thanks everybody for your work on the last release! I'm biased but I think some of the metalink features are very cool & helpful for automating things some people might be too lazy to do, like hash or signature verification. & very timely, (not to be too paranoid) but companies & whole governments are doing MITM attacks, potentially making HTTPS useless and signatures even more useful.
I was looking at the 2 metalink tests in /testenv (Test-metalink-http.py, Test-metalink-xml.py) & thinking that it could be a useful test to have wget download it's source release with a metalink (hosted at https://ftp.gnu.org/gnu/wget/wget-1.17.tar.xz.metalink , and including a hash & signature) & then test those hash & signature features if they are available. I guess most tests use the local test FTP/HTTP server, so I don't know if any involve actual downloads? (alternatively, the metalinks for the curl releases at http://curl.haxx.se/download.html also have signatures, but I don't know if that would be rude or not). I also think having the compiled features listed when you do 'wget --version' listing '+metalink +gpgme' might quickly help to show that these features are available. what do you guys think? -- (( Anthony Bryan ... Metalink [ http://www.metalinker.org ] )) Easier, More Reliable, Self Healing Downloads
