bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] feature request: automatically check OpenPGP signatures


From: Neal H. Walfield
Subject: [Bug-wget] feature request: automatically check OpenPGP signatures
Date: Tue, 21 Jun 2016 12:15:44 +0200
User-agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Goj┼Ź) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)

Hi wget developers,

It is unfortunately increasingly common that tutorials, howtos and
installation programs do something like:

  wget --no-check-certificate https://some.server/path/install.sh
  chmod a+x install.sh
  ./install.sh

Ouch!

It would be great if wget had an option to specify an OpenPGP
fingerprint that should be used to check a signature.  I imagine
something like this:

  wget --check-sig 8F17777118A33DDA9BA48E62AACB3243630052D9 http://...

(The signature could either be inline, which would prevent the use of
the file until the signature is verified, which is arguably good, or
automatically looked for in a separate file called, say, filename.sig,
by default.)

For users who are just copying and pasting, this represents no
additional work while adding a fair amount of protection.  For
developers, it is a bit more work, but they should be providing
signatures anyways.  For those who already provide signatures, this
would help ensure that people actually check them and it would
simplify the installation guides.  See, for instance, tails:

  https://tails.boum.org/install/expert/usb/

Thanks for considering this feature request!

:) Neal



reply via email to

[Prev in Thread] Current Thread [Next in Thread]