The problem you're addressing (if any)
wget has a bad history of security vulnerabilities, and it relies on gnutls which also has a history of issues. curl, on the other hand, has never had a single vulnerability that affects unauthenticated HTTP and/or HTTPS downloads from ASCII domain names, as long as its protocols are limited to HTTP and HTTPS.
Describe the solution you'd like
We should replace the uses of wget in the builder with curl.
Where is the value to a user, and who might that user be?
All users will benefit from reduced attack surface in the builder.
Describe alternatives you've considered
None
Additional context
See CVE-2017-13089, CVE-2017-13090, and CVE-2019-5953.
The problem you're addressing (if any) wget has a bad history of security vulnerabilities, and it relies on gnutls which also has a history of issues. curl, on the other hand, has never had a single vulnerability that affects unauthenticated HTTP and/or HTTPS downloads from ASCII domain names, as long as its protocols are limited to HTTP and HTTPS.
Describe the solution you'd like We should replace the uses of wget in the builder with curl.
Where is the value to a user, and who might that user be? All users will benefit from reduced attack surface in the builder.
Describe alternatives you've considered None
Additional context See CVE-2017-13089, CVE-2017-13090, and CVE-2019-5953.
Relevant documentation you've consulted
Related, non-duplicate issues