[Bug 1172101] Re: wget-udeb should install to /usr/bin/wget instead of /usr/bin/wget.gnu
Ubuntu Foundations Team Bug Bot
1172101 at bugs.launchpad.net
Wed Apr 24 04:18:29 UTC 2013
The attachment "wget.raring.1172101.debdiff" seems to be a debdiff. The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe
the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1172101
Title:
wget-udeb should install to /usr/bin/wget instead of /usr/bin/wget.gnu
Status in “wget” package in Ubuntu:
New
Bug description:
In the Ubuntu raring (13.04) version of wget, there is a wget-udeb
which installs its binary executable to /usr/bin/wget.gnu.
This is presumably done in order to not break any setups that depend
on busybox's wget implementation.
However, since the primary reason wget-udeb exists in Ubuntu (wget-
udeb is not built in Debian afaik) is because of the lack of SSL
support in d-i and busybox-wget, it seems logical (to me) that it
should overwrite the busybox wget symlink. You're choosing to opt-in
to GNU wget, so you're already rebuilding d-i/debian-cd and therefore
know you're somewhat on your own.
Unless there is a common use case I'm not considering where you want
SSL support for something else, but somehow depend on the busybox
implementation of wget for all things apt.
What I expect to happen:
1) modify d-i source to include wget-udeb
2) rebuild d-i and point my sources to HTTPS repositories
3) install Ubuntu without fear of the traffic being snooped in transit
What happens instead:
1) modify d-i source to include wget-udeb
2) rebuild d-i and point sources to HTTPS repositories
3) install fails because d-i calls /usr/bin/wget which points to busybox (which has no SSL support)
Thanks for your time!
Please note: this suggestion is not intended to securely authenticate
the repository; that's absolutely another issue. This is simply to
address potential snooping of traffic in transit.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1172101/+subscriptions
More information about the Ubuntu-sponsors
mailing list