On Wed, Sep 18, 2013 at 05:49:53PM +0200, Stefan Foerster wrote:
> I noticed that posttls-finger is not part of any upstream source I
> could find, leading me to github - is that intentional?
It is inaccurate. The posttls-finger utility has been included in
Postfix snapshots since postfix-2.11-20130602. The best snapshot
for DANE support at this time is:
postfix-2.11-20130825.
What is intentional is that while posttls-finger is compiled by
default, it is not by default installed into $command_directory by
postfix-install (because it is not listed in conf/postfix-files).
I have not yet convinced Wietse that this diagnostic tool should
be part of the required Postfix command set. One might note that
smtp-sink and smtp-source are likewise not installed by default.
My take is that posttls-finger is more useful on a day-to-day basis
at sites that configure secure-channel TLS policy with peers, and/or
want to diagnose TLS interoperability issues. Whether this is a
strong enough argument to include posttls-finger in the Postfix
pacakges delivered by O/S releases is a judgement call.
--
Viktor.
