Hello Eduard, On Tue 04 Jun 2019 at 08:30AM +02, Eduard Bloch wrote:
> Sure you do, guess what " URL transformed to HTTPS due to an HSTS policy" > is supposed to mean. > > > --no-hsts > Wget supports HSTS (HTTP Strict Transport Security, RFC 6797) by > default. Use --no-hsts to make Wget act as a non-HSTS-compliant UA. As a > consequence, Wget would > ignore all the "Strict-Transport-Security" headers, and would not > enforce any existing HSTS policy. So are you saying you think the bug is in debootstrap, i.e., debootstrap should start passing --no-hsts to wget? -- Sean Whitton
signature.asc
Description: PGP signature
