Re: [Bug-wget] metalink for wget releases & tests

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] metalink for wget releases & tests

From:	Anthony Bryan
Subject:	Re: [Bug-wget] metalink for wget releases & tests
Date:	Thu, 3 Dec 2015 11:41:50 -0500

On Thu, Dec 3, 2015 at 4:53 AM, Darshit Shah <address@hidden> wrote:
> On 12/02, Anthony Bryan wrote:
>>
>> thanks everybody for your work on the last release!
>>
>> I'm biased but I think some of the metalink features are very cool &
>> helpful for automating things some people might be too lazy to do,
>> like hash or signature verification.
>> & very timely, (not to be too paranoid) but companies & whole
>> governments are doing MITM attacks, potentially making HTTPS useless
>> and signatures even more useful.
>>
>> I was looking at the 2 metalink tests in /testenv
>> (Test-metalink-http.py, Test-metalink-xml.py) & thinking that it could
>> be a useful test to have wget download it's source release with a
>> metalink (hosted at
>> https://ftp.gnu.org/gnu/wget/wget-1.17.tar.xz.metalink , and including
>> a hash & signature) & then test those hash & signature features if
>> they are available. I guess most tests use the local test FTP/HTTP
>> server, so I don't know if any involve actual downloads?
>>
> Our test suite was made to work entirely locally. It does not access the
> network, since the tests may be run on a machine with no network
> connectivity.
> However, we could implement these features within the local test suite
> itself. Would having to download over the network be such an important
> thing?

no, just that the functionality is tested is the important part (I saw
the invalid signature in Test-metalink-http.py), so just testing one
with a valid signature seems like a good step.

I just thought it would be cool for wget to be able to download itself
& check the signature, kind of like a compiler that can compile itself
:)

>> (alternatively, the metalinks for the curl releases at
>> http://curl.haxx.se/download.html also have signatures, but I don't
>> know if that would be rude or not).
>>
>> I also think having the compiled features listed when you do 'wget
>> --version' listing '+metalink +gpgme' might quickly help to show that
>> these features are available.
>>
> Attached a patch to do this. Should have been done long ago, guess no one
> else noticed it.

great! thanks so much!

-- 
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
  )) Easier, More Reliable, Self Healing Downloads

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] metalink for wget releases & tests, Anthony Bryan, 2015/12/02
- Re: [Bug-wget] metalink for wget releases & tests, Darshit Shah, 2015/12/03
  - Re: [Bug-wget] metalink for wget releases & tests, Giuseppe Scrivano, 2015/12/03
    - Re: [Bug-wget] metalink for wget releases & tests, Darshit Shah, 2015/12/03
  - Re: [Bug-wget] metalink for wget releases & tests, Anthony Bryan <=

Prev by Date: [Bug-wget] [bug #46537] Compilation of 1.17 fails when no SSL: 'using_data_security' undeclared
Next by Date: Re: [Bug-wget] Travis-CI updates and minor bug fixes
Previous by thread: Re: [Bug-wget] metalink for wget releases & tests
Next by thread: Re: [Bug-wget] Compilation Error when without-ssl is selected
Index(es):
- Date
- Thread