As someone interested in keeping courier in Debian, I had been interested in looking at Ondřej changes (and its consequences) since I first saw this thread.
I have now compiled the new packages and performed a (really basic) local install. I'm not too keen on the move of couriertls into courier-base, though. In my view, it is itself an independent package, and it shouldn't require eg. the authdaemon (while it did have a depends to courier-base, I seem recall it wasn't really needed). A bug I noticed on install is that although courier-base is using /usr/sbin/mkdhparams to create properly-sized 4096 DH parameters in /etc/courier/dhparams.pem, the smtpd certificate was created with /usr/lib/courier/mkesmtpdcert which, after generating the certificate, appends a 512-byte (weak) dh parameter. This openssl gendh line was removed upstream in 2014 on 1e1b535b440b93474d243fe363635f0ec18427cd, but gets readded by patch 12. (d0e8408cc changes it from gendh to dhparam, but still adds it to the autogenerated certificate. It should be removed) I would recommend automatically adding mkdhparams to /etc/cron.monthly, too. As for the debian bug reports, the work seems to lie in the list of normal unclassified bugs that would need to be reviewed and most likely tested. Also, looking at the patches carried by debian, the numbers 1, 2, 3, 5, 6, 7, 9, 12*, 13, 14, 17, 20, 21, 23 and 25 seem quite uncontroversial for being applied upstream. Could you add them to your queue to ponder their inclusion, Sam? Best regards ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
