Hi all,
I'm happy to announce that my proposal for GSoC '15 "Improve Wget's Security"
has been accepted.
In the following months, I'll work together with the community, and Tim
Ruehsen, my mentor, in the following:
- Implement support for HSTS (HTTP Strict Transport Security).
- Implement support for FTPS (FTP over SSL/TLS).
There was a third requirement in the project consisting of making Wget obey the
"secure" cookie parameter, but I noticed that by the time I wrote my GSoC
proposal, that feature was already implemented, so I didn't include it in my project.
Either the mentors made a terrible mistake, or they wanted to have some fun with us GSoC
applicants. I believe it was the second one ;-p
I promised that if my proposal got accepted, I would publish it in my webpage as the
"design notes for HSTS and FTPS in Wget", so as soon as I finish doing a
system-wide upgrade of my server (it's high time I did it :D) I'll publish it and share
the link with you so that you can give me feedback. Also, I'll get back to you whenever I
need to discuss some design choices, as it should be.
Happy coding!