Hi Daniel, I'm a DD, but entirely unfamiliar with Haskell, let alone how it's packaged within Debian. Do you think that between the two of us we can make this work?
--Joe On Wed, Mar 30, 2022 at 03:32:04PM +0200, Daniel Gröber wrote: > Hi Joseph, > > this package sounds useful. I know Haskell and Debian packaging aspects > since I used to maintain ghc-mod in Debian (it's been a couple of releases > though :). I would be happy to co-maintain this but unless you already have > a sponsor in mind we'd still have to find one as I'm not a DD. > > --Daniel > > On Wed, Mar 30, 2022 at 09:02:56AM -0400, Joseph Nahmias wrote: > > Package: wnpp > > Severity: wishlist > > X-Debbugs-Cc: j...@nahmias.net, postfix-us...@dukhovni.org, > > debian-hask...@lists.debian.org > > > > * Package name : danecheck > > Version : 1.1.0 > > Upstream Author : Viktor Dukhovni <postfix-us...@dukhovni.org> > > * URL : https://github.com/vdukhovni/danecheck > > * License : BSD > > Programming Lang: Haskell > > Description : DANE SMTP checker > > > > This is a tool to check DANE TLSA security for SMTP. > > > > Features: > > * Test the local resolver configuration by verifying the validity of the > > root zone DNSKEY and SOA RRSets. > > * Test whether DNSSEC is enabled for a given TLD. > > * Check whether an email domain is fully protected (across all of its MX > > hosts) by DANE TLSA records, and whether these match the actual > > certificate chains seen at each IP address of each MX host. > > * Perform certificate chain verification at a time offset from the current > > time to ensure that that certificates are not about to expire too soon. > > > > A non-zero exit status is returned if any DNS lookups fail or if the MX > > records > > or MX hosts are in an unsigned zone, or if for one of the MX hosts no > > associated secure TLSA records are found. A non-zero exit status is also > > returned if any of the SMTP connections fail to establish a TLS connection > > or > > yield a certificate chain that does not match the TLSA records. > > > > > > Packaging note: > > > > I do not know haskell, so wouldn't really be a good maintainer, thus > > submitting > > this as an RFP. > >
