[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] 'Saving HSTS entries to' bug

From: Ander Juaristi
Subject: Re: [Bug-wget] 'Saving HSTS entries to' bug
Date: Mon, 23 May 2016 23:59:45 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0


I would leave it unchanged. For me this is a WONTFIX, for the following

 1. The message is only printed when debug output (-d) is enabled. That
is disabled by default. Any user who enables it is expected to be wise
enough to know how to interpret the output, or at least treat it with care.
 2. Solving this would require checking whether the scheme is 'ftp://'
and in the case of HTTP(S), further checking whether the
Strict-Transport-Security header was set (in the case of HTTPS), or we
were redirected to the HTTPS entry point of the site and that entry
point sets it. This adds extra unnecessary complexity for the single
reason of hiding an output that only appears in debug mode. IMO it does
not pay off.
 3. The HSTS file is read at the beginning, and written at the end. That
is the best way of doing it, and the way other UAs work. A simpler
solution than that proposed at point 2 would require putting the HSTS
load/save routines in other place, maybe checking them on a per-URL
basis. This also does not pay off IMO.

The best 'fix' that comes to my mind is a compromise. Don't remove the
message (for the reasons mentioned), but print how many HSTS entries
have been read/updated/written. Something like:

Saving HSTS entries to /home/strunk/.wget-hsts (read: 1, updated: 0)

I would do either this or nothing. Tell me if this is acceptable.

On 21/05/16 11:21, address@hidden wrote:
> this is displayed on every run even with hosts that have no HSTS, and
> with FTP and HTTP hosts.
> the savannah 'bug submit' is broken.

Best regards,

- AJ

reply via email to

[Prev in Thread] Current Thread [Next in Thread]