[Pkg-openssl-devel] Bug#719262: Bug#719262: [src:openssl] Please review package descriptions

Martin Eberhard Schauer Martin.E.Schauer at gmx.de
Fri Aug 9 21:47:51 UTC 2013 

Dear Kurt,

thank you for your prompt response.

 >>  Pre-Depends: ${misc:Pre-Depends}
 >>  Depends: ${shlibs:Depends}, ${misc:Depends}
 >> -Description: SSL shared libraries
 >> - libssl and libcrypto shared libraries needed by programs like
 >> - apache-ssl, telnet-ssl and openssh.
 >> +Description: Secure Sockets Layer implementation - shared libraries
 >> + This package is part of the OpenSSL project's implementation of 
the SSL
 >> + cryptograpfic protocol for communication security over the internet.
 >>   .
 >> - It is part of the OpenSSL implementation of SSL.
 >> + The libssl and libcrypto shared libraries are needed by programs like
 >> + apache-ssl, telnet-ssl and openssh.
 > I'm not sure mentioning those package is useful, since it gets
 > installed as dependency.  It doesn't explain what it does.  But
 > I really have nothing really useful to say about such things.

I just wanted to introduce a unified description, add common boilerplate
and be as minimally invasive as an NMU. But IMHO you are very right. It's a
shared library's nature to be used by several programs. Without explaining
their purpose it is just namedropping.

 >> @@ -57,11 +64,12 @@
 >>  Multi-Arch: same
 >>  Recommends: libssl-doc
 >>  Depends: libssl1.0.0 (= ${binary:Version}), zlib1g-dev, ${misc:Depends}
 >> -Description: SSL development libraries, header files and documentation
 >> - libssl and libcrypto development libraries, header files and manpages.
 >> +Description: Secure Sockets Layer implementation - development files
 >> + This package is part of the OpenSSL project's implementation of 
the SSL
 >> + cryptograpfic protocol for communication security over the internet.
 >>   .
 >> - It is part of the OpenSSL implementation of SSL.
 >> -
 >> + It contains development libraries, header files and manpages for 
the libssl

 > Maybe it should mention both SSL and TLS.
 > Maybe it should make a reference to https?

 > Do you think it's useful to also mention things like RSA
 > in the description of the shared libraries?

I'm not a computer scientist by education. I don't know anything about
cryptographic protocols. From my Jon Doe POV there is no benefit in
mentioning TLS and HTTPS - at least without shortly explaining them.

Martin

PS: There was a typo in my patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: control.patch
Type: text/x-patch
Size: 4240 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20130809/26ed7561/attachment-0001.bin>

More information about the Pkg-openssl-devel mailing list