Comment 0 for bug 1172101

In every currently supported Ubuntu version of wget, the wget-udeb installs its binary executable to /usr/bin/wget.gnu.

This is presumably done in order to not break any setups that depend on busybox's wget implementation.

However, since the primary reason wget-udeb exists in Ubuntu (wget-udeb is not built in Debian afaik) is because of the lack of SSL support in d-i and busybox-wget, it seems logical (to me) that it should overwrite the busybox wget symlink. You're choosing to opt-in to GNU wget, so you're already rebuilding d-i/debian-cd and therefore know you're somewhat on your own.

Unless there is a common use case I'm not considering where you want SSL support for something else, but somehow depend on the busybox implementation of wget for all things apt.

What I expect to happen:
1) modify d-i source to include wget-udeb
2) rebuild d-i and point my sources to HTTPS repositories
3) install Ubuntu without fear of the traffic being snooped in transit

What happens instead:
1) modify d-i source to include wget-udeb
2) rebuild d-i and point sources to HTTPS repositories
3) install fails because d-i calls /usr/bin/wget which points to busybox (which has no SSL support)

Thanks for your time!

Please note: this suggestion is not intended to securely authenticate the repository; that's absolutely another issue. This is simply to address potential snooping of traffic in transit.