[wp-hackers] Upgrade to 2.1.2
Peter Westwood
peter.westwood at ftwr.co.uk
Thu Mar 8 09:13:02 GMT 2007
On Thu, March 8, 2007 8:24 am, Martin Sturm wrote:
> 2007/3/2, Matt Mullenweg <m at mullenweg.com>:
>> Joefish wrote:
>>
>> Hey the blog post is out:
>>
>> http://wordpress.org/development/2007/03/upgrade-212/
>>
>> Maybe it'll make a little more sense now.
>
> Why isn't there a md5 sum posted for every build? That way, the
> compromising of the download package could have detected earlier by
> simply checking the md5's. Obviously, the md5 sums shouldn't be
> located on the downloadlocation only, but also on the mailinglist.
>
There are md5sums for all downloads here:
http://wordpress.org/download/release-archive/
To be fair I think we need to go a step further now and have the releases
signed by a special pgp key to provide something that a hacker should not
be able to modify even with access to the server.
Afterall, if he has enough access to change the files then he can surely
change the md5sum too.
westi
--
Peter Westwood <peter.westwood at ftwr.co.uk>
http://blog.ftwr.co.uk
More information about the wp-hackers
mailing list