Holger Levsen wrote:
> I would kindly ask you for a review of these src:sequoia-chameleon-gnupg
> package
> descriptions. I'm intentionaly not giving more context as I think the package
> descriptions should speak for themselves. I'm looking forward to your comments
> and other feedback! (And please cc: my on replies I'm not subscribed to this
> list.)
Okay! Suggested version attached.
> Source: rust-sequoia-chameleon-gnupg
> Maintainer: Debian Rust Maintainers
>
> Uploaders:
> Alexander Kjäll ,
> Holger Levsen
> Vcs-Git: https://salsa.debian.org/rust-team/debcargo-conf.git
> [src/sequoia-chameleon-gnupg]
> Vcs-Browser:
> https://salsa.debian.org/rust-team/debcargo-conf/tree/master/src/sequoia-chameleon-gnupg
> Homepage: https://sequoia-pgp.org/
>
> Package: sequoia-chameleon-gnupg
> Architecture: all
> Depends:
> gpg-sq,
> gpgv-sq
> Description: Sequoia's reimplementation of the GnuPG cli tools (metapackage)
CLI
An initialism, so definitely capitalised.
It's a bit long; maybe the "reimplementation" part can wait for the
long description:
Description: Sequoia's GnuPG CLI tools (metapackage)
> This metapackage depends on the following binaries packages:
binary
You've got some surplus plural agreement there.
> - gpg-sq: OpenPGP toolkit offering an interface aligned with gpg
> - gpgv-sq: Validate OpenPGP signatures as gpgv does
> Both are drop-in replacements using the Sequoia OpenPGP implementation
> provided in the Rust crate sequoia-chameleon-gnupg.
Fair enough, this all looks intelligible. I'll deal with the quoted
descriptions below, but notice that one of them is a "what it is" noun
phrase while the other is a "what it's for" verb phrase - the list
would read a bit more smoothly if they were syntactically parallel.
> Package: gpg-sq
> Architecture: any
> Description: OpenPGP toolkit offering a command line interface aligned with
> gpg
That's a bit long; could it perhaps use "CLI" (expanded in the long
description if necessary)? And "aligned with" is a bit odd. I'm not
sure whether it ought to involve the words "compatible" or "compliant"
or "conformant" or whether it just boils down to:
Description: gpg-like OpenPGP CLI toolkit
> This package provides the GnuPG interface while useing Sequoia's state.
^
Spelling: "using". But what does it mean to say a package "uses" a
"state"? I suspect for a start it's confusing the .deb and the tool
it provides.
> It follows the same interface offered by the GnuPG project's gpg, and can
> be used wherever gpg is used.
This sounds as if it's saying it supports all the same commandline
options, which the following paragraphs then go on to deny. It also
sounds slightly as if it's saying you can't use it unless you also use
the GnuPG implementation of gpg.
> .
> gpg-sq is drop-in replacement of gpg that is not feature-complete.
^
Missing article: "is a drop-in replacement" (and probably "for" gpg).
But this is essentially repeating the previous paragraph, while
slightly contradicting it. Couldn't we merge the two paragraphs as
something like
gpg-sq is Sequoia's alternative implementation of a tool following
the GnuPG command line interface. It provides a drop-in but not
feature-complete.replacement for the GnuPG project's gpg.
> .
> It currently implements a commonly used subset of the signature
> creation and verification commands, the encryption and decryption
> commands, the key listing commands, and some miscellaneous commands.
Fair enough.
> .
> Support for trust models is limited. Currently, the Web-of-Trust
> ('pgp') and always trust ('always') are implemented.
"Always trust" is working as a technical term here, so maybe it needs
to be
Currently the web-of-trust
and always-trust models are implemented (as "--pgp" and "--always").
> .
> This tool is provided by the Sequoia project via the sequoia-chameleon-gnupg
> crate.
>
> Package: gpgv-sq
> Architecture: any
> Description: validate OpenPGP signatures as gpgv does
By "as" this presumably means "in the same way as" rather than "at the
same time as"... the normal modern English idiom would be "like gpgv".
Going back to my complaint about the non-parallel list items: the
Developers Reference prefers noun-phrase synopses, and the easy way
to get one here is to call it a validator, but then it's more natural
if you rearrange it into something like
Description: gpgv-like validator for OpenPGP signatures
(which turns out to be very closely parallel to what I ended up
suggesting for gpg-sq.)
> This package provides a verification-only command line interface for OpenPGP
> signatures. It follows the same interface offered by the GnuPG project's
> gpgv,
> and can be used wherever gpgv is used.
> .
> gpgv-sq is a feature-complete
