[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] metalink for wget releases & tests
From: |
Anthony Bryan |
Subject: |
[Bug-wget] metalink for wget releases & tests |
Date: |
Wed, 2 Dec 2015 21:02:06 -0500 |
thanks everybody for your work on the last release!
I'm biased but I think some of the metalink features are very cool &
helpful for automating things some people might be too lazy to do,
like hash or signature verification.
& very timely, (not to be too paranoid) but companies & whole
governments are doing MITM attacks, potentially making HTTPS useless
and signatures even more useful.
I was looking at the 2 metalink tests in /testenv
(Test-metalink-http.py, Test-metalink-xml.py) & thinking that it could
be a useful test to have wget download it's source release with a
metalink (hosted at
https://ftp.gnu.org/gnu/wget/wget-1.17.tar.xz.metalink , and including
a hash & signature) & then test those hash & signature features if
they are available. I guess most tests use the local test FTP/HTTP
server, so I don't know if any involve actual downloads?
(alternatively, the metalinks for the curl releases at
http://curl.haxx.se/download.html also have signatures, but I don't
know if that would be rude or not).
I also think having the compiled features listed when you do 'wget
--version' listing '+metalink +gpgme' might quickly help to show that
these features are available.
what do you guys think?
--
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
)) Easier, More Reliable, Self Healing Downloads
- [Bug-wget] metalink for wget releases & tests,
Anthony Bryan <=