[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] metalink for wget releases & tests

From: Anthony Bryan
Subject: [Bug-wget] metalink for wget releases & tests
Date: Wed, 2 Dec 2015 21:02:06 -0500

thanks everybody for your work on the last release!

I'm biased but I think some of the metalink features are very cool &
helpful for automating things some people might be too lazy to do,
like hash or signature verification.
& very timely, (not to be too paranoid) but companies & whole
governments are doing MITM attacks, potentially making HTTPS useless
and signatures even more useful.

I was looking at the 2 metalink tests in /testenv
(Test-metalink-http.py, Test-metalink-xml.py) & thinking that it could
be a useful test to have wget download it's source release with a
metalink (hosted at
https://ftp.gnu.org/gnu/wget/wget-1.17.tar.xz.metalink , and including
a hash & signature) & then test those hash & signature features if
they are available. I guess most tests use the local test FTP/HTTP
server, so I don't know if any involve actual downloads?

(alternatively, the metalinks for the curl releases at
http://curl.haxx.se/download.html also have signatures, but I don't
know if that would be rude or not).

I also think having the compiled features listed when you do 'wget
--version' listing '+metalink +gpgme' might quickly help to show that
these features are available.

what do you guys think?
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads

reply via email to

[Prev in Thread] Current Thread [Next in Thread]