[pkg] CurveDNS - review

Lukas Schwaighofer lukas at schwaighofer.name
Thu Jun 29 21:02:46 UTC 2017 

On Thu, 29 Jun 2017 14:45:52 +0200
Stéphane Neveu <stefneveu at gmail.com> wrote:

> Hi Lukas,
> 
> 2017-06-29 10:03 GMT+02:00 Lukas Schwaighofer
> <lukas at schwaighofer.name>:
> > Hi,
> >
> > debian/copyright file has a few syntax errors.  You can use the
> > `cme` tool to help you spot the errors.
> >
> > $ cd path/to/curvedns/package/dir
> > $ cme check dpkg
> > File debian/copyright line 27 has a syntax error:
> > (...)
> >  
> 
> I've corrected the error but now I have another one and I do not know
> what it means :
> checking data
> Configuration item 'copyright Files:"*" License short_name' has a
> wrong value: Undefined mandatory value.

It means that the block starting with "Files: *" has a wrong value for
the "License:" field.  The problem is that the field is undefined (i.e.
missing) even though it's mandatory.

The solution for this particular problem is to remove the empty line so
the two parts of what you wanted to be the same block actually become
the same block.

There is one more syntax error, please fix that as well (`cme` will tell
you once you've fixed the first one).

Btw: You can still have the clauses of the BSD-2-clause license as
bullet points (marked with * and indented) and I think you should.  You
just have to make sure that there are no empty lines (instead lines
that contain the indented dot).

> I have also
> - updated the manpages to remove any references to the
> /etc/default/cirvedns file.
> - updated curvedns.README.Debian, tell me if it's sound better to you
> now ?

Yes, I think the contents is okay now.  Please wrap the text to at
most 80 characters per line for better terminal readability.  Some more
content suggestions:

You can drop the "information on libsodium" part, and instead just write
something short similar to:

    Debian's version of curvedns is not linked against NaCl but uses
    Sodium.  Sodium is a API compatible fork of NaCl available as
    shared library.

Anyone who wants to read up on Sodium can do so themselves (we focus
on highlighting the important differences only).

Your note regarding dpkg-reconfigure could be more positive ("will not
work" sounds like it's broken and you need to fix it).  I'd say
something like:

    You can use `dpkg-reconfigure curvedns` to perform a key rollover.
    It will generate a new key only if the file /etc/curvedns/PRIVKEY
    does not exist, otherwise it will do nothing.

> - merged both pubkey formats into one /etc/curvedns/README file
> Do I need to add some comments here or would it be redondant with the
> README.Debian ?
> If yes, maybe I should save both public keys in a file called pubkey
> for example and add a static README here ?

Let's go with something like:

  cat <<EOF > /etc/curvedns/README
Your DNScurve public key is

  $DNSPUBKEY (DNS encoding)
  $HEXPUBKEY (hexadecimal)

You need to publish this public key as part of your authoritative
nameserver's DNS records.  See /usr/share/doc/curvedns/README.Debian
for more information.
EOF

The curvedns-keygen man page could also see some improvement.  I don't
like the "First Usage" and "Usage" split (it sound's like I have to do
the "First Usage" before being able to use it normally).  Also it refers
to a section "RUNNING CurveDNS" that does not exist.

I think here it would be ok to add as a note that users normally don't
need to run this as a key is generated automatically during package
installation.

Regards
Lukas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170629/d01def5b/attachment.sig>

More information about the Pkg-security-team mailing list