Hi, I would leave it unchanged. For me this is a WONTFIX, for the following reasons:
1. The message is only printed when debug output (-d) is enabled. That is disabled by default. Any user who enables it is expected to be wise enough to know how to interpret the output, or at least treat it with care. 2. Solving this would require checking whether the scheme is 'ftp://' and in the case of HTTP(S), further checking whether the Strict-Transport-Security header was set (in the case of HTTPS), or we were redirected to the HTTPS entry point of the site and that entry point sets it. This adds extra unnecessary complexity for the single reason of hiding an output that only appears in debug mode. IMO it does not pay off. 3. The HSTS file is read at the beginning, and written at the end. That is the best way of doing it, and the way other UAs work. A simpler solution than that proposed at point 2 would require putting the HSTS load/save routines in other place, maybe checking them on a per-URL basis. This also does not pay off IMO. The best 'fix' that comes to my mind is a compromise. Don't remove the message (for the reasons mentioned), but print how many HSTS entries have been read/updated/written. Something like: Saving HSTS entries to /home/strunk/.wget-hsts (read: 1, updated: 0) I would do either this or nothing. Tell me if this is acceptable. On 21/05/16 11:21, [email protected] wrote: > this is displayed on every run even with hosts that have no HSTS, and > with FTP and HTTP hosts. > > the savannah 'bug submit' is broken. > > Best regards, - AJ
