On 09/12/11 15:39, Richard Rudling wrote: > Ok you can ignore my previous message below. After studying the diff's on > the src code I tracked it down to the new 'feature' --trust-server-names > which, in my humble opinion, should be the default behaviour, while the new > behaviour should be the option. Given that this is a change in default > behaviour I suspect this is likely to catch and upset a lot of users! > > Regards > > Rich
It's done on purpose to avoid security vulnerability CVE-2010-2252. That's why you need to "trust" the server. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2252 If you know what you're doing, you can add that option to wgetrc if you wish to.
