Red Hat Bugzilla – Bug 102455
Ridiciously long messages in redhat-config-securitylevel cause translation problems
Last modified: 2007-11-30 17:10:31 EST
" Red Hat Linux also offers you firewall protection\n"
" for enhanced system security. A firewall sits\n"
" between your computer and the network, and\n"
" determines which resources on your computer remote\n"
" users on the network are able to access. A\n"
" properly configured firewall can greatly increase\n"
" the out-of-the-box security of your system.\n"
" Choose the appropriate security level for your\n"
" Enabled -- By choosing enabled, your system will\n"
" not accept connections from the outside that are\n"
" not explicitly defined by you.\n"
" If you are connecting your system to the Internet,\n"
" but do not plan to run a server, this is the\n"
" safest choice. If additional services are needed,\n"
" you can choose Customize to allow specific\n"
" services through the firewall, or to implicitly\n"
" trust traffic coming over certain interfaces.\n"
" Disabled -- Disabling the firewall allows complete\n"
" access and does no security checking. It is recommended\n"
" that this only be selected if you are running on a\n"
" trusted network (not the Internet), or if you plan\n"
" to do more detailed firewall configuration later.\n"
" Choose which trusted devices and incoming services\n"
" should be allowed for your network security\n"
" Trusted Devices -- Checking these for any of your\n"
" devices allows all traffic coming from that device\n"
" to be allowed. For example, if you are running a\n"
" local network, but are connecting to the Internet\n"
" via a PPP dialup, you could check that eth0 is\n"
" trusted to allow any traffic coming from your\n"
" local network.\n"
" It is not recommended to enable this for devices\n"
" that are connected to public networks, such as the\n"
" Allow Incoming -- Enabling these options allow the\n"
" specified services to pass through the firewall.\n"
" Note, during a workstation-class installation, the\n"
" majority of these services are not present on the\n"
" * SSH -- Secure Shell (SSH) is a protocol for\n"
" logging into and executing commands on remote\n"
" machines. It provides secure encrypted\n"
" communications. If you plan on accessing your\n"
" machine remotely via SSH over a firewalled\n"
" interface, enable this option. You need the\n"
" openssh-server package installed for this\n"
" option to be useful.\n"
" * Telnet -- Telnet is a protocol for logging\n"
" into remote machines. It is unencrypted, and\n"
" provides little security from network snooping\n"
" attacks. Enabling telnet is not recommended.\n"
" You need the telnet-server package installed\n"
" for this option to be useful.\n"
" * WWW (HTTP) -- HTTP is the protocol used by\n"
" Apache to serve Web pages. If you plan on\n"
" making your Web server publicly available,\n"
" enable this option. This option is not\n"
" required for viewing pages locally or\n"
" developing Web pages. You need the Apache\n"
" package installed for this option to be\n"
" * Mail (SMTP) -- This allows incoming SMTP mail\n"
" delivery. If you need to allow remote hosts to\n"
" connect directly to your machine to deliver\n"
" mail, enable this option. You do not need to\n"
" enable this if you collect your mail from your\n"
" ISP's server by POP3 or IMAP, or if you use a\n"
" tool such as fetchmail. Note that an\n"
" improperly configured SMTP server can allow\n"
" remote machines to use your server to send\n"
" * FTP -- FTP is a protocol used for remote file\n"
" transfer. If you plan on making your FTP\n"
" server publicly available, enable this option.\n"
" You need the vsftpd package installed for this\n"
" option to be useful.\n"
" * Other ports -- You can specify that other\n"
" ports not listed here be allowed through the\n"
" firewall. The format to use is\n"
" 'port:protocol'. For example, if you wanted to\n"
" allow IMAP access through your firewall, you\n"
" can specify 'imap:tcp'. You can also specify\n"
" numeric ports explicitly; to allow UDP packets\n"
" on port 1234 through, specify '1234:udp'. To\n"
" specify multiple ports, separate them by\n"
The two messages above are ridiciously long, and that causes a lot of
trouble for translators.
The problems are twofold: First of all it is very hard to translate when
you have to constantly scroll up and down several pages in your editor
(remember, the po format is designed for including the original text and
the translation in the same document, so it's nice if the original text and
the translation both fit in a screenful of editor window).
The other problem is more serious. Gettext uses something called
fuzzymatching and fuzzymarking when the original message is changed (can be
anything from a typo that was fixed, an uppercase-lowercase change, or
large parts of the message rewritten). Messages that have had their
original text changed are marked "fuzzy" so that the translator can update
its translation accordingly. However, there is no other indication on a
fyzzy-marked message of what in the message that was changed. On a small or
normal-sized message it is usually trivial or at least easy to spot what
was changed, but when the messages are ridiciously large like this, it
becomes a large obstacle and near impossible. Gettext was simply not
designed to deal with messages that are complete short stories.
Proposed solution: Split up the messages above into multiple messages
(multiple gettext calls). Something like one message per paragraph is
often a good strategy.
More about this problem at
This text changed last week for the first time in roughly 2 years, FWIW; it
hasn't really had maintenance.
Closing as 'wontfix'. We'll try to refrain from doing this in the future, but
I'm reluctant to change things that are already in place.
Since these messages need fixing anyway (see bug 107558), they should probably
be split up in paragraph-sized messages at the same time.
Should be fixed in system-config-securitylevel-1.3.1-1.