On Thu, Dec 3, 2015 at 4:53 AM, Darshit Shah <[email protected]> wrote: > On 12/02, Anthony Bryan wrote: >> >> thanks everybody for your work on the last release! >> >> I'm biased but I think some of the metalink features are very cool & >> helpful for automating things some people might be too lazy to do, >> like hash or signature verification. >> & very timely, (not to be too paranoid) but companies & whole >> governments are doing MITM attacks, potentially making HTTPS useless >> and signatures even more useful. >> >> I was looking at the 2 metalink tests in /testenv >> (Test-metalink-http.py, Test-metalink-xml.py) & thinking that it could >> be a useful test to have wget download it's source release with a >> metalink (hosted at >> https://ftp.gnu.org/gnu/wget/wget-1.17.tar.xz.metalink , and including >> a hash & signature) & then test those hash & signature features if >> they are available. I guess most tests use the local test FTP/HTTP >> server, so I don't know if any involve actual downloads? >> > Our test suite was made to work entirely locally. It does not access the > network, since the tests may be run on a machine with no network > connectivity. > However, we could implement these features within the local test suite > itself. Would having to download over the network be such an important > thing?
no, just that the functionality is tested is the important part (I saw the invalid signature in Test-metalink-http.py), so just testing one with a valid signature seems like a good step. I just thought it would be cool for wget to be able to download itself & check the signature, kind of like a compiler that can compile itself :) >> (alternatively, the metalinks for the curl releases at >> http://curl.haxx.se/download.html also have signatures, but I don't >> know if that would be rude or not). >> >> I also think having the compiled features listed when you do 'wget >> --version' listing '+metalink +gpgme' might quickly help to show that >> these features are available. >> > Attached a patch to do this. Should have been done long ago, guess no one > else noticed it. great! thanks so much! -- (( Anthony Bryan ... Metalink [ http://www.metalinker.org ] )) Easier, More Reliable, Self Healing Downloads
