[wp-trac] [WordPress Trac] #18577: Updates and downloads should be signed or delivered securely
WordPress Trac
noreply at wordpress.org
Wed Aug 7 21:03:12 UTC 2013
#18577: Updates and downloads should be signed or delivered securely
-----------------------------+------------------------------
Reporter: wplid | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------------------
Comment (by samuelsidler):
Replying to [comment:12 bpetty]:
> If you take the approach of using SSL transport for verification, those
caching layers will no longer work, and we'll be back to denial of service
against downloads.wordpress.org.
downloads.wordpress.org should be able to handle that traffic and if it
can't, that's an additional problem that should be fixed.
> So, for what it's worth, I would advise leaning more towards package
signing.
Why not both? If an install has working SSL, we can do everything over
SSL, including sending signed packages. If they don't, we can send signed
packages over the clear.
> Besides that though, requiring SSL verification against WordPress.org
still doesn't actually provide protection against hijacked WP.org accounts
pushing back doors into releases. I've seen this attack used on occasion
against popular plugin developers using weak passwords.
That's another problem that needs to be addressed, but is separate from
this ticket.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list