#: src/newt.c:64
msgid ""
"\n"
"Firewall Configuration\n"
"\n"
"   Red Hat Linux also offers you firewall protection\n"
"   for enhanced system security. A firewall sits\n"
"   between your computer and the network, and\n"
"   determines which resources on your computer remote\n"
"   users on the network are able to access. A\n"
"   properly configured firewall can greatly increase\n"
"   the out-of-the-box security of your system.\n"
"\n"
"   Choose the appropriate security level for your\n"
"   system.\n"
"\n"
"   High Security -- By choosing High Security, your\n"
"   system will not accept connections that are not\n"
"   explicitly defined by you. By default, only the\n"
"   following connections are allowed:\n"
"\n"
"     * DNS replies\n"
"     * DHCP -- so any network interfaces that use\n"
"       DHCP can be properly configured.\n"
"\n"
"   Using this High Security will not allow the\n"
"   following:\n"
"\n"
"     * Active mode FTP (Passive mode FTP, used by\n"
"       default in most clients, should work fine.)\n"
"     * IRC DCC file transfers\n"
"     * RealAudio(tm)\n"
"     * Remote X Window System clients\n"
"\n"
"   If you are connecting your system to the Internet,\n"
"   but do not plan to run a server, this is the\n"
"   safest choice. If additional services are needed,\n"
"   you can choose Customize to allow specific\n"
"   services through the firewall.\n"
"\n"
"   Medium Security -- Choosing Medium Security will\n"
"   not allow your system to have access to certain\n"
"   resources. By default, access to the following\n"
"   resources are not allowed:\n"
"\n"
"     * ports lower than 1023 -- these are the\n"
"       standard reserved ports, used by most system\n"
"       services, such as FTP, SSH, telnet, and HTTP.\n"
"     * NFS server port (2049)\n"
"     * the local X Window System display for remote X\n"
"       clients\n"
"     * the X Font server port (This is disabled by\n"
"       default in the font server.)\n"
"\n"
"   If you want to allow resources such as\n"
"   RealAudio(tm), while still blocking access to\n"
"   normal system services, choose Medium Security.\n"
"   You can choose Customize to allow specific\n"
"   services through the firewall.\n"
"\n"
"   No Firewall -- No firewall allows complete access\n"
"   and does no security checking. It is recommended\n"
"   that this only be selected if you are running on a\n"
"   trusted network (not the Internet), or if you plan\n"
"   to do more detailed firewall configuration later.\n"
"\n"
"   Choose Customize to add trusted devices or to\n"
"   allow additional incoming interfaces.\n"
#: src/newt.c:130
msgid ""
"\n"
"Firewall Customization\n"
"\n"
"   Choose which trusted devices and incoming services\n"
"   should be allowed for your network security\n"
"   settings.\n"
"\n"
"   Trusted Devices -- Checking these for any of your\n"
"   devices allows all traffic coming from that device\n"
"   to be allowed. For example, if you are running a\n"
"   local network, but are connecting to the Internet\n"
"   via a PPP dialup, you could check that eth0 is\n"
"   trusted to allow any traffic coming from your\n"
"   local network.\n"
"\n"
"   It is not recommended to enable this for devices\n"
"   that are connected to public networks, such as the\n"
"   Internet.\n"
"\n"
"   Allow Incoming -- Enabling these options allow the\n"
"   specified services to pass through the firewall.\n"
"   Note, during a workstation-class installation, the\n"
"   majority of these services are not present on the\n"
"   system.\n"
"\n"
"     * DHCP -- This allows DHCP queries and replies,\n"
"       and allows any network interfaces that use\n"
"       DHCP to determine their IP address. DHCP is\n"
"       normally enabled.\n"
"     * SSH -- Secure Shell (SSH) is a protocol for\n"
"       logging into and executing commands on remote\n"
"       machines. It provides secure encrypted\n"
"       communications. If you plan on accessing your\n"
"       machine remotely via SSH over a firewalled\n"
"       interface, enable this option. You need the\n"
"       openssh-server package installed for this\n"
"       option to be useful.\n"
"     * Telnet -- Telnet is a protocol for logging\n"
"       into remote machines. It is unencrypted, and\n"
"       provides little security from network snooping\n"
"       attacks. Enabling telnet is not recommended.\n"
"       You need the telnet-server package installed\n"
"       for this option to be useful.\n"
"     * WWW (HTTP) -- HTTP is the protocol used by\n"
"       Apache to serve Web pages. If you plan on\n"
"       making your Web server publicly available,\n"
"       enable this option. This option is not\n"
"       required for viewing pages locally or\n"
"       developing Web pages. You need the Apache\n"
"       package installed for this option to be\n"
"       useful.\n"
"     * Mail (SMTP) -- This allows incoming SMTP mail\n""       delivery.
If you need to allow remote hosts to\n"
"       connect directly to your machine to deliver\n"
"       mail, enable this option. You do not need to\n"
"       enable this if you collect your mail from your\n"
"       ISP's server by POP3 or IMAP, or if you use a\n"
"       tool such as fetchmail. Note that an\n"
"       improperly configured SMTP server can allow\n"
"       remote machines to use your server to send\n"
"       spam.\n"
"     * FTP -- FTP is a protocol used for remote file\n"
"       transfer. If you plan on making your FTP\n"
"       server publicly available, enable this option.\n"
"       You need the wu-ftpd (and possibly anonftp)\n"
"       packages installed for this option to be\n"
"       useful.\n"
"     * Other ports -- You can specify that other\n"
"       ports not listed here be allowed through the\n"
"       firewall. The format to use is\n"
"       'port:protocol'. For example, if you wanted to\n"
"       allow IMAP access through your firewall, you\n"
"       can specify 'imap:tcp'. You can also specify\n"
"       numeric ports explicitly; to allow UDP packets\n"
"       on port 1234 through, specify '1234:udp'. To\n"
"       specify multiple ports, separate them by\n"
"       commas.\n"


The two messages above are ridiciously long, and that causes a lot of
trouble for translators.

The problems are twofold: First of all it is very hard to translate when
you have to constantly scroll up and down several pages in your editor
(remember, the po format is designed for including the  original text and
the translation in the same document, so it's nice if the original text and
the translation both fit in a screenful of editor window).
The other problem is more serious. Gettext uses something called
fuzzymatching and fuzzymarking when the original message is changed (can be
anything from a typo that was fixed, an uppercase-lowercase change, or
large parts of the message rewritten). Messages that have had their
original text changed are marked "fuzzy" so that the translator can update
its translation accordingly. However, there is no other indication on a
fyzzy-marked message of what in the message that was changed. On a small or
normal-sized message it is usually trivial or at least easy to spot what
was changed, but when the messages are ridiciously large like this, it
becomes a large obstacle and near impossible. Gettext was simply not
designed to deal with messages that are complete short stories.

Proposed solution: Split up the messages above into multiple messages
(multiple gettext calls). Something like one message per paragraph is
probably a good strategy.