Hi wget developers, It is unfortunately increasingly common that tutorials, howtos and installation programs do something like:
wget --no-check-certificate https://some.server/path/install.sh chmod a+x install.sh ./install.sh Ouch! It would be great if wget had an option to specify an OpenPGP fingerprint that should be used to check a signature. I imagine something like this: wget --check-sig 8F17777118A33DDA9BA48E62AACB3243630052D9 http://... (The signature could either be inline, which would prevent the use of the file until the signature is verified, which is arguably good, or automatically looked for in a separate file called, say, filename.sig, by default.) For users who are just copying and pasting, this represents no additional work while adding a fair amount of protection. For developers, it is a bit more work, but they should be providing signatures anyways. For those who already provide signatures, this would help ensure that people actually check them and it would simplify the installation guides. See, for instance, tails: https://tails.boum.org/install/expert/usb/ Thanks for considering this feature request! :) Neal
