From nobody@FreeBSD.org  Sat Mar  3 20:07:59 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 43ED71065679
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  3 Mar 2012 20:07:59 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 2C4D78FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  3 Mar 2012 20:07:59 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q23K7xRB004601
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 3 Mar 2012 20:07:59 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q23K7xtP004600;
	Sat, 3 Mar 2012 20:07:59 GMT
	(envelope-from nobody)
Message-Id: <201203032007.q23K7xtP004600@red.freebsd.org>
Date: Sat, 3 Mar 2012 20:07:59 GMT
From: Robert Simmons <rsimmons0@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Grammar improvement for geli(8) man page.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         165668
>Category:       docs
>Synopsis:       Grammar improvement for geli(8) man page.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    eadler
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 03 20:10:08 UTC 2012
>Closed-Date:    Tue Jun 05 05:15:15 UTC 2012
>Last-Modified:  Tue Jun 05 05:15:15 UTC 2012
>Originator:     Robert Simmons
>Release:        HEAD
>Organization:
>Environment:
>Description:
There are a few grammar problems that I've found in the geli(8) man page.  I'm working on a different problem altogether, but I decided to fix all the grammar problems I could spot in the man page and put the fix in a separate patch included here.
>How-To-Repeat:

>Fix:
I have included a unified diff of geli.8 that includes all of the grammar changes to the man page.

Patch attached with submission follows:

--- src/sbin/geom/class/eli/geli.8	2012-03-03 10:36:03.000000000 -0500
+++ src/sbin/geom/class/eli/geli.8	2012-03-03 14:39:14.000000000 -0500
@@ -29,17 +29,17 @@
 .Os
 .Sh NAME
 .Nm geli
-.Nd "control utility for cryptographic GEOM class"
+.Nd "control utility for the cryptographic GEOM class"
 .Sh SYNOPSIS
-To compile GEOM_ELI into your kernel, place the following lines in your kernel
+To compile GEOM_ELI into your kernel, add the following lines to your kernel
 configuration file:
 .Bd -ragged -offset indent
 .Cd "device crypto"
 .Cd "options GEOM_ELI"
 .Ed
 .Pp
-Alternately, to load the GEOM_ELI module at boot time, place the following line
-in your
+Alternatively, to load the GEOM_ELI module at boot time, add the following line
+to your
 .Xr loader.conf 5 :
 .Bd -literal -offset indent
 geom_eli_load="YES"
@@ -189,7 +189,7 @@
 Can create a key from a couple of components (user entered passphrase, random
 bits from a file, etc.).
 .It
-Allows to encrypt the root partition - the user will be asked for the
+Allows encryption of the root partition - the user will be asked for the
 passphrase before the root file system is mounted.
 .It
 The passphrase of the user is strengthened with:
@@ -200,7 +200,7 @@
 .%N 2898
 .Re
 .It
-Allows to use two independent keys (e.g.
+Allows the use of two independent keys (e.g.
 .Qq "user key"
 and
 .Qq "company key" ) .
@@ -209,20 +209,20 @@
 .Nm
 performs simple sector-to-sector encryption.
 .It
-Allows to backup/restore Master Keys, so when a user has to quickly
-destroy his keys,
-it is possible to get the data back by restoring keys from the backup.
+Allows the backup and restoration of Master Keys, so when a user has to quickly
+destroy his keys, it is possible to get the data back by restoring keys from
+backup.
 .It
 Providers can be configured to automatically detach on last close
 (so users do not have to remember to detach providers after unmounting
 the file systems).
 .It
-Allows to attach a provider with a random, one-time key - useful for swap
+Allows attaching a provider with a random, one-time key - useful for swap
 partitions and temporary file systems.
 .It
-Allows to verify data integrity (data authentication).
+Allows verification of data integrity (data authentication).
 .It
-Allows to suspend and resume encrypted devices.
+Allows suspending and resuming encrypted devices.
 .El
 .Pp
 The first argument to
@@ -230,12 +230,12 @@
 indicates an action to be performed:
 .Bl -tag -width ".Cm configure"
 .It Cm init
-Initialize provider which needs to be encrypted.
+Initialize the provider which needs to be encrypted.
 Here you can set up the cryptographic algorithm to use, key length, etc.
-The last provider's sector is used to store metadata.
+The last sector of the provider is used to store metadata.
 The
 .Cm init
-subcommand also automatically backups metadata in
+subcommand also automatically writes metadata backup to
 .Pa /var/backups/<prov>.eli
 file.
 The metadata can be recovered with the
@@ -246,7 +246,7 @@
 .Bl -tag -width ".Fl J Ar newpassfile"
 .It Fl a Ar aalgo
 Enable data integrity verification (authentication) using the given algorithm.
-This will reduce size of available storage and also reduce speed.
+This will reduce the size of available storage and also reduce speed.
 For example, when using 4096 bytes sector and
 .Nm HMAC/SHA256
 algorithm, 89% of the original provider storage will be available for use.
@@ -320,8 +320,8 @@
 Do not use passphrase as the key component.
 .It Fl s Ar sectorsize
 Change decrypted provider's sector size.
-Increasing sector size allows to increase performance, because we need to
-generate an IV and do encrypt/decrypt for every single sector - less number
+Increasing sector size allows increased performance, because we need to
+generate an IV and do encrypt/decrypt for every single sector - fewer numbers
 of sectors means less work to do.
 .It Fl V Ar version
 Metadata version to use.
@@ -345,7 +345,7 @@
 .Bl -tag -width ".Fl j Ar passfile"
 .It Fl d
 If specified, a decrypted provider will be detached automatically on last close.
-This can help with short memory - user does not have to remember to detach the
+This can help with scarce memory - user does not have to remember to detach the
 provider after unmounting the file system.
 It only works when the provider was opened for writing, so it will not work if
 the file system on the provider is mounted read-only.
@@ -385,9 +385,8 @@
 .It Fl l
 Mark provider to detach on last close.
 If this option is specified, the provider will not be detached
-until it is open, but when it will be closed last time, it will
-be automatically detached (even
-if it was only opened for reading).
+while it is open, but will be automatically detached when it is closed for the
+last time even if it was only opened for reading.
 .El
 .It Cm onetime
 Attach the given providers with random, one-time keys.
@@ -407,7 +406,7 @@
 subcommand.
 .It Fl d
 Detach on last close.
-Note, the option is not usable for temporary file systems as the provider will
+Note: this option is not usable for temporary file systems as the provider will
 be detached after creating the file system on it.
 It still can (and should be) used for swap partitions.
 For more information, see the description of the
@@ -444,7 +443,7 @@
 .Cm init
 subcommand, only key number 0 is initialized.
 The key can always be changed: for an attached provider,
-for a detached provider or on the backup file.
+for a detached provider, or on the backup file.
 When a provider is attached, the user does not have to provide
 an old passphrase/keyfile.
 .Pp
@@ -453,9 +452,9 @@
 .It Fl i Ar iterations
 Number of iterations to use with PKCS#5v2.
 If 0 is given, PKCS#5v2 will not be used.
-To be able to use this option with
+To be able to use this option with the
 .Cm setkey
-subcommand, only one key have to be defined and this key has to be changed.
+subcommand, only one key has to be defined and this key must be changed.
 .It Fl j Ar passfile
 Specifies a file which contains the old passphrase or its part.
 .It Fl J Ar newpassfile
@@ -479,8 +478,8 @@
 .It Cm delkey
 Destroy (overwrite with random data) the selected key.
 If one is destroying keys for an attached provider, the provider
-will not be detached even if all keys will be destroyed.
-It can be even rescued with the
+will not be detached even if all keys are destroyed.
+It can even be rescued with the
 .Cm setkey
 subcommand.
 .Pp
@@ -501,8 +500,8 @@
 has to be given.
 .El
 .It Cm kill
-This command should be used in emergency situations.
-It will destroy all keys on the given provider and will detach it forcibly
+This command should be used only in emergency situations.
+It will destroy all the keys on a given provider and will detach it forcibly
 (if it is attached).
 This is absolutely a one-way command - if you do not have a metadata
 backup, your data is gone for good.
@@ -540,29 +539,30 @@
 .Cm restore .
 .El
 .It Cm suspend
-Suspend device by waiting for all inflight request to finish, clearing all
-sensitive informations (like keys) from the kernel memory and blocking all
+Suspend device by waiting for all inflight requests to finish, clearing all
+sensitive information (like keys) from the kernel memory, and blocking all
 further I/O requests until the
 .Cm resume
 subcommand is executed.
-This functionality is useful for eg. laptops - when one wants to suspend a
-laptop, one does not want to leave encrypted device attached.
-Instead of closing all files and directories opened from a file system placed
-on an encrypted device, unmounting the file system and detaching the device,
+This functionality is useful for laptops: when one wants to suspend a
+laptop, one does not want to leave an encrypted device attached.
+Instead of closing all files and directories opened from a file system located
+on an encrypted device, unmounting the file system, and detaching the device,
 the
 .Cm suspend
 subcommand can be used.
 Any access to the encrypted device will be blocked until the keys are
-recovered through
+recovered through the
 .Cm resume
-subcommand, thus there is no need to close nor unmount anything.
+subcommand.
+Thus there is no need to close nor unmount anything.
 The
 .Cm suspend
 subcommand does not work with devices created with the
 .Cm onetime
 subcommand.
 Please note that sensitive data might still be present in memory after
-suspending encrypted device, because of file system cache, etc.
+suspending an encrypted device due to the file system cache, etc.
 .Pp
 Additional options include:
 .Bl -tag -width ".Fl a"
@@ -573,9 +573,9 @@
 .El
 .It Cm resume
 Resume previously suspended device.
-The caller must ensure that executing this subcommand won't try to access
-suspended device, which will lead to a deadlock.
-For example suspending device, which contains file system where the
+The caller must ensure that executing this subcommand doesn't access the
+suspended device, leading to a deadlock.
+For example suspending a device, which contains the file system where the
 .Nm
 utility is stored is bad idea.
 .Pp
@@ -669,7 +669,7 @@
 maximum amount of debug information is printed.
 .It Va kern.geom.eli.tries : No 3
 Number of times a user is asked for the passphrase.
-This is only used for providers which should be attached on boot
+This is only used for providers which are attached on boot
 (before the root file system is mounted).
 If set to 0, attaching providers on boot will be disabled.
 This variable should be set in
@@ -681,7 +681,7 @@
 .It Va kern.geom.eli.visible_passphrase : No 0
 If set to 1, the passphrase entered on boot (before the root
 file system is mounted) will be visible.
-This possibility should be used with caution as the entered
+This alternative should be used with caution as the entered
 passphrase can be logged and exposed via
 .Xr dmesg 8 .
 This variable should be set in
@@ -691,18 +691,18 @@
 cryptography.
 Its purpose is to increase performance on SMP systems.
 If hardware acceleration is available, only one thread will be started.
-If set to 0, CPU-bound thread will be started for every active CPU.
+If set to 0, a CPU-bound thread will be started for every active CPU.
 .It Va kern.geom.eli.batch : No 0
 When set to 1, can speed-up crypto operations by using batching.
-Batching allows to reduce number of interrupts by responding on a group of
+Batching reduces the number of interrupts by responding to a group of
 crypto requests with one interrupt.
 The crypto card and the driver has to support this feature.
 .It Va kern.geom.eli.key_cache_limit : No 8192
 Specifies how many encryption keys to cache.
 The default limit
 .No ( 8192
-keys) will allow to cache all keys for 4TB provider with 512 bytes sectors and
-will take around 1MB of memory.
+keys) will allow caching of all keys for a 4TB provider with 512 byte
+sectors and will take around 1MB of memory.
 .It Va kern.geom.eli.key_cache_hits
 Reports how many times we were looking up a key and it was already in cache.
 This sysctl is not updated for providers that need less keys than the limit
@@ -710,7 +710,7 @@
 .Va kern.geom.eli.key_cache_limit .
 .It Va kern.geom.eli.key_cache_misses
 Reports how many times we were looking up a key and it was not in cache.
-This sysctl is not updated for providers that need less keys than the limit
+This sysctl is not updated for providers that need fewer keys than the limit
 specified in
 .Va kern.geom.eli.key_cache_limit .
 .El
@@ -720,7 +720,7 @@
 Initialize a provider which is going to be encrypted with a
 passphrase and random data from a file on the user's pen drive.
 Use 4kB sector size.
-Attach the provider, create a file system and mount it.
+Attach the provider, create a file system, and mount it.
 Do the work.
 Unmount the provider and detach it:
 .Bd -literal -offset indent
@@ -739,28 +739,28 @@
 .Ed
 .Pp
 Create an encrypted provider, but use two keys:
-one for your employee and one for you as company's security officer
-(so there is no tragedy if the employee
+one for your employee and one for you as the company's security officer
+(so it's not a tragedy if the employee
 .Qq accidentally
 forgets his passphrase):
 .Bd -literal -offset indent
 # geli init /dev/da2
-Enter new passphrase:	(enter security officer passphrase)
+Enter new passphrase:	(enter security officer's passphrase)
 Reenter new passphrase:
 # geli setkey -n 1 /dev/da2
-Enter passphrase:	(enter security officer passphrase)
+Enter passphrase:	(enter security officer's passphrase)
 Enter new passphrase:	(let your employee enter his passphrase ...)
 Reenter new passphrase:	(... twice)
 .Ed
 .Pp
-You are the security-person in your company.
+You are the security officer in your company.
 Create an encrypted provider for use by the user, but remember that users
-forget their passphrases, so back Master Key up with your own random key:
+forget their passphrases, so backup the Master Key with your own random key:
 .Bd -literal -offset indent
 # dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64 count=1
 # geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ad0s1e
 # geli backup /dev/ad0s1e /mnt/pendrive/backups/`hostname`
-(use key number 0, so the encrypted Master Key by you will be overwritten)
+(use key number 0, so the encrypted Master Key will be overwritten by this)
 # geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ad0s1e
 (allow the user to enter his passphrase)
 Enter new passphrase:
@@ -791,7 +791,7 @@
 # geli init -b -P -K /boot/keys/da1s3a.key da1s3a
 .Ed
 .Pp
-The providers are initialized, now we have to add those lines to
+The providers are initialized, now we have to add these lines to
 .Pa /boot/loader.conf :
 .Bd -literal -offset indent
 geli_da0_keyfile0_load="YES"
@@ -823,10 +823,10 @@
 .Ed
 .Pp
 .Cm geli
-backups metadata by default to the
+writes the metadata backup by default to the
 .Pa /var/backups/<prov>.eli
 file.
-If metadata is lost in any way (eg. by accidental overwrite), it can be restored.
+If the metadata is lost in any way (eg. by accidental overwrite), it can be restored.
 Consider the following situation:
 .Bd -literal -offset indent
 # geli init /dev/da0
@@ -857,10 +857,10 @@
 # geli attach -k keyfile -p ada0p1
 .Ed
 .Pp
-Initialize provider with passphrase split into two files.
-The provider can be attached by giving those two files or by giving
+Initialize provider with the passphrase split into two files.
+The provider can be attached using those two files or by entering
 .Dq foobar
-passphrase on
+as the passphrase at the
 .Nm
 prompt:
 .Bd -literal -offset indent
@@ -875,8 +875,8 @@
 .Pp
 Suspend all
 .Nm
-devices, suspend a laptop, then resume devices one by one after resuming a
-laptop:
+devices on a laptop, suspend the laptop, then resume devices one by one after
+resuming the laptop:
 .Bd -literal -offset indent
 # geli suspend -a
 # zzz
@@ -916,12 +916,12 @@
 .Nm
 should be able to detect such a change.
 If an attacker can remember the encrypted data, he can overwrite any future
-changes with the data he owns without notice.
+changes with the data he owns without it being noticed.
 In other words
 .Nm
 will not protect your data against replay attacks.
 .Pp
-It is recommended to write the whole provider before the first use,
+It is recommended to write to the whole provider before first use,
 in order to make sure that all sectors and their corresponding
 checksums are properly initialized into a consistent state.
 .Sh SEE ALSO


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Sat Mar 3 20:11:08 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165668 

From: Robert Simmons <rsimmons0@gmail.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: docs/165668: Grammar improvement for geli(8) man page.
Date: Sat, 3 Mar 2012 16:06:27 -0500

 One additional point:  I have made corrections to the use of a comma
 between items in a series (the Oxford or serial comma).  There is a
 debate as to whether or not the last comma in the series is necessary
 or not.  I will defer to the late Diana Hacker in arguing for the use
 of this comma: "when three or more items are presented in a series,
 those items should be separated from one another with commas.  Items
 in a series may be single words, phrases, or clauses" (385).  The
 example she uses is the following.  "Bubbles of air, leaves, ferns,
 bits of wood, and insects are often found trapped in amber" (385).  As
 you can see, without this comma, this sentence could be read to mean
 that what gets trapped in amber are bits of insects not complete
 insects.
 Hacker, Diana. _The Bedford Handbook_. Boston: Bedford/St. Martins,
 2002. p. 385.
 
 For a humorous explanation of the Oxford or serial comma see:
 Truss, Lynne. _Eats, Shoots & Leaves_. 2003. New York: Gotham Books,
 2004. p. 83-87.
State-Changed-From-To: open->analyzed 
State-Changed-By: eadler 
State-Changed-When: Sun Mar 4 04:18:11 UTC 2012 
State-Changed-Why:  
awaiting approval 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165668 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/165668: commit references a PR
Date: Sun,  4 Mar 2012 16:37:54 +0000 (UTC)

 Author: eadler
 Date: Sun Mar  4 16:37:44 2012
 New Revision: 232502
 URL: http://svn.freebsd.org/changeset/base/232502
 
 Log:
   Fix a variety of grammar issues and style nits.
   
   PR:		docs/165668
   Submitted by:	Robert Simmons <rsimmons0@gmail.com>
   Reviewed by:	kaduk@mit.edu
   Approved by:	cperciva
   MFC after:	1 week
 
 Modified:
   head/sbin/geom/class/eli/geli.8
 
 Modified: head/sbin/geom/class/eli/geli.8
 ==============================================================================
 --- head/sbin/geom/class/eli/geli.8	Sun Mar  4 16:26:49 2012	(r232501)
 +++ head/sbin/geom/class/eli/geli.8	Sun Mar  4 16:37:44 2012	(r232502)
 @@ -24,29 +24,29 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd October 25, 2011
 +.Dd March 4, 2012
  .Dt GELI 8
  .Os
  .Sh NAME
  .Nm geli
 -.Nd "control utility for cryptographic GEOM class"
 +.Nd "control utility for the cryptographic GEOM class"
  .Sh SYNOPSIS
 -To compile GEOM_ELI into your kernel, place the following lines in your kernel
 +To compile GEOM_ELI into your kernel, add the following lines to your kernel
  configuration file:
  .Bd -ragged -offset indent
  .Cd "device crypto"
  .Cd "options GEOM_ELI"
  .Ed
  .Pp
 -Alternately, to load the GEOM_ELI module at boot time, place the following line
 -in your
 +Alternatively, to load the GEOM_ELI module at boot time, add the following line
 +to your
  .Xr loader.conf 5 :
  .Bd -literal -offset indent
  geom_eli_load="YES"
  .Ed
  .Pp
  Usage of the
 -.Xr geli 8
 +.Nm
  utility:
  .Pp
  .Nm
 @@ -189,7 +189,8 @@ or
  Can create a key from a couple of components (user entered passphrase, random
  bits from a file, etc.).
  .It
 -Allows to encrypt the root partition - the user will be asked for the
 +Allows encryption of the root partition.
 +The user will be asked for the
  passphrase before the root file system is mounted.
  .It
  The passphrase of the user is strengthened with:
 @@ -200,29 +201,30 @@ The passphrase of the user is strengthen
  .%N 2898
  .Re
  .It
 -Allows to use two independent keys (e.g.
 +Allows the use of two independent keys (e.g., a
  .Qq "user key"
 -and
 +and a
  .Qq "company key" ) .
  .It
  It is fast -
  .Nm
  performs simple sector-to-sector encryption.
  .It
 -Allows to backup/restore Master Keys, so when a user has to quickly
 -destroy his keys,
 -it is possible to get the data back by restoring keys from the backup.
 +Allows Master Keys to be backed up and restored,
 +so that if a user has to quickly destroy his keys,
 +it is possible to get the data back by restoring keys from
 +backup.
  .It
  Providers can be configured to automatically detach on last close
  (so users do not have to remember to detach providers after unmounting
  the file systems).
  .It
 -Allows to attach a provider with a random, one-time key - useful for swap
 +Allows attaching a provider with a random, one-time key - useful for swap
  partitions and temporary file systems.
  .It
 -Allows to verify data integrity (data authentication).
 +Allows verification of data integrity (data authentication).
  .It
 -Allows to suspend and resume encrypted devices.
 +Allows suspending and resuming encrypted devices.
  .El
  .Pp
  The first argument to
 @@ -230,12 +232,12 @@ The first argument to
  indicates an action to be performed:
  .Bl -tag -width ".Cm configure"
  .It Cm init
 -Initialize provider which needs to be encrypted.
 +Initialize the provider which needs to be encrypted.
  Here you can set up the cryptographic algorithm to use, key length, etc.
 -The last provider's sector is used to store metadata.
 +The last sector of the provider is used to store metadata.
  The
  .Cm init
 -subcommand also automatically backups metadata in
 +subcommand also automatically writes metadata backups to
  .Pa /var/backups/<prov>.eli
  file.
  The metadata can be recovered with the
 @@ -246,7 +248,7 @@ Additional options include:
  .Bl -tag -width ".Fl J Ar newpassfile"
  .It Fl a Ar aalgo
  Enable data integrity verification (authentication) using the given algorithm.
 -This will reduce size of available storage and also reduce speed.
 +This will reduce the size of storage available and also reduce speed.
  For example, when using 4096 bytes sector and
  .Nm HMAC/SHA256
  algorithm, 89% of the original provider storage will be available for use.
 @@ -320,9 +322,9 @@ and 192 for
  Do not use passphrase as the key component.
  .It Fl s Ar sectorsize
  Change decrypted provider's sector size.
 -Increasing sector size allows to increase performance, because we need to
 -generate an IV and do encrypt/decrypt for every single sector - less number
 -of sectors means less work to do.
 +Increasing the sector size allows increased performance,
 +because encryption/decryption which requires an initialization vector
 +is done per sector; fewer sectors means less computational work.
  .It Fl V Ar version
  Metadata version to use.
  This option is helpful when creating provider that may be used by older
 @@ -345,7 +347,7 @@ Additional options include:
  .Bl -tag -width ".Fl j Ar passfile"
  .It Fl d
  If specified, a decrypted provider will be detached automatically on last close.
 -This can help with short memory - user does not have to remember to detach the
 +This can help with scarce memory so the user does not have to remember to detach the
  provider after unmounting the file system.
  It only works when the provider was opened for writing, so it will not work if
  the file system on the provider is mounted read-only.
 @@ -385,9 +387,8 @@ Force detach - detach even if the provid
  .It Fl l
  Mark provider to detach on last close.
  If this option is specified, the provider will not be detached
 -until it is open, but when it will be closed last time, it will
 -be automatically detached (even
 -if it was only opened for reading).
 +while it is open, but will be automatically detached when it is closed for the
 +last time even if it was only opened for reading.
  .El
  .It Cm onetime
  Attach the given providers with random, one-time keys.
 @@ -407,7 +408,7 @@ For more information, see the descriptio
  subcommand.
  .It Fl d
  Detach on last close.
 -Note, the option is not usable for temporary file systems as the provider will
 +Note: this option is not usable for temporary file systems as the provider will
  be detached after creating the file system on it.
  It still can (and should be) used for swap partitions.
  For more information, see the description of the
 @@ -444,7 +445,7 @@ With the
  .Cm init
  subcommand, only key number 0 is initialized.
  The key can always be changed: for an attached provider,
 -for a detached provider or on the backup file.
 +for a detached provider, or on the backup file.
  When a provider is attached, the user does not have to provide
  an old passphrase/keyfile.
  .Pp
 @@ -453,9 +454,9 @@ Additional options include:
  .It Fl i Ar iterations
  Number of iterations to use with PKCS#5v2.
  If 0 is given, PKCS#5v2 will not be used.
 -To be able to use this option with
 +To be able to use this option with the
  .Cm setkey
 -subcommand, only one key have to be defined and this key has to be changed.
 +subcommand, only one key has to be defined and this key must be changed.
  .It Fl j Ar passfile
  Specifies a file which contains the old passphrase or its part.
  .It Fl J Ar newpassfile
 @@ -479,8 +480,8 @@ Do not use passphrase as the new key com
  .It Cm delkey
  Destroy (overwrite with random data) the selected key.
  If one is destroying keys for an attached provider, the provider
 -will not be detached even if all keys will be destroyed.
 -It can be even rescued with the
 +will not be detached even if all keys are destroyed.
 +It can even be rescued with the
  .Cm setkey
  subcommand.
  .Pp
 @@ -501,8 +502,8 @@ If provider is detached (or we are opera
  has to be given.
  .El
  .It Cm kill
 -This command should be used in emergency situations.
 -It will destroy all keys on the given provider and will detach it forcibly
 +This command should be used only in emergency situations.
 +It will destroy all the keys on a given provider and will detach it forcibly
  (if it is attached).
  This is absolutely a one-way command - if you do not have a metadata
  backup, your data is gone for good.
 @@ -540,29 +541,30 @@ and
  .Cm restore .
  .El
  .It Cm suspend
 -Suspend device by waiting for all inflight request to finish, clearing all
 -sensitive informations (like keys) from the kernel memory and blocking all
 +Suspend device by waiting for all inflight requests to finish, clearing all
 +sensitive information (like keys) from kernel memory, and blocking all
  further I/O requests until the
  .Cm resume
  subcommand is executed.
 -This functionality is useful for eg. laptops - when one wants to suspend a
 -laptop, one does not want to leave encrypted device attached.
 -Instead of closing all files and directories opened from a file system placed
 -on an encrypted device, unmounting the file system and detaching the device,
 +This functionality is useful for laptops: when one wants to suspend a
 +laptop, one does not want to leave an encrypted device attached.
 +Instead of closing all files and directories opened from a file system located
 +on an encrypted device, unmounting the file system, and detaching the device,
  the
  .Cm suspend
  subcommand can be used.
  Any access to the encrypted device will be blocked until the keys are
 -recovered through
 +recovered through the
  .Cm resume
 -subcommand, thus there is no need to close nor unmount anything.
 +subcommand.
 +Thus there is no need to close nor unmount anything.
  The
  .Cm suspend
  subcommand does not work with devices created with the
  .Cm onetime
  subcommand.
  Please note that sensitive data might still be present in memory after
 -suspending encrypted device, because of file system cache, etc.
 +suspending an encrypted device due to the file system cache, etc.
  .Pp
  Additional options include:
  .Bl -tag -width ".Fl a"
 @@ -573,9 +575,9 @@ devices.
  .El
  .It Cm resume
  Resume previously suspended device.
 -The caller must ensure that executing this subcommand won't try to access
 -suspended device, which will lead to a deadlock.
 -For example suspending device, which contains file system where the
 +The caller must ensure that executing this subcommand doesn't access the
 +suspended device, leading to a deadlock.
 +For example suspending a device which contains the file system where the
  .Nm
  utility is stored is bad idea.
  .Pp
 @@ -669,7 +671,7 @@ If set to 3, the
  maximum amount of debug information is printed.
  .It Va kern.geom.eli.tries : No 3
  Number of times a user is asked for the passphrase.
 -This is only used for providers which should be attached on boot
 +This is only used for providers which are attached on boot
  (before the root file system is mounted).
  If set to 0, attaching providers on boot will be disabled.
  This variable should be set in
 @@ -681,7 +683,7 @@ After this operation it is filled with z
  .It Va kern.geom.eli.visible_passphrase : No 0
  If set to 1, the passphrase entered on boot (before the root
  file system is mounted) will be visible.
 -This possibility should be used with caution as the entered
 +This alternative should be used with caution as the entered
  passphrase can be logged and exposed via
  .Xr dmesg 8 .
  This variable should be set in
 @@ -691,18 +693,17 @@ Specifies how many kernel threads should
  cryptography.
  Its purpose is to increase performance on SMP systems.
  If hardware acceleration is available, only one thread will be started.
 -If set to 0, CPU-bound thread will be started for every active CPU.
 +If set to 0, a CPU-pinned thread will be started for every active CPU.
  .It Va kern.geom.eli.batch : No 0
  When set to 1, can speed-up crypto operations by using batching.
 -Batching allows to reduce number of interrupts by responding on a group of
 +Batching reduces the number of interrupts by responding to a group of
  crypto requests with one interrupt.
  The crypto card and the driver has to support this feature.
  .It Va kern.geom.eli.key_cache_limit : No 8192
  Specifies how many encryption keys to cache.
  The default limit
 -.No ( 8192
 -keys) will allow to cache all keys for 4TB provider with 512 bytes sectors and
 -will take around 1MB of memory.
 +(8192 keys) will allow caching of all keys for a 4TB provider with 512 byte
 +sectors and will take around 1MB of memory.
  .It Va kern.geom.eli.key_cache_hits
  Reports how many times we were looking up a key and it was already in cache.
  This sysctl is not updated for providers that need less keys than the limit
 @@ -710,7 +711,7 @@ specified in
  .Va kern.geom.eli.key_cache_limit .
  .It Va kern.geom.eli.key_cache_misses
  Reports how many times we were looking up a key and it was not in cache.
 -This sysctl is not updated for providers that need less keys than the limit
 +This sysctl is not updated for providers that need fewer keys than the limit
  specified in
  .Va kern.geom.eli.key_cache_limit .
  .El
 @@ -720,7 +721,7 @@ Exit status is 0 on success, and 1 if th
  Initialize a provider which is going to be encrypted with a
  passphrase and random data from a file on the user's pen drive.
  Use 4kB sector size.
 -Attach the provider, create a file system and mount it.
 +Attach the provider, create a file system, and mount it.
  Do the work.
  Unmount the provider and detach it:
  .Bd -literal -offset indent
 @@ -739,28 +740,28 @@ Enter passphrase:
  .Ed
  .Pp
  Create an encrypted provider, but use two keys:
 -one for your employee and one for you as company's security officer
 -(so there is no tragedy if the employee
 +one for your employee and one for you as the company's security officer
 +(so it's not a tragedy if the employee
  .Qq accidentally
  forgets his passphrase):
  .Bd -literal -offset indent
  # geli init /dev/da2
 -Enter new passphrase:	(enter security officer passphrase)
 +Enter new passphrase:	(enter security officer's passphrase)
  Reenter new passphrase:
  # geli setkey -n 1 /dev/da2
 -Enter passphrase:	(enter security officer passphrase)
 +Enter passphrase:	(enter security officer's passphrase)
  Enter new passphrase:	(let your employee enter his passphrase ...)
  Reenter new passphrase:	(... twice)
  .Ed
  .Pp
 -You are the security-person in your company.
 +You are the security officer in your company.
  Create an encrypted provider for use by the user, but remember that users
 -forget their passphrases, so back Master Key up with your own random key:
 +forget their passphrases, so backup the Master Key with your own random key:
  .Bd -literal -offset indent
  # dd if=/dev/random of=/mnt/pendrive/keys/`hostname` bs=64 count=1
  # geli init -P -K /mnt/pendrive/keys/`hostname` /dev/ad0s1e
  # geli backup /dev/ad0s1e /mnt/pendrive/backups/`hostname`
 -(use key number 0, so the encrypted Master Key by you will be overwritten)
 +(use key number 0, so the encrypted Master Key will be overwritten by this)
  # geli setkey -n 0 -k /mnt/pendrive/keys/`hostname` /dev/ad0s1e
  (allow the user to enter his passphrase)
  Enter new passphrase:
 @@ -791,7 +792,7 @@ Reenter new passphrase:
  # geli init -b -P -K /boot/keys/da1s3a.key da1s3a
  .Ed
  .Pp
 -The providers are initialized, now we have to add those lines to
 +The providers are initialized, now we have to add these lines to
  .Pa /boot/loader.conf :
  .Bd -literal -offset indent
  geli_da0_keyfile0_load="YES"
 @@ -823,10 +824,10 @@ Enter passphrase:
  .Ed
  .Pp
  .Cm geli
 -backups metadata by default to the
 +writes the metadata backup by default to the
  .Pa /var/backups/<prov>.eli
  file.
 -If metadata is lost in any way (eg. by accidental overwrite), it can be restored.
 +If the metadata is lost in any way (e.g., by accidental overwrite), it can be restored.
  Consider the following situation:
  .Bd -literal -offset indent
  # geli init /dev/da0
 @@ -846,7 +847,7 @@ geli: Cannot read metadata from /dev/da0
  Enter passphrase:
  .Ed
  .Pp
 -If an encrypted filesystem is extended, it is necessary to relocate and
 +If an encrypted file system is extended, it is necessary to relocate and
  update the metadata:
  .Bd -literal -offset indent
  # gpart create -s GPT ada0
 @@ -857,10 +858,10 @@ update the metadata:
  # geli attach -k keyfile -p ada0p1
  .Ed
  .Pp
 -Initialize provider with passphrase split into two files.
 -The provider can be attached by giving those two files or by giving
 +Initialize provider with the passphrase split into two files.
 +The provider can be attached using those two files or by entering
  .Dq foobar
 -passphrase on
 +as the passphrase at the
  .Nm
  prompt:
  .Bd -literal -offset indent
 @@ -875,8 +876,8 @@ Enter passphrase: foobar
  .Pp
  Suspend all
  .Nm
 -devices, suspend a laptop, then resume devices one by one after resuming a
 -laptop:
 +devices on a laptop, suspend the laptop, then resume devices one by one after
 +resuming the laptop:
  .Bd -literal -offset indent
  # geli suspend -a
  # zzz
 @@ -916,12 +917,12 @@ to another even without modification,
  .Nm
  should be able to detect such a change.
  If an attacker can remember the encrypted data, he can overwrite any future
 -changes with the data he owns without notice.
 +changes with the data he owns without it being noticed.
  In other words
  .Nm
  will not protect your data against replay attacks.
  .Pp
 -It is recommended to write the whole provider before the first use,
 +It is recommended to write to the whole provider before first use,
  in order to make sure that all sectors and their corresponding
  checksums are properly initialized into a consistent state.
  .Sh SEE ALSO
 @@ -937,7 +938,7 @@ The
  .Nm
  utility appeared in
  .Fx 6.0 .
 -Support for 
 +Support for the
  .Nm Camellia
  block cipher is implemented by Yoshisato Yanagisawa in
  .Fx 7.0 .
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->patched 
State-Changed-By: eadler 
State-Changed-When: Sun Mar 4 16:44:56 UTC 2012 
State-Changed-Why:  
committed in 232502 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165668 

From: "b. f." <bf1783@googlemail.com>
To: bug-followup@FreeBSD.org, eadler@FreeBSD.org
Cc:  
Subject: Re: docs/165668: Grammar improvement for geli(8) man page.
Date: Fri, 9 Mar 2012 04:28:02 +0000

 As I said in my response to docs/165841, I think that these
 submissions need to be read more critically before committing.  In
 addition to some good changes, parts of this submission just add to
 churn in the repository, without substantially adding to clarity or
 correctness.  At the same time, several errors or awkward passages in
 the manpage have escaped without comment.  For example, I see little
 value in replacing "place the following lines in your kernel
 configuration file" with "add the following lines to your kernel
 configuration file".  But in the following passage, the stilted ""get
 the data back" hasn't been replaced with something less awkward and
 informal, like "recover the data":
 
 >-Allows to backup/restore Master Keys, so when a user has to quickly
 >-destroy his keys,
 >-it is possible to get the data back by restoring keys from the backup.
 >+Allows the backup and restoration of Master Keys, so when a user has to quickly
 >+destroy his keys, it is possible to get the data back by restoring keys from
 >+backup.
 
 and in the passage below the missing article has been supplied, but
 the restrictive use of "which" in "which needs..." hasn't been
 replaced with (the more standard) "that needs...":
 
 >-Initialize provider which needs to be encrypted.
 >+Initialize the provider which needs to be encrypted.
 
 and in:
 
 >-The caller must ensure that executing this subcommand won't try to access
 >-suspended device, which will lead to a deadlock.
 >-For example suspending device, which contains file system where the
 >+The caller must ensure that executing this subcommand doesn't access the
 >+suspended device, leading to a deadlock.
 >+For example suspending a device, which contains the file system where the
 
 the missing article has again been supplied, but not the missing comma
 after "For example".
 
 I hope that the two of you will continue your campaign of corrections,
 but with a little more care.
 
 b.

From: Eitan Adler <eadler@freebsd.org>
To: bf1783@gmail.com
Cc: bug-followup@freebsd.org
Subject: Re: docs/165668: Grammar improvement for geli(8) man page.
Date: Fri, 9 Mar 2012 00:23:46 -0500

 On Thu, Mar 8, 2012 at 11:28 PM, b. f. <bf1783@googlemail.com> wrote:
 > As I said in my response to docs/165841, I think that these
 > submissions need to be read more critically before committing.
 
 The more specifics the better. I do read the changes I commit.
 
 > At the same time, several errors or awkward passages in
 > the manpage have escaped without comment. =C2=A0For example, I see little
 > value in replacing "place the following lines in your kernel
 > configuration file" with "add the following lines to your kernel
 > configuration file".
 
 I liked the words "add" and "to"  instead of "place" and "in".
 
 > and in the passage below the missing article has been supplied, but
 > the restrictive use of "which" in "which needs..." hasn't been
 > replaced with (the more standard) "that needs...":
 
 The use of "that" and "which" as as a restrictive vs restrictive term
 is a Strunk & White 'rule' which isn't reflected in typical writing.
 
 > the missing article has again been supplied, but not the missing comma
 > after "For example".
 
 Understood.
 
 > I hope that the two of you will continue your campaign of corrections,
 > but with a little more care.
 
 More review can't hurt.
 
 
 --=20
 Eitan Adler
 Source & Ports committer
 X11, Bugbusting teams
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Tue Jun 5 05:15:14 UTC 2012 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165668 
>Unformatted:
