Hi, Just FYI, there is a new feature in Wget2: -s/--verify-sig for signature verification (Thanks to Neil Locketz).
Example: $ src/wget2 -s https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz [0] Downloading 'https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz' ... Saving 'wget-1.19.2.tar.lz' HTTP response 200 OK [https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz] Adding URL: https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz.sig [0] Downloading 'https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz.sig' ... Saving 'wget-1.19.2.tar.lz.sig' HTTP response 200 OK [https://ftp.gnu.org/gnu/wget/wget-1.19.2.tar.lz.s ig] Found 1 valid signature(s) in wget-1.19.2.tar.lz.sig That feature definitely needs some fine-tuning. You are very welcome to add comments / wishes / issues on the current development site https:// gitlab.com/gnuwget/wget2. Just open a new issue, e.g. for discussion. Since Wget2 is based on libwget (same project), we might decide to move parts of the verification code into the API to open it for any application. That depends on your feedback. With Best Regards, Tim
signature.asc
Description: This is a digitally signed message part
