[wp-trac] [WordPress Trac] #46615: Updates: No package signature can cause updates to fail
WordPress Trac
noreply at wordpress.org
Wed Apr 3 03:56:54 UTC 2019
#46615: Updates: No package signature can cause updates to fail
-------------------------------------+---------------------
Reporter: pento | Owner: (none)
Type: defect (bug) | Status: new
Priority: high | Milestone: 5.2
Component: Upgrade/Install | Version: trunk
Severity: major | Resolution:
Keywords: needs-testing has-patch | Focuses:
-------------------------------------+---------------------
Comment (by dd32):
[attachment:"46615.3.diff"] is a rethinking of
[attachment:"46615.2-2.diff"]
- `download_url()` and `WP_Upgrader::download_package()` will not attempt
signature verification when the old syntax is used
- 3rd party clients would then be unaffected by this change, even if they
request a signed location
- Other code written to use either of those functions, and accessing
WordPress.org URLs would need to update to enable checking of signatures
- When the Softfail is removed, we can either deprecate the new
parameter, or flip it to checking by default
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46615#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list