[wp-trac] [WordPress Trac] #25052: Updates and downloads should be signed

WordPress Trac noreply at wordpress.org
Tue Sep 10 20:45:17 UTC 2013

#25052: Updates and downloads should be signed
 Reporter:  samuelsidler     |       Owner:
     Type:  enhancement      |      Status:  new
 Priority:  normal           |   Milestone:  3.7
Component:  Upgrade/Install  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  2nd-opinion      |

Comment (by samuelsidler):

 Replying to [comment:4 dd32]:
 > With that in mind, Any package signing may not bring anything extra to
 the table.

 I was under the impression that package signing would be done to account
 for installs that fall back to HTTP when SSL is broken on their servers.
 I'm not sure if that's even possible however – if SSL is broken, verifying
 a package likely wouldn't work either.

Ticket URL: <http://core.trac.wordpress.org/ticket/25052#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list