Bug#1008676: RFP: danecheck -- DANE SMTP checker
Hi Daniel,
I'm a DD, but entirely unfamiliar with Haskell, let alone how it's packaged
within Debian. Do you think that between the two of us we can make this work?
--Joe
On Wed, Mar 30, 2022 at 03:32:04PM +0200, Daniel Gröber wrote:
> Hi Joseph,
>
> this package sounds useful. I know Haskell and Debian packaging aspects
> since I used to maintain ghc-mod in Debian (it's been a couple of releases
> though :). I would be happy to co-maintain this but unless you already have
> a sponsor in mind we'd still have to find one as I'm not a DD.
>
> --Daniel
>
> On Wed, Mar 30, 2022 at 09:02:56AM -0400, Joseph Nahmias wrote:
> > Package: wnpp
> > Severity: wishlist
> > X-Debbugs-Cc: joe@nahmias.net, postfix-users@dukhovni.org, debian-haskell@lists.debian.org
> >
> > * Package name : danecheck
> > Version : 1.1.0
> > Upstream Author : Viktor Dukhovni <postfix-users@dukhovni.org>
> > * URL : https://github.com/vdukhovni/danecheck
> > * License : BSD
> > Programming Lang: Haskell
> > Description : DANE SMTP checker
> >
> > This is a tool to check DANE TLSA security for SMTP.
> >
> > Features:
> > * Test the local resolver configuration by verifying the validity of the
> > root zone DNSKEY and SOA RRSets.
> > * Test whether DNSSEC is enabled for a given TLD.
> > * Check whether an email domain is fully protected (across all of its MX
> > hosts) by DANE TLSA records, and whether these match the actual
> > certificate chains seen at each IP address of each MX host.
> > * Perform certificate chain verification at a time offset from the current
> > time to ensure that that certificates are not about to expire too soon.
> >
> > A non-zero exit status is returned if any DNS lookups fail or if the MX records
> > or MX hosts are in an unsigned zone, or if for one of the MX hosts no
> > associated secure TLSA records are found. A non-zero exit status is also
> > returned if any of the SMTP connections fail to establish a TLS connection or
> > yield a certificate chain that does not match the TLSA records.
> >
> >
> > Packaging note:
> >
> > I do not know haskell, so wouldn't really be a good maintainer, thus submitting
> > this as an RFP.
> >
Reply to: