[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Fri Sep 28 17:57:22 UTC 2018
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------------
Reporter: paragoninitiativeenterprises | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone: Future Release
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------------
Comment (by FPCSJames):
I'm just going to chime in here to say that I find it absurd that the core
team isn't giving this the attention that it deserves. With the massive
popularity of WP.org, a compromise of the core infrastructure without this
patch in place could have devastating results.
@paragoninitiativeenterprises has delivered this on a silver platter,
ensuring its compatibility with even the oldest, slowest, most absolutely
pathetic systems on which a copy of WordPress could conceivably run. As
@ericmann rightly [[ticket:39309#comment:35|pointed out]], sodium_compat
is widely used among some of the top packages in the PHP ecosystem. Much
as an audit would be nice to have, perfect is the mortal enemy of good
here (as noted in [[ticket:39309#comment:41|comment 41]] about another
issue). We should not let the lack of one get in the way.
@paragoninitiativeenterprises put in a significant amount of work here,
expecting nothing in return except that work actually being used for the
good of WP and the Web as a whole. He's made it clear in deed and word
([[ticket:39309#comment:41|comment 41]] again) that he will do whatever it
takes from his side to make this as easy as possible for the WP team to
implement. As a client-serving WP developer myself, it frustrates me to no
end to see this continue to be stonewalled.
Folks, you can do better.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:44>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list