[wp-trac] [WordPress Trac] #25052: Updates and downloads should be signed
WordPress Trac
noreply at wordpress.org
Wed Sep 11 04:39:46 UTC 2013
#25052: Updates and downloads should be signed
-----------------------------+------------------
Reporter: samuelsidler | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.7
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion |
-----------------------------+------------------
Comment (by rmccue):
I agree with bpetty and dd32's assessment, but I'd like to note:
Replying to [comment:6 bpetty]:
> I've considered bundling another 3rd party library, namely
[http://phpseclib.sourceforge.net/ phpseclib], which provides a pure-PHP
X.509 and PKCS!#1 implementation (while being license and PHP version
requirements compatible), however, it really is a huge library, and I'm
also opposed to adding yet another custom maintained 3rd party library
that requires being stripped down, files renamed, and some minor code
changes like most of the other bundled libs - especially on a library
whose sole purpose is security and encryption.
dd32 has expressed interest in bundling the library to improve SSH/SFTP
support as part of integrating [http://wordpress.org/plugins/ssh-sftp-
updater-support/ the existing plugin] into core. Whether that happens is a
separate issue, but worth noting that it wouldn't just be for this
feature.
+1 for dot-org signatures now for core at least, plugins once the
architecture supports it. Having it means we can start to integrate it
into core as a separate issue.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25052#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list