[wp-trac] [WordPress Trac] #18577: Updates and downloads should be delivered securely
WordPress Trac
noreply at wordpress.org
Wed Aug 28 20:44:53 UTC 2013
#18577: Updates and downloads should be delivered securely
-----------------------------+------------------
Reporter: wplid | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 3.7
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------
Comment (by bpetty):
Replying to [comment:26 tieptoep]:
> I'm not that technically inclined, but it would seem to me that fallback
to HTTP would be far more desirable than forcing manual upgrades on users
who have even less technical knowledge than me.
As @dd32 mentioned, these defeats the entire purpose of using SSL
transport at all. Worst case scenario, it would only allow non-SSL if
upgrading manually with appropriate warnings and confirmation. If it used
fallback non-SSL automatically, there's just no point in even using SSL at
all, and we'd just scrap this ticket entirely, and stick to package
signing only.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18577#comment:29>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list