Hi Joseph, this package sounds useful. I know Haskell and Debian packaging aspects since I used to maintain ghc-mod in Debian (it's been a couple of releases though :). I would be happy to co-maintain this but unless you already have a sponsor in mind we'd still have to find one as I'm not a DD.
--Daniel On Wed, Mar 30, 2022 at 09:02:56AM -0400, Joseph Nahmias wrote: > Package: wnpp > Severity: wishlist > X-Debbugs-Cc: j...@nahmias.net, postfix-us...@dukhovni.org, > debian-hask...@lists.debian.org > > * Package name : danecheck > Version : 1.1.0 > Upstream Author : Viktor Dukhovni <postfix-us...@dukhovni.org> > * URL : https://github.com/vdukhovni/danecheck > * License : BSD > Programming Lang: Haskell > Description : DANE SMTP checker > > This is a tool to check DANE TLSA security for SMTP. > > Features: > * Test the local resolver configuration by verifying the validity of the > root zone DNSKEY and SOA RRSets. > * Test whether DNSSEC is enabled for a given TLD. > * Check whether an email domain is fully protected (across all of its MX > hosts) by DANE TLSA records, and whether these match the actual > certificate chains seen at each IP address of each MX host. > * Perform certificate chain verification at a time offset from the current > time to ensure that that certificates are not about to expire too soon. > > A non-zero exit status is returned if any DNS lookups fail or if the MX > records > or MX hosts are in an unsigned zone, or if for one of the MX hosts no > associated secure TLSA records are found. A non-zero exit status is also > returned if any of the SMTP connections fail to establish a TLS connection or > yield a certificate chain that does not match the TLSA records. > > > Packaging note: > > I do not know haskell, so wouldn't really be a good maintainer, thus > submitting > this as an RFP. >
signature.asc
Description: PGP signature