Hi, I would like to move libpsl[0] to [core] and, if no objections arise, rebuild wget and curl against it. Doing so will protect against some problems related to insufficient checking of TLDs (f.e. [1]).
Q: What is libpsl? A: A C library to handles the Public Suffix List [0]. It was created out of wget itself and turned into a library so others (like curl) could benefit from it. Q: What does it protect against? A: - "supercookies" -> cookie checking, cookie domain verification - "super domain certificates" -> overly permissive hostname matching Q: What does upstream recommend? A: Both, curl and wget, advocate the use of libpsl in their projects if available [2][3]. Q: How big is this package? A: Not even noticeable, 41K while packed (tar.xz) and 92K unpacked. cheers, Levente [0] https://github.com/rockdaboot/libpsl [1] https://lists.gnu.org/archive/html/bug-wget/2014-03/msg00093.html [2] http://git.savannah.gnu.org/cgit/wget.git/commit/?id=854ebbf4ddad [3] https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec
signature.asc
Description: OpenPGP digital signature
