[wp-trac] [WordPress Trac] #18577: Updates and downloads should be signed or delivered securely
WordPress Trac
noreply at wordpress.org
Wed Aug 7 21:06:24 UTC 2013
#18577: Updates and downloads should be signed or delivered securely
-----------------------------+------------------------------
Reporter: wplid | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------------------
Comment (by rmccue):
Replying to [comment:13 samuelsidler]:
> Why not both? If an install has working SSL, we can do everything over
SSL, including sending signed packages. If they don't, we can send signed
packages over the clear.
Agreed, the reality is that SSL is something we have to layer on top that
gives us additional security, but not something we can rely on.
I'm happy to work on a proof-of-concept for the WP side if we're happy
with this style of signing.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list