Brian, thanks for your thorough explanation. I tend to approve this, because I know that most other programs don't translate debug messages and it wouldn't be fair to disadvantage you for doing this. Formally, we need a second approval though. And please, next time ask before committing!
Regards, Claude Le mercredi 10 octobre 2007 à 12:36 -0500, Brian Cameron a écrit : > Claude/Others: > > Apologies for breaking string freeze in GDM 2.20. However, I think that > this change is acceptable for the following reasons, mainly reason #2 > which is a security issue. I think, in this case, security trumps > translation. However, I do recognize that I should have sent an email > to the gnome-i18n list to let people know about this change. Sorry for > not doing that. > > 1) These strings are in debug messages, which are only used when debug > is turned on. These debug messages are sent to the system log > (/var/log/messages or /var/adm/messages depending on your OS). > > I am not sure it really adds value to even translate such debug > messages anyway. When people provide debug logs to bugzilla, etc. > translated messages can make it harder for the people who maintain > GDM, who typically speak English, to help debug the problem. > > 2) These messages replaced older messages which included the login user > in the message. Bugzilla bug #484750 pointed out that if a user > were to, by accident, type their password into the username field > that this would cause their password to get logged to syslog, which > we should avoid doing ever. > > 3) These debug messages are only used when the user configures GDM > to use crypt or shadow passwords, which are not typically used. > Most users use PAM. So these messages only affect a small number > of GDM users. The commonly used PAM code is smarter about not ever > logging the username to the system log. > > I recommend that we not worry about whether these debug messages are > translated. Or, I can change these strings so they aren't marked for > translation if that makes things easier. As I said, I don't think it > adds any significant value to translate these messages. Or, I could > remove the messages completely from the code if people think that is > a better choice. > > Since this affects security, it might also make sense to backport > a similar change to older GDM releases. I'm not sure if there are > distros/people out there who configure/use older versions of GDM with > shadow/crypt passwords. If so, let me know and I can make a release > of older versions of GDM's with this security issue fixed. > > Please advise if you think further work is needed to fix this issue > properly. > > The GDM documentation recommends that people not leave on debug, and > I would like to further stress that users who have configured GDM > to use shadow/crypt passwords should ensure that they have debug > turned off to avoid this sort of problem. Debug is only intended to > be used briefly when trying to figure out why GDM may not be > functioning properly. > > Brian > > > > Le mercredi 10 octobre 2007 à 01:19 +0100, GNOME Status Pages a écrit : > >> This is an automatic notification from status generation scripts on: > >> http://l10n.gnome.org/. > >> > >> There have been following string additions to module 'gdm2.gnome-2-20': > >> > >> + "Cannot get passwd structure for user" > >> + "Cannot get passwd structure" > >> + "Cannot set user group" > >> + "User not allowed to log in" > >> + "User password has expired" > >> > >> Note that this doesn't directly indicate a string freeze break, but it > >> might be worth investigating. > > > > Hi Brian, > > > > This seems to be clearly a string freeze breakage (from verify-crypt.c). > > Could you please revert the changes, and explains to the list why you > > think this should really go into gnome-2-20 branch? > > > > Regards, > > > > Claude > > _______________________________________________ gnome-i18n mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-i18n
