Bug#415231: dtc: [debconf_rewrite] Debconf templates review
After our various discussions, please find attached the last version of the proposed patch. Please confirm that you're OK with that patch...or again propose changes if needed. I now need to go to the next step, namely the call for translations. --- /home/bubulle/travail/debian/rewrite/BTS/dtc/dtc-0.25.1.old/debian/dtc.templates 2007-03-08 20:33:52.722693198 +0100 +++ /home/bubulle/travail/debian/rewrite/BTS/dtc/dtc-0.25.1/debian/dtc.templates 2007-03-18 11:42:30.739187249 +0100 @@ -2,222 +2,197 @@ Type: string Default: localhost _Description: MySQL hostname: - Enter the hostname or ip do you want to use to connect to your MySQL server. - If the MySQL server runs locally, then you can safely leave the default to - localhost. + Please enter the hostname or IP address of the MySQL server. Template: dtc/conf_mysqllogin Type: string Default: root -_Description: MySQL Login: - Enter the MySQL root login. DTC needs it to access to your MySQL table - in order to grant privileges to it's users. It's suggested that you add a - user specialy for dtc that has the rights for modifying grant tables, but - root is also working. +_Description: MySQL administrator: + Please enter the login name of a MySQL user with administrative + privileges. DTC will use it to grant privileges for the tables to + its users. Template: dtc/conf_mysqlpass Type: password -_Description: MySQL Password: - Please enter your MySQL root password so DTC can connect to MySQL and - add/remove databases. +_Description: MySQL administrator password: + Please enter the password of the MySQL administrator. Template: dtc/conf_mysqldb Type: string Default: dtc _Description: DTC database name: - DTC save all it's hosting information in a database automatically created. - You should enter it's name here. + Please enter the name of the database to use for storing all DTC + hosting information. Template: dtc/conf_mysql_change_root Type: boolean Default: false -_Description: Change MySQL root? - When installing mysql-server package under Debian, the default installed - root password for database access is an empty password. DTC can change - that root password for you if you didn't change it before. If you have - setup a root password for MySQL before, or if you are just upgrading DTC - to a newer version, you might don't need to setup a new root password. - If your root MySQL password is not set yet, then you can ask DTC to change - it with the root password you just entered. Please note that if DTC can't - connect with root, then install will fail. +_Description: Change MySQL root password? + By default, the mysql-server package does not require a password for + the MySQL root user. This can be changed during the configuration of + the DTC package. Template: dtc/main_domainname Type: string Default: example.com _Description: Domain name: - Enter the first domain name you want DTC to administrate. This domain - name will be used for installing the root admin and customer web control - panel of DTC (on one of this domain subdomains). + Please enter the first domain which you want DTC to + manage. This domain name will be used to install the root + admin and customer web control panel of DTC (under one of this domain's + subdomains). Template: dtc/dtc_adminsubdomain Type: string Default: dtc _Description: DTC root panel subdomain: - Enter the subdomain you want DTC to install it's control panel. + Please enter the subdomain to be used by the DTC control panel. Template: dtc/conf_ipaddr Type: string Default: 192.168.0.2 _Description: Primary IP address: - Enter your primary IP address here. This IP will be used for the domain - name you just provided, and will be used as default for most DTC variables. - In case of NAT, please enter your EXTERNAL IP address. + Please enter this host's primary IP address. This address will be + used for the domain name you just provided, and will be used as the + default for most DTC variables. If you are using Network Address + Translation (NAT), please enter your external IP address. Template: dtc/conf_hostingpath Type: string Default: /var/www/sites _Description: Path for hosted domains: - This path is where you want DTC to store all hosted domains - files (mail and web files) ? + Please enter the directory to be used by DTC to store files for + all hosted domains. . - Please note that apache's standard installation setup /var/www as the - apache web area (document root). Remove this manually in your - /etc/apache/httpd.conf (or in /etc/apache2) if you choose /var/www/sites - as DTC's hosting area. + If you choose /var/www, which is Apache's default document root, all + files hosted in that directory may become publicly accessible. It is + therefore recommended to change the DocumentRoot setting in Apache + configuration if you choose /var/www as path for hosted domains. Template: dtc/conf_chroot_path Type: string Default: /var/lib/dtc/chroot_template
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Perrier wrote: After our various discussions, please find attached the last version of the proposed patch. Please confirm that you're OK with that patch...or again propose changes if needed. I now need to go to the next step, namely the call for translations. Hi! To me it seems all right. I'll send this to our CVS. Note that my sponsor uploaded a new version of the panel yesterday, because I couldn't wait to remove the bugs that was in. But I don't think uploading AGAIN is of any problem... I'll let you know. Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/7/Xl4M9yZjvmkkRAmyKAKCQrdV2KwRDrOV7SfYiJukarTHRdQCgoBGF 0bF5HAsNHCnmTwpBIJ70bBk= =Ym9v -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
Thomas Goirand commented on our proposed rewrite of dtc templates: - Please note that apache's standard installation setup /var/www as the - apache web area (document root). Remove this manually in your - /etc/apache/httpd.conf (or in /etc/apache2) if you choose /var/www/sites - as DTC's hosting area. + The default Apache installation defines /var/www as the document + root. This should be removed from the httpd.conf file manually when + another directory is chosen as DTC's hosting area. You are changing the meaning of it. The purpose of this was to tell that the default DocumentRoot should NOT be pointing to /var/www if using this path, as this could reveal all the files. By the way, on the current setup, this is not true anymore. DTC takes over the apache config, but maybe, to be 100% sure there is no security issue, best would be to just write something like this: If you choose the default of /var/www, make sure that no DocumentRoot is pointing to this path, so there is no chance to publicly give access to all your hosted files. OK, let's retry another way: Template: dtc/conf_hostingpath Type: string Default: /var/www/sites _Description: Path for hosted domains: Please enter the directory to be used by DTC to store files for all hosted domains. . If you choose /var/www, which is Apache's default document root, all files hosted in that directory will become publicly accessible. It is therefore recommended to choose another directory if the local web server is hosting other files in /var/www. -_Description: Path where to build the chroot environment: - Please enter the path where you want DTC to build the cgi-bin chroot +_Description: Path for the chroot environment: + Please enter the directory to be used by DTC to build the cgi-bin chroot I'd like to insist a bit more on the fact this is a template copied on each subdomain. Maybe it's better to write: +_Description: Path for the chroot environment template: OK, that wasn't clear. template added. This one now: - Note that in the case of a dynamic IP address, using NAT and port forwarding - is the only way to use DTC (because apache vhost file wont need to be - regenerated at each IP change). + Do not choose this option if the server is directly connected to the + Internet, except when using dynamic IP addresses. In such cases, NAT + and port forwarding are mandatory for DTC. Reading it, it seems a bit strange, as the server can't be both connected directly to internet with a public IP, and have NAT. Maybe we should write this: + Do not choose this option if the server is directly connected to the + Internet. If your internet connection is delivered by a dynamic IP addresses, choosing this option is mandatory. You then have to use a firwall doing NAT between your server and the internet, and use port forwarding to your server. My proposed rewording of this: Template: dtc/conf_use_nated_vhosts Type: boolean Default: false _Description: Use NATed vhosts? DTC can configure Apache to use one of your IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a NATed vhost configuration can be generated. . This option should be chosen only if the server is directly connected to the Internet and uses a dynamic public IP addres. In such cases, NAT and port forwarding are mandatory for DTC. signature.asc Description: Digital signature
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Perrier wrote: If you choose the default of /var/www, make sure that no DocumentRoot is pointing to this path, so there is no chance to publicly give access to all your hosted files. OK, let's retry another way: Template: dtc/conf_hostingpath Type: string Default: /var/www/sites _Description: Path for hosted domains: Please enter the directory to be used by DTC to store files for all hosted domains. . If you choose /var/www, which is Apache's default document root, all files hosted in that directory will become publicly accessible. It is therefore recommended to choose another directory if the local web server is hosting other files in /var/www. You'd better write: If you choose /var/www, which is Apache's default document root, all files hosted in that directory MAY become publicly accessible. It is therefore recommended to change your apache main DocumentRoot configured in /etc/apache/httpd.conf or /etc/apache2/apache.conf after the setup of DTC of you choose /var/www here. My proposed rewording of this: Template: dtc/conf_use_nated_vhosts Type: boolean Default: false _Description: Use NATed vhosts? DTC can configure Apache to use one of your IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a NATed vhost configuration can be generated. . This option should be chosen only if the server is directly connected to the Internet and uses a dynamic public IP addres. In such cases, NAT and port forwarding are mandatory for DTC. No, this is not right! This option should NOT be choosen if the server is connected directly to the internet. So I would rather write this: _Description: Use NATed vhosts? DTC can configure Apache to use one of your LAN IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a NATed vhost configuration can be generated. . This option should be chosen only if the server is not connected to the Internet directly, but through a Firewall doing NAT. If using a dynamic public IP address, NAT and port forwarding are mandatory when using DTC. I can't wait to have this new template ready, as I have corrected bugs in the current version in SID, and that I want to have it uploaded asap to remove them. Last thing, before you send this new english template so it can be translated, I'll rewrap it to 80 cols as my sponsor seems to insist on this (which I also think is not a bad thing). I also think translators should be warned to take care of this (little) issue. Thanks again for your work, Thomas Goirand -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/Q+7l4M9yZjvmkkRAvzmAKDPPmnpd3VApB6oMED1+m5QqnxfrgCbB4WG 7I0x6y7svWbt8yWfiiEhHOs= =RNmO -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
You'd better write: If you choose /var/www, which is Apache's default document root, all files hosted in that directory MAY become publicly accessible. It is therefore recommended to change your apache main DocumentRoot configured in /etc/apache/httpd.conf or /etc/apache2/apache.conf after the setup of DTC of you choose /var/www here. OK. New attempt: Template: dtc/conf_hostingpath Type: string Default: /var/www/sites _Description: Path for hosted domains: Please enter the directory to be used by DTC to store files for all hosted domains. . If you choose /var/www, which is Apache's default document root, all files hosted in that directory may become publicly accessible. It is therefore recommended to change the DocumentRoot setting in Apache configuration if you choose /var/www as path for hosted domains. Template: dtc/conf_use_nated_vhosts Type: boolean Default: false _Description: Use NATed vhosts? DTC can configure Apache to use one of your IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a NATed vhost configuration can be generated. . This option should be chosen only if the server is directly connected to the Internet and uses a dynamic public IP addres. In such cases, NAT and port forwarding are mandatory for DTC. No, this is not right! This option should NOT be choosen if the server is connected directly to the internet. So I would rather write this: All this clearly shows that the whole thing is everythign but clear, I'm afraid..:-| New proposal: Template: dtc/conf_use_nated_vhosts Type: boolean Default: false _Description: Use NATed vhosts? DTC can configure Apache to use one of your IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a NATed vhost configuration can be generated. . This option should be chosen only if the server is not connected to the Internet directly, but through a firewall doing network address translation (NAT). If the server uses a dynamic public IP address, NAT and port forwarding are mandatory for DTC. I can't wait to have this new template ready, as I have corrected bugs in the current version in SID, and that I want to have it uploaded asap to remove them. Last thing, before you send this new english template so it can be translated, I'll rewrap it to 80 cols as my sponsor seems to insist on this (which I also think is not a bad thing). I also think translators should be warned to take care of this (little) issue. That is incorrect. There is not technical point in rewrapping debconf templates to 80 cols. The formatting of the original templates file is irrelevant to what will be displayed to users. Rewrapping to 80 cols is only relevant to improve the readability of the debconf templates when doing what we're doing right now. The formatting of PO files is of no importance for the result as well. Here also, using some reasonable wrapping is recommended but not mandatory. My usual recommendation with PO files is using msgcat on them. I also recommend maintainers to check the PO files: msgcat fr.po fr2.po msgfmt -o /dev/null --statistics --check fr.po So, there is no need to give special warning to translators and I usually recommend maintainers to never ever touch translator's files...except when they really know what they're doing..:) signature.asc Description: Digital signature
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
On (18/03/07 08:55), Christian Perrier wrote: Thomas Goirand commented on our proposed rewrite of dtc templates: If you choose the default of /var/www, make sure that no DocumentRoot is pointing to this path, so there is no chance to publicly give access to all your hosted files. OK, let's retry another way: Template: dtc/conf_hostingpath Type: string Default: /var/www/sites _Description: Path for hosted domains: Please enter the directory to be used by DTC to store files for all hosted domains. . If you choose /var/www, which is Apache's default document root, all files hosted in that directory will become publicly accessible. It is therefore recommended to choose another directory if the local web server is hosting other files in /var/www. Does the default of /var/www/sites suffer from this issue? + Do not choose this option if the server is directly connected to the + Internet. If your internet connection is delivered by a dynamic IP addresses, choosing this option is mandatory. You then have to use a firwall doing NAT between your server and the internet, and use port forwarding to your server. My proposed rewording of this: Template: dtc/conf_use_nated_vhosts Type: boolean Default: false _Description: Use NATed vhosts? DTC can configure Apache to use one of your IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a NATed vhost configuration can be generated. . This option should be chosen only if the server is directly connected to the Internet and uses a dynamic public IP addres. In such cases, NAT and port forwarding are mandatory for DTC. This still seems to be in conflict with Thomas' meaning of the templates. He says Do not choose this option if the server is directly connected to the internet. whereas your suggestion is This option should be chosen only if the server is directly connected to the Internet. Is there some misunderstanding here of the use of directly connected in this context? Thanks, James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
James Westby wrote: If you choose /var/www, which is Apache's default document root, all files hosted in that directory will become publicly accessible. It is therefore recommended to choose another directory if the local web server is hosting other files in /var/www. Does the default of /var/www/sites suffer from this issue? It used to, it doesn't any more since we take over the Listen directive. But I consider it a good warning to explain what's happening. This option should be chosen only if the server is directly connected to the Internet and uses a dynamic public IP addres. In such cases, NAT and port forwarding are mandatory for DTC. This still seems to be in conflict with Thomas' meaning of the templates. He says Do not choose this option if the server is directly connected to the internet. whereas your suggestion is This option should be chosen only if the server is directly connected to the Internet. Is there some misunderstanding here of the use of directly connected in this context? Thanks, James You are right, it should be: This option should be chosen only if the server is *NOT* directly connected to the Internet If it's more clear with it, that means something like that (the stars are Ethernet interfaces with IP addresses): [Internet] --- * router doing NAT * --- [LAN] --- * Server behind NAT Public-IP LAN-IP-1LAN-IP-2 If it's like that, then the NAT option should be chosen. If the Public IP is a dynamic IP that changes often, then this is the only way to have the DTC system working because Apache vhosts.conf file would have to be regenerated with the new IP all the time otherwise (with new Listen IP:port directives and VirtualHost IP:port directives), and currently it simply can't do it (I'm not even sure it will one day). Is more easy to understand like that??? Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
Quoting James Westby ([EMAIL PROTECTED]): Template: dtc/conf_hostingpath Type: string Default: /var/www/sites _Description: Path for hosted domains: Please enter the directory to be used by DTC to store files for all hosted domains. . If you choose /var/www, which is Apache's default document root, all files hosted in that directory will become publicly accessible. It is therefore recommended to choose another directory if the local web server is hosting other files in /var/www. Does the default of /var/www/sites suffer from this issue? I think it isn't. Thomas and I reworded that template again. See #415231 My proposed rewording of this: Template: dtc/conf_use_nated_vhosts Type: boolean Default: false _Description: Use NATed vhosts? DTC can configure Apache to use one of your IP addresses. If the server is firewalled with NAT and port redirections of public IP(s) address(es), a NATed vhost configuration can be generated. . This option should be chosen only if the server is directly connected to the Internet and uses a dynamic public IP addres. In such cases, NAT and port forwarding are mandatory for DTC. This still seems to be in conflict with Thomas' meaning of the templates. He says Do not choose this option if the server is directly connected to the internet. whereas your suggestion is This option should be chosen only if the server is directly connected to the Internet. Is there some misunderstanding here of the use of directly connected in this context? Yes, you're right. We reworded again in #415231 signature.asc Description: Digital signature
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
Package: dtc Version: N/A Severity: normal Tags: patch Dear Debian maintainer, On 08 Mar 2007, I notified you of the beginning of a review process concerning debconf templates for dtc. The debian-l10n-english contributors have now reviewed these templates, and the proposed changes are attached to this bug report. Please review the suggested changes are suggested, and if you have any objections, let me know in the next 3 days. Please try to avoid uploading dtc with these changes right now. The second phase of this process will begin on 20 Mar 2007, when I will coordinate updates to translations of debconf templates. The existing translators will be notified of the changes: they will receive an updated PO file for their language. Simultaneously, a general call for new translations will be sent to the debian-i18n mailing list. Both these calls for translations will request updates to be sent as individual bug reports. That will probably trigger a lot of bug reports against your package, but these should be easier to deal with. The call for translation updates and new translations will run until 01 Apr 2007. Please avoid uploading a package with fixed or changed debconf templates and/or translation updates in the meantime. Of course, other changes are safe. On 02 Apr 2007, I will contact you again and will send a final patch summarizing all the updates (changes to debconf templates, updates to debconf translations and new debconf translations). Again, thanks for your attention and cooperation. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-4-486 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) diff -Nru dtc-0.25.1.old/debian/dtc-postfix-courier.templates dtc-0.25.1/debian/dtc-postfix-courier.templates --- dtc-0.25.1.old/debian/dtc-postfix-courier.templates 2007-03-08 20:33:52.754695198 +0100 +++ dtc-0.25.1/debian/dtc-postfix-courier.templates 2007-03-17 11:41:31.864148068 +0100 @@ -2,222 +2,195 @@ Type: string Default: localhost _Description: MySQL hostname: - Enter the hostname or ip do you want to use to connect to your MySQL server. - If the MySQL server runs locally, then you can safely leave the default to - localhost. + Please enter the hostname or IP address of the MySQL server. Template: dtc/conf_mysqllogin Type: string Default: root -_Description: MySQL Login: - Enter the MySQL root login. DTC needs it to access to your MySQL table - in order to grant privileges to it's users. It's suggested that you add a - user specialy for dtc that has the rights for modifying grant tables, but - root is also working. +_Description: MySQL administrator: + Please enter the login name of a MySQL user with administrative + privileges. DTC will use it to grant privileges for the tables to + its users. Template: dtc/conf_mysqlpass Type: password -_Description: MySQL Password: - Please enter your MySQL root password so DTC can connect to MySQL and - add/remove databases. +_Description: MySQL administrator password: + Please enter the password of the MySQL administrator. Template: dtc/conf_mysqldb Type: string Default: dtc _Description: DTC database name: - DTC save all it's hosting information in a database automatically created. - You should enter it's name here. + Please enter the name of the database to use for storing all DTC + hosting information. Template: dtc/conf_mysql_change_root Type: boolean Default: false -_Description: Change MySQL root? - When installing mysql-server package under Debian, the default installed - root password for database access is an empty password. DTC can change - that root password for you if you didn't change it before. If you have - setup a root password for MySQL before, or if you are just upgrading DTC - to a newer version, you might don't need to setup a new root password. - If your root MySQL password is not set yet, then you can ask DTC to change - it with the root password you just entered. Please note that if DTC can't - connect with root, then install will fail. +_Description: Change MySQL root password? + By default, the mysql-server package does not require a password for + the MySQL root user. This can be changed during the configuration of + the DTC package. Template: dtc/main_domainname Type: string Default: example.com _Description: Domain name: - Enter the first domain name you want DTC to administrate. This domain - name will be used for installing the root admin and customer web control - panel of DTC (on one of this domain subdomains). + Please enter the first domain which you want DTC to + manage. This domain name will be used to install the root + admin and customer web control panel of DTC (under one of this domain's + subdomains). Template: dtc/dtc_adminsubdomain Type: string Default: dtc _Description: DTC root panel subdomain:
Bug#415231: dtc: [debconf_rewrite] Debconf templates review
Christian Perrier wrote: Package: dtc Version: N/A Severity: normal Tags: patch Dear Debian maintainer, On 08 Mar 2007, I notified you of the beginning of a review process concerning debconf templates for dtc. The debian-l10n-english contributors have now reviewed these templates, and the proposed changes are attached to this bug report. Please review the suggested changes are suggested, and if you have any objections, let me know in the next 3 days. Please try to avoid uploading dtc with these changes right now. The second phase of this process will begin on 20 Mar 2007, when I will coordinate updates to translations of debconf templates. The existing translators will be notified of the changes: they will receive an updated PO file for their language. Simultaneously, a general call for new translations will be sent to the debian-i18n mailing list. Both these calls for translations will request updates to be sent as individual bug reports. That will probably trigger a lot of bug reports against your package, but these should be easier to deal with. The call for translation updates and new translations will run until 01 Apr 2007. Please avoid uploading a package with fixed or changed debconf templates and/or translation updates in the meantime. Of course, other changes are safe. On 02 Apr 2007, I will contact you again and will send a final patch summarizing all the updates (changes to debconf templates, updates to debconf translations and new debconf translations). Again, thanks for your attention and cooperation. Christian, First of all, I want to thank you a lot for your work. It's is appreciated a lot, and I am very happy that my bad english is corrected. Here are my remarks on this patch. - Please note that apache's standard installation setup /var/www as the - apache web area (document root). Remove this manually in your - /etc/apache/httpd.conf (or in /etc/apache2) if you choose /var/www/sites - as DTC's hosting area. + The default Apache installation defines /var/www as the document + root. This should be removed from the httpd.conf file manually when + another directory is chosen as DTC's hosting area. You are changing the meaning of it. The purpose of this was to tell that the default DocumentRoot should NOT be pointing to /var/www if using this path, as this could reveal all the files. By the way, on the current setup, this is not true anymore. DTC takes over the apache config, but maybe, to be 100% sure there is no security issue, best would be to just write something like this: If you choose the default of /var/www, make sure that no DocumentRoot is pointing to this path, so there is no chance to publicly give access to all your hosted files. -_Description: Path where to build the chroot environment: - Please enter the path where you want DTC to build the cgi-bin chroot +_Description: Path for the chroot environment: + Please enter the directory to be used by DTC to build the cgi-bin chroot I'd like to insist a bit more on the fact this is a template copied on each subdomain. Maybe it's better to write: +_Description: Path for the chroot environment template: This one now: - Note that in the case of a dynamic IP address, using NAT and port forwarding - is the only way to use DTC (because apache vhost file wont need to be - regenerated at each IP change). + Do not choose this option if the server is directly connected to the + Internet, except when using dynamic IP addresses. In such cases, NAT + and port forwarding are mandatory for DTC. Reading it, it seems a bit strange, as the server can't be both connected directly to internet with a public IP, and have NAT. Maybe we should write this: + Do not choose this option if the server is directly connected to the + Internet. If your internet connection is delivered by a dynamic IP addresses, choosing this option is mandatory. You then have to use a firwall doing NAT between your server and the internet, and use port forwarding to your server. The rest of seems fine to me, better, quicker to read, with the same meaning. Nice job! Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]