On Sat, Jan 02, 2016 at 09:20:30PM -0500, Leo Famulari wrote: > I looked into how Debian does it. They bundle a configuration file that > sets the correct options. > > If you download the "debian" file [0], which includes all of their > packaging for w3m, you can view the file at 'debian/w3mconfig'. > > The relevant option is "ssl_verify_server", and it must be set to "1" in > order for w3m to perform verification. > > Example with a domain whose certificate is expired: > $ w3m -o ssl_verify_server 1 fmrl.me > > Do we ever bundle configuration files in this manner? > > Can a wrapper set command-line variables? > > I will investigate whether these options can be set at build time. > > I don't think we should ship a browser in this state, even if users are > able to configure it properly after installation. w3m is used by other > programs like mutt to render html "under the hood". > > [0] > http://http.debian.net/debian/pool/main/w/w3m/w3m_0.5.3-26.debian.tar.xz >
This particular issue was resolved in October 2014 in this commit (tested): http://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=05503271dfd26b843589dece0da35ba5d7d38654 It looks like there is a lot of development activity happening within Debian, beyond simple packaging [0]. Even what seems to be the official SourceForge page seems to be tracking the Debian work [1]. The Debian developers are regularly issuing release tags but not release tarballs. I built from the latest one and it seems to work. I think we should use the Debian repo as the source for our w3m package. What does everyone else think? [0] http://anonscm.debian.org/cgit/collab-maint/w3m.git/ [1] http://sourceforge.net/p/w3m/patches/71/