Bug#1008676: RFP: danecheck -- DANE SMTP checker

To: Daniel Gröber <dxld@darkboxed.org>, 1008676@bugs.debian.org
Subject: Bug#1008676: RFP: danecheck -- DANE SMTP checker
From: Joe Nahmias <joe@nahmias.net>
Date: Wed, 30 Mar 2022 09:56:13 -0400
Message-id: <[🔎] YkRhfRusjnkxwHO6@nahmias.net>
Reply-to: Joe Nahmias <joe@nahmias.net>, 1008676@bugs.debian.org
In-reply-to: <[🔎] 20220330133204.267afm2g3wwtpdfw@House>
References: <[🔎] 164864537656.3767856.15336686737955243898.reportbug@brain.nahmias.net> <[🔎] 20220330133204.267afm2g3wwtpdfw@House> <[🔎] 164864537656.3767856.15336686737955243898.reportbug@brain.nahmias.net>

Hi Daniel,

I'm a DD, but entirely unfamiliar with Haskell, let alone how it's packaged
within Debian. Do you think that between the two of us we can make this work?

--Joe

On Wed, Mar 30, 2022 at 03:32:04PM +0200, Daniel Gröber wrote:
> Hi Joseph,
> 
> this package sounds useful. I know Haskell and Debian packaging aspects
> since I used to maintain ghc-mod in Debian (it's been a couple of releases
> though :). I would be happy to co-maintain this but unless you already have
> a sponsor in mind we'd still have to find one as I'm not a DD.
> 
> --Daniel
> 
> On Wed, Mar 30, 2022 at 09:02:56AM -0400, Joseph Nahmias wrote:
> > Package: wnpp
> > Severity: wishlist
> > X-Debbugs-Cc: joe@nahmias.net, postfix-users@dukhovni.org, debian-haskell@lists.debian.org
> > 
> > * Package name    : danecheck
> >   Version         : 1.1.0
> >   Upstream Author : Viktor Dukhovni <postfix-users@dukhovni.org>
> > * URL             : https://github.com/vdukhovni/danecheck
> > * License         : BSD
> >   Programming Lang: Haskell
> >   Description     : DANE SMTP checker
> > 
> > This is a tool to check DANE TLSA security for SMTP.
> > 
> > Features:
> >  *  Test the local resolver configuration by verifying the validity of the
> >     root zone DNSKEY and SOA RRSets.
> >  *  Test whether DNSSEC is enabled for a given TLD.
> >  *  Check whether an email domain is fully protected (across all of its MX
> >     hosts) by DANE TLSA records, and whether these match the actual
> >     certificate chains seen at each IP address of each MX host.
> >  *  Perform certificate chain verification at a time offset from the current
> >     time to ensure that that certificates are not about to expire too soon.
> > 
> > A non-zero exit status is returned if any DNS lookups fail or if the MX records
> > or MX hosts are in an unsigned zone, or if for one of the MX hosts no
> > associated secure TLSA records are found. A non-zero exit status is also
> > returned if any of the SMTP connections fail to establish a TLS connection or
> > yield a certificate chain that does not match the TLSA records.
> > 
> > 
> > Packaging note:
> > 
> > I do not know haskell, so wouldn't really be a good maintainer, thus submitting
> > this as an RFP. 
> >

Reply to:

References:
- Bug#1008676: RFP: danecheck -- DANE SMTP checker
  - From: Joseph Nahmias <joe@nahmias.net>
- Bug#1008676: RFP: danecheck -- DANE SMTP checker
  - From: Daniel Gröber <dxld@darkboxed.org>

Prev by Date: Bug#1008644: ITP: nala -- commandline frontend for the apt package manager
Next by Date: Bug#1008677: RFP: gnome-break-timer -- A break timer application for GNOME
Previous by thread: Bug#1008676: RFP: danecheck -- DANE SMTP checker
Next by thread: Bug#1008676: RFP: danecheck -- DANE SMTP checker
Index(es):
- Date
- Thread