[wp-meta] [Making WordPress.org] #5744: For plugins using release confirmation, email confirmation is not required to add/remove committers.
Making WordPress.org
noreply at wordpress.org
Sun May 25 08:29:55 UTC 2025
#5744: For plugins using release confirmation, email confirmation is not required
to add/remove committers.
------------------------------+---------------------
Reporter: wfmatt | Owner: (none)
Type: feature request | Status: new
Priority: highest omg bbq | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by dilip2615):
Replying to [ticket:5744 wfmatt]:
> I agree with the concerns raised in this ticket and recommend
implementing mandatory multi-sign-off for all plugin releases to reduce
the risk of unauthorized commits. Additionally, changes to committers and
email addresses should require verification via email. Introducing a cool-
down period for new committers before allowing release approvals is also a
strong safeguard. These steps will significantly enhance the security and
trustworthiness of the plugin release process.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5744#comment:3>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list