On Mon, 2010-05-03 at 12:13 -0400, Jameson Rollins wrote: > Hi, Frank. Thanks so much for the feedback. Responses below. > > On Sun, 02 May 2010 23:36:57 +0200, Frank Lin PIAT <fp...@klabs.be> wrote: > > On Sun, 2010-04-25 at 18:44 -0400, Jameson Graef Rollins wrote: > > > * Package name : xul-ext-monkeysphere > > > Version : 0.1 > > > > The package description could mention that this is an > > early/alpha/experimental release, to avoid deception (and encourage > > feed-back) > > This extension definitely is in the early stages of development, but it > is working for most cases now, and the developers are using it > routinely. I'm also not sure how we would indicate that it's "alpha" or > "experimental" in the Package: or Version: fields of the control file, > which I think is what you're implying. Do you have a suggestion for > that?
I have gathered some existing "excuses", but none seems to fit your need. http://wiki.debian.org/PackagesDescriptions/Fragments Based on what you told, upstream might want to number it 0.9 ;) Still, let me give a try: "Although the program is still in development stage, It already have some useful features, and it is quite stable" Feel free to adjust or rewrite it. > > Wouldn't it be better to state that it's a replacement for X509 > > certificates? (there is probably an even better wording, but I can't > > find it). > > Monkeysphere is not actually a replacement for X.509, at least not in > the sense of using Monkeysphere *or* X.509. The goal of Monkeysphere, > broadly, is to expand the usage of OpenPGP for authentication on the > net. In the context of the web, the Monkeysphere xul extension can be > used to validate sites that have put their host keys on the OpenPGP Web > of Trust (WOT). However, the extension actually currently relies upon > sites providing an X.509 certificate through normal TLS channels. We > provide a fallback validation check using the WOT when the standard > X.509 validation fails. Our goal is not to disrupt standard X.509 > validation if the user wishes to continue to rely upon it, but to > instead provide an alternative to standard X.509 validation that uses > OpenPGP and the WOT. ok we "just" have to figure out how to write that in 4 or 5 lines ;) "Monkeysphere uses OpenPGP's « Web of Trust » to validate X509 certificates that aren't signed by a known certificate authorities (CA)." We could also something like this: "In regular public key infrastructure (PKI), X509 certificates are signed by a third party organisations, that are considered to be trusted by both the webserver-admin and the web-browser vendor." > I agree, though, that it is relevant to mention X.509 in the package > description, at least in the sense of providing an alternative, but I > feel like we're currently doing that with this bit: > > > > This extensions enables Monkeysphere checking of X.509 certificates > > > from https hosts whose keys are in the web of trust. > > Does this not seem clear enough? Or is there something else that we're > missing in the description to make things clearer? > > > The long description should mention that this package contains an > > Iceweasel extensions, maybe: > > "This package contains an Iceweasel/Firefox extensions to use > > Monkeysphere for checking of X.509 certificates from https hosts > > whose keys are in the web of trust." > > Good point. We'll fix that. Again, just my 2 cents ;) Franklin -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1272924329.3999.930.ca...@solid.paris.klabs.be
