Resynchronize debconf templates with openswan.

1 files changed, 67 insertions, 87 deletions

diff --git a/debian/strongswan-starter.templates b/debian/strongswan-starter.templates
index a330005a9..01a67fda8 100644
--- a/debian/strongswan-starter.templates
+++ b/debian/strongswan-starter.templates
@@ -10,24 +10,23 @@
 Template: strongswan/runlevel_changes
 Type: note
 _Description: Old runlevel management superseded
- Previous versions of the strongSwan package allowed the user to choose between
- three different Start/Stop-Levels. Due to changes in the standard system 
- startup procedure, this is no longer necessary and useful. For all new
+ Previous versions of the strongSwan package gave a choice between
+ three different Start/Stop-Levels. Due to changes in the standard system
+ startup procedure, this is no longer necessary or useful. For all new
  installations as well as old ones running in any of the predefined modes,
- sane default levels set will now be set. If you are upgrading from a previous
+ sane default levels will now be set. If you are upgrading from a previous
  version and changed your strongSwan startup parameters, then please take a
  look at NEWS.Debian for instructions on how to modify your setup accordingly.
 
 Template: strongswan/restart
 Type: boolean
 Default: true
-_Description: Do you wish to restart strongSwan?
- Restarting strongSwan is a good idea, since if there is a security fix, it
- will not be fixed until the daemon restarts. Most people expect the daemon
+_Description: Restart strongSwan now?
+ Restarting strongSwan is recommended, since if there is a security fix, it
+ will not be applied until the daemon restarts. Most people expect the daemon
  to restart, so this is generally a good idea. However, this might take down
- existing connections and then bring them back up (including the connection
- currently used for this update, so it is recommended not to restart if you
- are using any of the tunnel for administration).
+ existing connections and then bring them back up, so if you are using such
+ an strongSwan tunnel to connect for this update, restarting is not recommended.
 
 Template: strongswan/ikev1
 Type: boolean
@@ -46,62 +45,62 @@ _Description: Start strongSwan's IKEv2 daemon?
 Template: strongswan/install_x509_certificate
 Type: boolean
 Default: false
-_Description: Do you want to use a X509 certificate for this host?
- This installer can automatically create or import a X509 certificate for
- this host. It can be used to authenticate IPsec connections to other hosts
- and is the preferred way for building up secure IPsec connections. The other
+_Description: Use an X.509 certificate for this host?
+ An X.509 certificate for this host can be automatically created or imported.
+ It can be used to authenticate IPsec connections to other hosts
+ and is the preferred way of building up secure IPsec connections. The other
  possibility would be to use shared secrets (passwords that are the same on
- both sides of the tunnel) for authenticating an connection, but for a larger
+ both sides of the tunnel) for authenticating a connection, but for a larger
  number of connections, key based authentication is easier to administer and
  more secure.
  .
- If you do not want to this now you can answer "No" and later use the command
- "dpkg-reconfigure openswan" to come back.
+ Alternatively you can reject this option and later use the command
+ "dpkg-reconfigure strongswan" to come back.
 
 Template: strongswan/how_to_get_x509_certificate
 Type: select
 __Choices: create, import
 Default: create
-_Description: Methods for using a X509 certificate to authenticate this host:
- It is possible to create a new X509 certificate with user-defined settings
+_Description: Methods for using a X.509 certificate to authenticate this host:
+ It is possible to create a new X.509 certificate with user-defined settings
  or to import an existing public and private key stored in PEM file(s) for
  authenticating IPsec connections.
  .
- If you choose to create a new X509 certificate you will first be presented
+ If you choose to create a new X.509 certificate you will first be asked
  a number of questions which must be answered before the creation can start.
  Please keep in mind that if you want the public key to get signed by
- an existing certification authority you should not select to create a
+ an existing Certificate Authority you should not select to create a
  self-signed certificate and all the answers given must match exactly the
  requirements of the CA, otherwise the certificate request may be rejected.
  .
- In case you want to import an existing public and private key you will be
- prompted for their filenames (may be identical if both parts are stored 
+ If you want to import an existing public and private key you will be
+ prompted for their filenames (which may be identical if both parts are stored
  together in one file). Optionally you may also specify a filename where the
- public key(s) of the certification authority are kept, but this file cannot 
- be the same as the former ones. Please be also aware that the format for the
- X509 certificates has to be PEM and that the private key must not be encrypted 
+ public key(s) of the Certificate Authority are kept, but this file cannot
+ be the same as the former ones. Please also be aware that the format for the
+ X.509 certificates has to be PEM and that the private key must not be encrypted
  or the import procedure will fail.
 
 Template: strongswan/existing_x509_certificate_filename
 Type: string
-_Description: Please enter the location of your X509 certificate in PEM format:
- Please enter the location of the file containing your X509 certificate in
+_Description: File name of your PEM format X.509 certificate:
+ Please enter the location of the file containing your X.509 certificate in
  PEM format.
 
 Template: strongswan/existing_x509_key_filename
 Type: string
-_Description: Please enter the location of your X509 private key in PEM format:
+_Description: File name of your PEM format X.509 private key:
  Please enter the location of the file containing the private RSA key
- matching your X509 certificate in PEM format. This can be the same file
- that contains the X509 certificate.
+ matching your X.509 certificate in PEM format. This can be the same file
+ that contains the X.509 certificate.
 
 Template: strongswan/existing_x509_rootca_filename
 Type: string
-_Description: You may now enter the location of your X509 RootCA in PEM format:
- Optionally you can now enter the location of the file containing the X509
- certificate authority root used to sign your certificate in PEM format. If you
+_Description: File name of your PEM format X.509 RootCA:
+ Optionally you can now enter the location of the file containing the X.509
+ Certificate Authority root used to sign your certificate in PEM format. If you
  do not have one or do not want to use it please leave the field empty. Please
- note that it's not possible to store the RootCA in the same file as your X509
+ note that it's not possible to store the RootCA in the same file as your X.509
  certificate or private key.
 
 Template: strongswan/rsa_key_length
@@ -116,89 +115,70 @@ _Description: Please enter which length the created RSA key should have:
 Template: strongswan/x509_self_signed
 Type: boolean
 Default: true
-_Description: Do you want to create a self-signed X509 certificate?
- This installer can only create self-signed X509 certificates
- automatically, because otherwise a certificate authority is needed to sign
- the certificate request. If you want to create a self-signed certificate,
+_Description: Create a self-signed X.509 certificate?
+ Only self-signed X.509 certificates can be created
+ automatically, because otherwise a Certificate Authority is needed to sign
+ the certificate request. If you choose to create a self-signed certificate,
  you can use it immediately to connect to other IPsec hosts that support
- X509 certificate for authentication of IPsec connections. However, if you
- want to use the new PKI features of strongSwan >= 1.91, you will need to
- have all X509 certificates signed by a single certificate authority to
- create a trust path.
+ X.509 certificate for authentication of IPsec connections. However, using
+ strongSwan's PKI features requires all certificates to be signed by a single
+ Certificate Authority to create a trust path.
  .
- If you do not want to create a self-signed certificate, then this
- installer will only create the RSA private key and the certificate request
- and you will have to sign the certificate request with your certificate
- authority.
+ If you do not choose to create a self-signed certificate, only the RSA
+ private key and the certificate request will be created, and you will
+ have to sign the certificate request with your Certificate Authority.
 
 Template: strongswan/x509_country_code
 Type: string
 Default: AT
-_Description: Please enter the country code for the X509 certificate request:
- Please enter the 2 letter country code for your country. This code will be
- placed in the certificate request.
+_Description: Country code for the X.509 certificate request:
+ Please enter the two-letter code for the country the server resides in
+ (such as "AT" for Austria).
  .
- You really need to enter a valid country code here, because openssl will
- refuse to generate certificates without one. An empty field is allowed for
- any other field of the X.509 certificate, but not for this one.
- .
- Example: AT
+ OpenSSL will refuse to generate a certificate unless this is a valid
+ ISO-3166 country code; an empty field is allowed elsewhere in the X.509
+ certificate, but not here.
 
 Template: strongswan/x509_state_name
 Type: string
 Default:
-_Description: Please enter the state or province name for the X509 certificate request:
- Please enter the full name of the state or province you live in. This name
- will be placed in the certificate request.
- .
- Example: Upper Austria
+_Description: State or province name for the X.509 certificate request:
+ Please enter the full name of the state or province the server resides in
+ (such as "Upper Austria").
 
 Template: strongswan/x509_locality_name
 Type: string
 Default:
-_Description: Please enter the locality name for the X509 certificate request:
- Please enter the locality (e.g. city) where you live. This name will be
- placed in the certificate request.
- .
- Example: Vienna
+_Description: Locality name for the X.509 certificate request:
+ Please enter the locality the server resides in (often a city, such
+ as "Vienna").
 
 Template: strongswan/x509_organization_name
 Type: string
 Default:
-_Description: Please enter the organization name for the X509 certificate request:
- Please enter the organization (e.g. company) that the X509 certificate
- should be created for. This name will be placed in the certificate
- request.
- .
- Example: Debian
+_Description: Organization name for the X.509 certificate request:
+ Please enter the organization the server belongs to (such as "Debian").
 
 Template: strongswan/x509_organizational_unit
 Type: string
 Default:
-_Description: Please enter the organizational unit for the X509 certificate request:
- Please enter the organizational unit (e.g. section) that the X509
- certificate should be created for. This name will be placed in the
- certificate request.
- .
- Example: security group
+_Description: Organizational unit for the X.509 certificate request:
+ Please enter the organizational unit the server belongs to (such as
+ "security group").
 
 Template: strongswan/x509_common_name
 Type: string
 Default:
-_Description: Please enter the common name for the X509 certificate request:
- Please enter the common name (e.g. the host name of this machine) for
- which the X509 certificate should be created for. This name will be placed
- in the certificate request.
- .
- Example: gateway.debian.org
+_Description: Common Name for the X.509 certificate request:
+ Please enter the Common Name for this host (such as
+ "gateway.example.org").
 
 Template: strongswan/x509_email_address
 Type: string
 Default:
-_Description: Please enter the email address for the X509 certificate request:
- Please enter the email address of the person or organization who is
- responsible for the X509 certificate, This address will be placed in the
- certificate request.
+_Description: Email address for the X.509 certificate request:
+ Please enter the email address of the person or organization
+ responsible for the X.509 certificate.
 
 Template: strongswan/enable-oe
 Type: boolean