-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello all,
The GNU Project has appointed me as the new maintainer for wget, to fill the shoes that Mauro Tortonesi is leaving. I am very excited to be able to take part in the development of such a terrific and useful tool. I've certainly found it very helpful on many occasions. Obviously, being previously uninvolved with the wget development community (newcomer), I'm unknown to you; but it is my hope that we can quickly become comfortable with each other, so our cooperation on wget can go as smoothly as possible. I realize that, as my experience with wget's internals is inferior to that of many of you with whom I'll be working, I will need to earn your respect before you can be comfortable with my making decisions regarding the direction this project takes. I have had the opportunity to go over most of the wget source code, and the last couple of years' worth of mailing list archives. This has given me a fairly good sense of where the project is, and where it could be going. I already have some ideas of some of the things I would like to see happen; many of them are already in the current TODO file. I've also assigned rough priorities (my own) to things I've seen in the TODO file, or bugs that have been reported on-list. Ideally, I'd like to start using a bug tracker to handle these; reading from the list, I know that this was Mauro's desire as well. Has consideration been given to using Savannah for this purpose? Being that we seem to be very close to a release, I do not want to make a bunch of sudden changes, either to current processes or to the current plans for the imminent release. However, there are a couple of small items that I feel should absolutely be resolved before 1.11 is released officially: - Wget should not be attempting basic authentication before it receives a challenge (which could be digest or what have you). This is a security issue. - There was a report to the mailing list that user:pass information was being sent in the Referer header. I didn't see any further activity on that thread, and haven't yet had the opportunity to confirm this; it may be an old, fixed issue. However, if it's true, I would consider this to be a show-stopper. I expect that both of these issues would require very small effort to resolve. Also, GNU maintainers have been asked to move all packages to version 3 of the GPL, which will be released on Friday the 29th. Ideally, maintainers have been asked to coincide releases with the license updates with the release of GPLv3; I don't think this is feasible in our case. Barring that, we have been asked to get such a release out by end-of-July. I'm not certain whether 1.11 will be ready in time; in that case, we could probably issue a 1.10.3 with only the licensing change. Speaking of licensing changes, I don't see a specific exemption clause for linking wget with OpenSSL, which AIUI is licensed under a GPL-incompatible license. Perhaps now would be a good time to specifically allow linking with OpenSSL? Mauro, I'd appreciate it if you'd get in touch with me as soon as possible; I've been trying to contact you, but fear that perhaps I'm falling into your spam bucket. Please ensure that you can receive messages from this address (which are frequently sent from unrelated domains, such as sbcglobal.net), and send me a note; there are a number of administrative and project details that I need clarified. - -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer... http://micah.cowan.name/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgXgf7M8hyUobTrERCAmlAJ9RWAP0VCUv6oThKUNDiTlLMKOd4wCgkqJk yqOyWy0QDIAg8An/9br44M4= =3XhO -----END PGP SIGNATURE-----