[Bug-wget] metalink for wget releases & tests

[Anthony Bryan]

thanks everybody for your work on the last release!

I'm biased but I think some of the metalink features are very cool &
helpful for automating things some people might be too lazy to do,
like hash or signature verification.
& very timely, (not to be too paranoid) but companies & whole
governments are doing MITM attacks, potentially making HTTPS useless
and signatures even more useful.

I was looking at the 2 metalink tests in /testenv
(Test-metalink-http.py, Test-metalink-xml.py) & thinking that it could
be a useful test to have wget download it's source release with a
metalink (hosted at
https://ftp.gnu.org/gnu/wget/wget-1.17.tar.xz.metalink , and including
a hash & signature) & then test those hash & signature features if
they are available. I guess most tests use the local test FTP/HTTP
server, so I don't know if any involve actual downloads?

(alternatively, the metalinks for the curl releases at
http://curl.haxx.se/download.html also have signatures, but I don't
know if that would be rude or not).

I also think having the compiled features listed when you do 'wget
--version' listing '+metalink +gpgme' might quickly help to show that
these features are available.

what do you guys think?
-- 
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads