URL:
<http://savannah.gnu.org/bugs/?51666>
Summary: Please hash the hostname in ~/.wget-hsts files
Project: GNU Wget
Submitted by: nok
Submitted on: Sat 05 Aug 2017 04:14:03 PM CEST
Category: Feature Request
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: trunk
Operating System: GNU/Linux
Reproducibility: Every Time
Fixed Release: None
Planned Release: None
Regression: No
Work Required: None
Patch Included: No
_______________________________________________________
Details:
Hello,
a feature request from a Debian user:
--8<--
Hi,
I recently discovered the .wget-hsts file in my home directory which is used
to persist state for HSTS:
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
It contains lines such as:
# HSTS 1.0 Known Hosts database for GNU Wget.
# Edit at your own risk.
# <hostname> <port> <incl. subdomains> <created> <max-age>
github.com 0 1 1450887745 31536000
ftp-master.debian.org 0 0 1472482586 15552000
diffoscope.org 0 0 1449765396 15768000
reproducible-builds.org 0 0 1471542629 15552000
www.dropbox.com 0 1 1458394011 15552000
reproducible.debian.net 0 0 1448074844 15552000
[…]
I can't help but think of ~/.ssh/known_hosts which moved to hashing the
hostname for various security/privacy concerns. Shouldn't wget make the
parallel change?
--8<--
https://bugs.debian.org/870813
Thank you.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51666>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
