en-US/Desktop.xml en-US/Devel-Embedded.xml en-US/Security.xml
Rüdiger Landmann
rlandmann at fedoraproject.org
Thu Mar 18 21:58:51 UTC 2010
en-US/Desktop.xml | 2 -
en-US/Devel-Embedded.xml | 3 -
en-US/Security.xml | 73 ++++++++++++++++++++++-------------------------
3 files changed, 37 insertions(+), 41 deletions(-)
New commits:
commit 73b33d563dc90782080dfd24f9cc5bd6cf3cae61
Author: Ruediger Landmann <r.landmann at redhat.com>
Date: Fri Mar 19 07:57:54 2010 +1000
Copyedit Security
diff --git a/en-US/Desktop.xml b/en-US/Desktop.xml
index 1f1860b..f0ece9b 100644
--- a/en-US/Desktop.xml
+++ b/en-US/Desktop.xml
@@ -27,7 +27,7 @@
<section>
<title>Redesigned user management interface </title>
<para>
- The user account tool has been completely redesigned. The tool has functions to configure personal information in user accounts, and make a personal profile picture or icon. It also helps users generate strong passphrases, set up additional login options such as automatic login, and determine special roles for users such as in the case of a single owner of a personal laptop or an administrator of a shared system. This new feature was designed and implemented by several members of the Fedora Desktop SIG.
+ The user account tool has been completely redesigned. The tool has functions to configure personal information in user accounts, and make a personal profile picture or icon. It also helps users generate strong passphrases, set up additional login options such as automatic login, and determine special roles for users such as in the case of a single owner of a personal laptop or an administrator of a shared system. This new feature was designed and implemented by several members of the Fedora Desktop SIG. Refer to <xref linkend="sect-Release_Notes-Security"/> for details of the security enhancements included in this feature.
</para>
</section>
<section>
diff --git a/en-US/Devel-Embedded.xml b/en-US/Devel-Embedded.xml
index c36cfa9..4d201f6 100644
--- a/en-US/Devel-Embedded.xml
+++ b/en-US/Devel-Embedded.xml
@@ -135,8 +135,7 @@ ABC EQU R0
<title>avr-gcc </title>
<para>
<application>avr-gcc</application> has been updated to 4.3.3, along with
- <application>avr-gcc-c++</application>. Refer to the gcc section under
- Developers in this document for the details of this upgrade.
+ <application>avr-gcc-c++</application>. Refer to <xref linkend="sect-Release_Notes-The_GCC_Compiler_Collection"/> for the details of this upgrade.
</para>
</section>
</section>
diff --git a/en-US/Security.xml b/en-US/Security.xml
index f3eced5..6d8e809 100644
--- a/en-US/Security.xml
+++ b/en-US/Security.xml
@@ -12,20 +12,19 @@
<section>
<title>Dogtag Certificate System </title>
<para>
- Dogtag Certificate System (<literal>DGS</literal>) is an enterprise-class
- open source Certificate Authority (<literal>CA</literal>) supporting all
- aspects of certificate lifecycle management including Certificate
- Authority (<literal>CA</literal>), Data Recovery Manager
- (<literal>DRM</literal>), Online Certificate Status Protocol
- (<literal>OCSP</literal>) Manager, Registration Authority
- (<literal>RA</literal>), Token Key Service (<literal>TKS</literal>), Token
- Processing System (<literal>TPS</literal>) and smartcard management,
- trough ESC (<literal>Enterprise Security Client</literal>).
+ <firstterm>Dogtag Certificate System</firstterm> (DGS) is an enterprise-class
+ open-source <firstterm>Certificate Authority</firstterm> (CA) supporting all
+ aspects of certificate lifecycle management including <firstterm>Certificate
+ Authority</firstterm> (CA), <firstterm>Data Recovery Manager</firstterm>
+ (DRM), <firstterm>Online Certificate Status Protocol</firstterm>
+ (OCSP) Manager, <firstterm>Registration Authorit</firstterm>y
+ (RA), <firstterm>Token Key Service</firstterm> (TKS), <firstterm>Token
+ Processing System</firstterm> (TPS) and smartcard management,
+ through <firstterm>Enterprise Security Client</firstterm> (ESC).
</para>
<para>
- Refer to <ulink
- url="http://fedoraproject.org/w/index.php?title=Features/DogtagCertificateSystem">
- Dogtag Certificate System</ulink> for additional details.
+ Refer to the <citetitle>Dogtag Certificate System</citetitle> page on the Fedora wiki for additional details — <ulink
+ url="http://fedoraproject.org/w/index.php?title=Features/DogtagCertificateSystem"></ulink>.
</para>
</section>
@@ -35,10 +34,10 @@
<application>modprobe</application> Whitelist allows system administrators
in high-security situations to limit the modules loaded by
<application>modprobe</application> to a specific list of modules
- configured by the administrator, making it impossible for unprivileged
- users to exploit vulnerabilities in modules that are not ordinarily used
- by e.g. attaching hardware and so limit the amount of (potentially
- vulnerable) code that can run in the kernel.
+ configured by the administrator. This limit makes it impossible for unprivileged
+ users to exploit vulnerabilities in modules that are not ordinarily used, for example,
+ by attaching hardware. The amount of potentially
+ vulnerable code that can run in the kernel is therefore limited.
</para>
<para>
<application>modprobe</application> can also run specified commands
@@ -46,26 +45,24 @@
configuration directive); this is restricted using the same whitelist as
well. To help system administrators compile the whitelist, additional
functionality is added to <application>modprobe</application>: it will be
- possible to log all information (similar to using <command>modprobe
- -v</command>) to a specified file, including
- <application>modprobe</application> actions run in the dracut initrd. A
+ possible to log all information (similar to using <command>modprobe -v</command>) to a specified file, including
+ <application>modprobe</application> actions run in the <application>dracut</application> <filename>initrd</filename>. A
script will be provided that compiles a proposed whitelist from the logged
data.
</para>
<para>
- If desired and configured by the system administrator, a significant
- reduction of the kernel-space attack surface, avoiding risk of
- vulnerabilities in rarely-used kernel-mode code: a sample desktop Fedora
+ Use this whitelist to reduce the kernel-space attack surface considerably and avoid risk of
+ vulnerabilities in rarely-used kernel-mode code. A sample desktop Fedora
system currently has 79 modules loaded, out of 1964 available modules
- (4%). When counting code size, and the main kernel file (/boot/vmlinuz*)
+ (4%). When counting code size, and the main kernel file (<filename>/boot/vmlinuz*</filename>)
is included, the sample desktop system runs 8.36 MB of kernel-space code,
out of 34.66 MB available (24%).
</para>
<para>
- You may refer to the <ulink
- url="http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist">Modprobe
- Whitelist </ulink> feature page on the Fedora wiki for a more complete
- description of this feature.
+ Refer to the <citetitle>Modprobe
+ Whitelist </citetitle> feature page on the Fedora wiki for a more complete
+ description of this feature: <ulink
+ url="http://fedoraproject.org/w/index.php?title=Features/ModprobeWhitelist"></ulink>
</para>
</section>
@@ -83,25 +80,25 @@
available in one place.
</para>
<para>
- <ulink
- url="http://fedoraproject.org/w/index.php?title=Features/UserAccountDialog">User
- Account Dialog </ulink> on the Fedora wiki includes more details.
+ The <citetitle>User
+ Account Dialog</citetitle> page on the Fedora wiki includes more details: <ulink
+ url="http://fedoraproject.org/w/index.php?title=Features/UserAccountDialog"></ulink>
</para>
</section>
<section>
- <title>Policy Kit One </title>
+ <title>Policy Kit One</title>
<para>
- Policy Kit One replaces the old deprecated Policy Kit and allows the KDE
+ <application>PolicyKitOne</application> replaces the old deprecated <application>PolicyKit </application> and allows the KDE
users to have a better experience of their applications and desktop in
- general. In Fedora 12 KDE Desktop Edition uses Gnome Authentication Agent,
- with Policy Kit One now is possible to utilize the native KDE
- authentication agent, KAuth.
+ general. The Fedora 12 KDE Desktop Edition used <application>Gnome Authentication Agent </application>.
+ <application>PolicyKitOne</application> makes it possible to utilize the native KDE
+ authentication agent, <application>KAuth</application> in Fedora 13.
</para>
<para>
- For a complete description of this feature, refer to <ulink
- url="http://fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt">KDE
- PolicyKit One Qt </ulink> on the Fedora wiki.
+ For a complete description of this feature, refer to the <citetitle>KDE
+ PolicyKit One Qt</citetitle> page on the Fedora wiki: <ulink
+ url="http://fedoraproject.org/w/index.php?title=Features/KDE_PolicyKitOneQt"></ulink>
</para>
</section>
More information about the docs-commits
mailing list