Bug#885455: live-boot: Please drop wget from initrd (busybox provides wget)

[Raphael Hertzog <hertzog@debian.org>]

Control: tag -1 + pending

On Fri, 23 Feb 2018, Kristian Klausen wrote:
> Busybox version of wget does not check the certificate at all, which defeat the purpose of https.
> Tested with (on testing): busybox wget 'https://untrusted-root.badssl.com/' and busybox wget 'https://expired.badssl.com/'

At the same time, ca-certificates is not embedded in the initrd either so
certificates could not be checked. And the purpose of https is two-fold:
privacy due to encryption (we have that), and authentication with
certificates (we don't have that).

I don't even know where live-boot is using URL and what for. But I have
committed the patch.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/