[wp-hackers] Upgrade to 2.1.2

Elias Torres elias at torrez.us
Thu Mar 8 12:53:36 GMT 2007


Peter Westwood wrote:
> On Thu, March 8, 2007 8:24 am, Martin Sturm wrote:
>> 2007/3/2, Matt Mullenweg <m at mullenweg.com>:
>>> Joefish wrote:
>>>
>>> Hey the blog post is out:
>>>
>>> http://wordpress.org/development/2007/03/upgrade-212/
>>>
>>> Maybe it'll make a little more sense now.
>> Why isn't there a md5 sum posted for every build? That way, the
>> compromising of the download package could have detected earlier by
>> simply checking the md5's. Obviously, the md5 sums shouldn't be
>> located on the downloadlocation only, but also on the mailinglist.
>>
> 
> There are md5sums for all downloads here:
> http://wordpress.org/download/release-archive/
> 
> To be fair I think we need to go a step further now and have the releases
> signed by a special pgp key to provide something that a hacker should not
> be able to modify even with access to the server.
> 
> Afterall, if he has enough access to change the files then he can surely
> change the md5sum too.
> 
> westi

But 99.999% of the people downloading won't be verifying neither of
those security options: md5 or pgp, right?

-Elias


More information about the wp-hackers mailing list