[wp-trac] [WordPress Trac] #18577: Updates and downloads should be signed or delivered securely

WordPress Trac noreply at wordpress.org
Wed Aug 7 21:06:24 UTC 2013


#18577: Updates and downloads should be signed or delivered securely
-----------------------------+------------------------------
 Reporter:  wplid            |       Owner:
     Type:  enhancement      |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  2nd-opinion      |
-----------------------------+------------------------------

Comment (by rmccue):

 Replying to [comment:13 samuelsidler]:
 > Why not both? If an install has working SSL, we can do everything over
 SSL, including sending signed packages. If they don't, we can send signed
 packages over the clear.

 Agreed, the reality is that SSL is something we have to layer on top that
 gives us additional security, but not something we can rely on.

 I'm happy to work on a proof-of-concept for the WP side if we're happy
 with this style of signing.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list