[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Wed Feb 14 18:22:46 UTC 2018
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
Reporter: paragoninitiativeenterprises | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------
Comment (by mbabker):
👋
As @paragoninitiativeenterprises pointed out, we in Joomla did review the
sodium_compat library to integrate it into our cryptography toolchain (and
to a lesser degree the sodium API's password hashing capabilities as it
relates to future Argon2i support), and even unaudited we are comfortable
including and distributing the library in Joomla in part given Scott's
expertise in these matters and IMO an inherent trust he and his work have
built over the last few years.
Regarding the lack of an audit or the funding to do so, unfortunately last
budget cycle I could get get a line item approved to help raise the
funding needed coming from Open Source Matters, Inc. (Joomla's not-for-
profit), but those of us involved in steering the project's development
are willing to contribute to making this happen and if there is a real
effort to raise funds please ping me and I will do what I need to in order
to allocate funding on behalf of Joomla and Open Source Matters.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:38>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list