[wp-trac] [WordPress Trac] #18577: Updates and downloads should be signed or delivered securely
WordPress Trac
noreply at wordpress.org
Wed Aug 7 15:52:24 UTC 2013
#18577: Updates and downloads should be signed or delivered securely
-----------------------------+------------------------------
Reporter: wplid | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------------------
Comment (by bpetty):
Both Bluehost and !DreamHost have been working on setting up a caching
layer in front of downloads.wordpress.org in their respective datacenters
for the purpose of not effectively sending a denial of service when
automatic updates are enabled (or just when major releases are pushed out
for core, plugins, or themes).
If you take the approach of using SSL transport for verification, those
caching layers will no longer work, and we'll be back to denial of service
against downloads.wordpress.org.
So, for what it's worth, I would advise leaning more towards package
signing.
Besides that though, requiring SSL verification against WordPress.org
still doesn't actually provide protection against hijacked WP.org accounts
pushing back doors into releases. I've seen this attack used on occasion
against popular plugin developers using weak passwords.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list