Package: wget Version: 1.19.2-2 Severity: wishlist Tags: upstream As far as I can tell, Wget only provides the following methods to provide a HTTP password:
1. as part of the URL 2. with --http-password / --password 3. using ~/.netrc 4. using --use-askpass 5. using --ask-password The problem is that 1 & 2 expose the password in the process table, while ~/.netrc is a centralised resource that may not be editable by a script. 4 & 5 are interactive, and while I could provide an ad-hoc askpass script, this is a gross hack. It'd be awesome if Wget could provide one or more of the following methods to provide the password: 1. read it from $WGET_PASSWORD 2. read it from a specific file 3. read it from a netrc-style file that is not ~/.netrc 4. let --use-askpass specify parameters to the script/binary to invoke Ftr, my current hack involves creating an executable temporary file with content like this: #!/bin/sh echo username:password and then invoking wget like so: wget -c --use-askpass=tempfile … and that works, but it's a hack that I think could be rendered obsolete by Wget functionality. Lftp and cURL both provide ways to either read from the environment, or to override the netrc filename. Lftp furthermore can be scripted itself, which solves the problem in its own way. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages wget depends on: ii libc6 2.26-3 ii libgnutls30 3.5.16-1 ii libidn2-0 2.0.4-1.1 ii libnettle6 3.4-1 ii libpcre3 2:8.39-8 ii libpsl5 0.19.1-4 ii libuuid1 2.30.2-0.1 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages wget recommends: ii ca-certificates 20170717 wget suggests no packages. -- no debconf information -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
