Hello Eduard, On Tue 04 Jun 2019 at 08:30AM +02, Eduard Bloch wrote: > Sure you do, guess what " URL transformed to HTTPS due to an HSTS policy" is supposed to mean. > > > --no-hsts > Wget supports HSTS (HTTP Strict Transport Security, RFC 6797) by default. Use --no-hsts to make Wget act as a non-HSTS-compliant UA. As a consequence, Wget would > ignore all the "Strict-Transport-Security" headers, and would not enforce any existing HSTS policy. So are you saying you think the bug is in debootstrap, i.e., debootstrap should start passing --no-hsts to wget? -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature