afraid there are two problems in that chunuk...which I didn't
notice during the review.
Two lines end have a space at the end of the line:
> + Please enter the length of RSA key you wish to generate. A value of less
> than
^
> + 1024 bits is not considered secure. A value of more than 2048 bits will
^
>
> Template: strongswan/x509_self_signed
> Type: boolean
> Default: true
> -_Description: Do you want to create a self-signed X.509 certificate?
> - This installer can only create self-signed X.509 certificates
> +_Description: Create a self-signed X.509 certificate?
> + Only self-signed X.509 certificates can be created
> automatically, because otherwise a certificate authority is needed to sign
> - the certificate request. If you want to create a self-signed certificate,
> - you can use it immediately to connect to other IPSec hosts that support
> - X.509 certificate for authentication of IPSec connections. However, if you
> - want to use the new PKI features of strongSwan >= 1.91, you will need to
> - have all X.509 certificates signed by a single certificate authority to
> - create a trust path.
> - .
> - If you do not want to create a self-signed certificate, then this
> - installer will only create the RSA private key and the certificate request
> - and you will have to get the certificate request signed by your certificate
> + the certificate request.
^
Another (less important)
> + .
> + If you accept this option, the certificate created can be used
> + immediately to connect to other IPSec hosts that support authentication via
> + an X.509 certificate. However, using strongSwan's PKI features requires a
> + a trust path to be created by having all X.509 certificates signed by a
> single
> authority.
> + .
> + If you do not accept this option, only the RSA private key will be created,
> + along with a certificate request which you will need to have signed by a
^
> + certificate authority.
Another
>
> Template: strongswan/x509_country_code
> Type: string
> Default: AT
> _Description: Country code for the X.509 certificate request:
> - Please enter the 2 letter country code for your country. This code will be
> - placed in the certificate request.
> - .
> - You really need to enter a valid country code here, because openssl will
> - refuse to generate certificates without one. An empty field is allowed for
> - any other field of the X.509 certificate, but not for this one.
> + Please enter the two-letter ISO3166 country code that should be
> + used in the certificate request.
> .
> - Example: AT
> + This field is mandatory; otherwise a certificate cannot be generated.
>
> Template: strongswan/x509_state_name
> Type: string
> Default:
> _Description: State or province name for the X.509 certificate request:
> - Please enter the full name of the state or province you live in. This name
> - will be placed in the certificate request.
> - .
> - Example: Upper Austria
> + Please enter the full name of the state or province to include in
> + the certificate request.
>
> Template: strongswan/x509_locality_name
> Type: string
> Default:
> _Description: Locality name for the X.509 certificate request:
> - Please enter the locality (e.g. city) where you live. This name will be
> - placed in the certificate request.
> - .
> - Example: Vienna
> + Please enter the locality name (often a city)
> + that should be used in the certificate request.
>
> Template: strongswan/x509_organization_name
> Type: string
> Default:
> _Description: Organization name for the X.509 certificate request:
> - Please enter the organization (e.g. company) that the X.509 certificate
> - should be created for. This name will be placed in the certificate
> - request.
> - .
> - Example: Debian
> + Please enter the organization name (often a company)
>
> Template: strongswan/x509_organizational_unit
> Type: string
> Default:
> _Description: Organizational unit for the X.509 certificate request:
> - Please enter the organizational unit (e.g. section) that the X.509
> - certificate should be created for. This name will be placed in the
> - certificate request.
> - .
> - Example: security group
> + Please enter the organizational unit name (often a department)
^
Another
>
> Template: strongswan/x509_common_name
> Type: string
> Default:
> _Description: Common name for the X.509 certificate request:
> - Please enter the common name (e.g. the host name of this machine) for
> - which the X.509 certificate should be created for. This name will be placed
> - in the certificate request.
> - .
> - Example: gateway.debian.org
> + Please enter the common name (such as the host name of this machine)
> + that should be used in the certificate request.
>
> Template: strongswan/x509_email_address
> Type: string
> Default:
> _Description: Email address for the X.509 certificate request:
> - Please enter the email address of the person or organization who is
> - responsible for the X.509 certificate. This address will be placed in the
> - certificate request.
> + Please enter the email address (for the individual or organization
> responsible)
> + that should be used in the certificate request.
>
> Template: strongswan/enable-oe
> Type: boolean
> Default: false
> -_Description: Do you wish to enable opportunistic encryption in strongSwan?
> - strongSwan comes with support for opportunistic encryption (OE), which
> stores
> - IPSec authentication information (i.e. RSA public keys) in (preferably
> - secure) DNS records. Until this is widely deployed, activating it will
> - cause a significant slow-down for every new, outgoing connection. Since
> - version 2.0, strongSwan upstream comes with OE enabled by default and is
> thus
> - likely to break your existing connection to the Internet (i.e. your default
> - route) as soon as pluto (the strongSwan keying daemon) is started.
> - .
> - Please choose whether you want to enable support for OE. If unsure, do not
> - enable it.
> +_Description: Enable opportunistic encryption?
> + This version of strongSwan supports opportunistic encryption (OE), which
> stores
> + IPSec authentication information in
> + DNS records. Until this is widely deployed, activating it will
> + cause a significant delay for every new outgoing connection.
^
I suggest *not* correcting the extra spaces at the end of paragraphs
but correcting those at the end of lines. They are indeed meaning ful
and that will lead to double spaces in templates.
Unfortunately, that will break out translations as translators will
work on files where msgids have the double spaces.....so when you
merge the translations in after correcting the mistake and running
debconf-updatepo....those translations that were complete...will be
fuzzied.
They of course can be unfuzzied as the extra spaces obviously do not
affect translations. However, this has to be done very carefully: you
can't unfuzzy ALL PO files...but only those was have been updated
after the call for translations.
The right way to unfuzzy a PO file is:
msgattrib --clear-fuzzy foo.po >bar.po
Again, you should do this *only* on translations that were sent
complete.
When that happens (it happens also to me), I generally do this in my
private copy of the package tree as long as translations arrive in the
BTS....
At the end of the call for translation, I send a batch of updates to
the maintainer in the templates review bug report and urge him|her to
use *my* PO files and not those sent by translators.
Bad luck for your first attempt to go through a full review,
Jonathan..:-)
signature.asc
Description: Digital signature
