[wp-meta] [Making WordPress.org] #5352: Plugin Security - Add email confirmation prior to releases being processed
Making WordPress.org
noreply at wordpress.org
Wed Aug 5 08:46:50 UTC 2020
#5352: Plugin Security - Add email confirmation prior to releases being processed
------------------------------+---------------------
Reporter: dd32 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by dd32):
> similar confirmation cycle for any changes to existing tagged versions?
That'd be point 3:
> 3. Changes to tags after the release is made will be forbidden (or at
least ignored), that's so a malicious tag change is ignored. Yes, I know
about Tested Up To we'll figure something out.
Changes to tagged versions has a few other problems for WordPress.org
already, so any chance to block those is a chance I'd take.. Having
multiple "versions" of a plugin released under one version number is just
confusing for security tools.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5352#comment:2>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list