[wp-trac] [WordPress Trac] #25052: Updates and downloads should be signed
noreply at wordpress.org
Wed Sep 11 17:32:56 UTC 2013
#25052: Updates and downloads should be signed
Reporter: samuelsidler | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.7
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
Comment (by bpetty):
Replying to [comment:7 dd32]:
> To be blunt, I don't think this is something that we'll be implementing
at present (user initiated signing), it's a lot of extra work for "minimal
Well, I don't think it's "minimal benefit", but I do agree that there's
huge problems in the architecture of how the plugins repository works that
make this impossible right now, and I certainly don't see those being
solved anytime in the next year or two. Sorry if I didn't make that clear
> Peoples credentials falling into a malicious user's hands is probably
not something that should be fixed through code either, instead, 2 factor
authentication (for svn, that'd likely require svn+ssh://) or email-
confirmation-of-releases would be more appropriate.
That's cool too (see #meta77), but there's nothing wrong with using both
(and again, they both still cover different attack vectors and uses).
> So in conclusion: I think #25007 ( optionally with #25252 ) is going to
provide us enough of a security boost for 3.7.
> I also think that we should still look into making a package signature
available for downloads somehow, even if we don't utilise them within
WordPress quite yet.
Yeah, I think this is good for now. To be clear, I think deciding on how
packages should be signed, and signing core packages are a great start.
I don't think that plugins or themes should be signed at all right now. It
wouldn't be fair to sign WP.org plugins and themes with a WP.org key that
would lock us into never allowing author-signed packages in the future
even if we could eventually, especially when as you pointed out, it won't
actually provide any benefit.
Ticket URL: <http://core.trac.wordpress.org/ticket/25052#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac