[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files

From:	NoëlKöthe
Subject:	[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files
Date:	Sat, 5 Aug 2017 10:14:05 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0

URL:
  <http://savannah.gnu.org/bugs/?51666>

                 Summary: Please hash the hostname in ~/.wget-hsts files
                 Project: GNU Wget
            Submitted by: nok
            Submitted on: Sat 05 Aug 2017 04:14:03 PM CEST
                Category: Feature Request
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: trunk
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: No
           Work Required: None
          Patch Included: No

    _______________________________________________________

Details:

Hello,

a feature request from a Debian user:

--8<--
Hi,

I recently discovered the .wget-hsts file in my home directory which is used
to persist state for HSTS:

  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

It contains lines such as:

  # HSTS 1.0 Known Hosts database for GNU Wget.
  # Edit at your own risk.
  # <hostname>  <port>  <incl. subdomains>      <created>       <max-age>
  github.com    0       1       1450887745      31536000
  ftp-master.debian.org 0       0       1472482586      15552000
  diffoscope.org        0       0       1449765396      15768000
  reproducible-builds.org       0       0       1471542629      15552000
  www.dropbox.com  0       1       1458394011      15552000
  reproducible.debian.net       0       0       1448074844      15552000
  […]

I can't help but think of ~/.ssh/known_hosts which moved to hashing the
hostname for various security/privacy concerns. Shouldn't wget make the
parallel change?
--8<--
https://bugs.debian.org/870813

Thank you.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?51666>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files, NoëlKöthe <=
- [Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files, Tim Ruehsen, 2017/08/05
  - [Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files, Ander Juaristi, 2017/08/18
    - [Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files, Ander Juaristi, 2017/08/18
    - Re: [Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files, Tim Rühsen, 2017/08/18

Prev by Date: Re: [Bug-wget] Gzip Content-Encoding Patches
Next by Date: [Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files
Previous by thread: Re: [Bug-wget] wget Tutorial
Next by thread: [Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files
Index(es):
- Date
- Thread