F40 Change Proposal: wget2 as Wget

ngompa · November 20, 2023, 12:26pm

Wget2 as wget

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Wiki
Announced

Summary

Replace wget with wget2 (a modern implementation of wget intended to replace wget 1.x) as the provider of wget.

Owner

Name: Neal Gompa, Michal Ruprich
Email: ngompa13@gmail.com, mruprich@redhat.com

Detailed Description

GNU Wget2 is the successor to GNU Wget providing a modern implementation of wget backed by a new library: libwget2. The intent to switch from wget 1.x to wget2 is to switch to an implementation that is more actively developed and provides a richer interface for leveraging wget’s functionality.

Feedback

Benefit to Fedora

The major benefit of switching to wget2 is leveraging the cleaner codebase that leverages modern practices for development and maintainability, including unit tests and fuzzing as a security-sensitive component. Users will also see better support for newer protocols over time as they are more easily and quickly plumbed into wget2 than wget.

Scope

Proposal owners: Add a wget2-wget subpackage that replaces wget and ensure things don’t break during mass build. Then retire wget.
Other developers: N/A
Release engineering: #11790
Policies and guidelines: N/A (not needed for this Change)
Trademark approval: N/A (not needed for this Change)
Alignment with Community Initiatives: N/A (not needed for this Change)

Upgrade/compatibility impact

When upgrading to Fedora Linux 40, systems with wget installed will be switched to wget2 via the wget2-wget package. The change should be mostly transparent to users.

How To Test

Users can test wget2 now by installing the package and using the wget2 command. The interface will be the interface users have with wget on upgrade.

User Experience

This change should be largely transparent to users. Some of the more esoteric options and behaviors may have changed, but the commonly used ones mostly work as they did in 1.x.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

Contingency mechanism: Change owners will disable wget2-wget subpackage and restore wget
Contingency deadline: Final Freeze
Blocks release? No

Documentation

The main documentation for wget2 is wget2(1) man page. There is also online documentation of the libwget2 library.

N/A (not a System Wide Change)

Release Notes

The wget command is now based on GNU Wget2, a modern implementation of GNU Wget.

amoloney · December 4, 2023, 6:57pm

This change proposal has now been submitted to FESCo with ticket #3118 for voting.

To find out more, please visit our Changes Policy documentation.

mattdm · December 4, 2023, 8:02pm

Is this an official successor? It seems like the main maintainers are the same… why is it a separate package?

I am a little bit concerned about security implications, as wget and curl have tended to be… hot-spots. Unless my search is simply confounded by the name format, I don’t see any CVEs ever recorded against wget2. Since the first public release was in 2014, and an “alpha” release (for 2.0, presumably?) in 2018, it seems like … something would have been found?

Some of the more esoteric options and behaviors may have changed, but the commonly used ones mostly work as they did in 1.x.

Can you elaborate on this? “May have changed” seems a bit concerning.

ngompa · December 4, 2023, 8:11pm

This was updated in the Change document, but for your benefit:

Except for WARC and FTP, Wget2 is a drop-in replacement for Wget in most cases. See upstream info: Different behavior of Wget2 and Differing CLI options Wget/Wget2, and TODO.

aman9das · December 12, 2023, 9:58pm

I have faced trouble filtering files to be downloaded using wget2 where wget did not face issues. Same command on both. It would be quality of life regression.

Specifically

wget -m -np -c -e robots=off -A "*USA*" https://myrient.erista.me/files/No-Intro/Atari%20-%202600/

Failed to work in wget2

ngompa · December 12, 2023, 10:07pm

Could you please file an issue on the upstream issue tracker?

frigo · May 13, 2024, 8:21am

this change is discouraged by upstream maintainers, see Fedora 40 ships Wget2 as Wget (#661) · Issues · Wget / wget2 · GitLab

it is just not ready. Upstream was NOT asked for its opinion on this matter. If we had been asked about this, we’d have stated our concerns and said that it’s a bad idea.

security implications are a real concern (see list of tickets upstream).

Can this change be reverted?

mattdm · February 3, 2025, 10:59am

A post was split to a new topic: Wget2 change breaks compatibility and should be reverted

Topic		Replies	Views
Wget2 change breaks compatibility and should be reverted Project Discussion engineering	6	182	February 3, 2025
F41 Change Proposal: LXQt 2.0 (self-contained) Change Proposals fesco , f41	6	339	August 12, 2024
F42 Change Proposal: ZlibNG-2.2 (System-Wide) Change Proposals fesco , f42	2	133	October 17, 2024
Wget versus wget2 \| how to fix old scripts Ask Fedora wget	4	331	February 3, 2025
F42 Change Proposal: LXQt 2.1 (self-contained) Change Proposals fesco , lxqt , f42	10	519	December 16, 2024