[wp-meta] [Making WordPress.org] #7217: Plugin Directory: Auto remove zips for plugins closed more than 60 days with no activity
Making WordPress.org
noreply at wordpress.org
Tue Jun 18 00:29:07 UTC 2024
#7217: Plugin Directory: Auto remove zips for plugins closed more than 60 days
with no activity
------------------------------+---------------------
Reporter: Ipstenu | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by dd32):
It's been noted that the plugin reviewers (and probably the WordPress.org
security team too) would benefit from retaining access to the ZIPs.
That greatly complicates it, but the simplest way would probably be to
allow ''any'' authenticated user to access the ZIP, but decline non-auth'd
clients (Such as a WordPress install).
The plugin security team also needs to be able to use automated tooling to
test the plugins, which currently would be making an unauth'd request to
the ZIP, so this would likely require further changes to plugin
review/security tools first.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7217#comment:4>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list