Package: wget
Version: 1.19.1-4
Severity: wishlist

Hi,

I recently discovered the .wget-hsts file in my home directory which
is used to persist state for HSTS:

  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

It contains lines such as:

  # HSTS 1.0 Known Hosts database for GNU Wget.
  # Edit at your own risk.
  # <hostname>  <port>  <incl. subdomains>      <created>       <max-age>
  github.com    0       1       1450887745      31536000
  ftp-master.debian.org 0       0       1472482586      15552000
  diffoscope.org        0       0       1449765396      15768000
  reproducible-builds.org       0       0       1471542629      15552000
  www.dropbox.com       0       1       1458394011      15552000
  reproducible.debian.net       0       0       1448074844      15552000
  […]

I can't help but think of ~/.ssh/known_hosts which moved to hashing the
hostname for various security/privacy concerns. Shouldn't wget make the
parallel change?


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

Reply via email to