[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Fri Aug 16 01:42:30 UTC 2019
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------------
Reporter: paragoninitiativeenterprises | Owner: pento
Type: task (blessed) | Status: reopened
Priority: normal | Milestone: Future Release
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------------
Changes (by pento):
* status: closed => reopened
* resolution: fixed =>
* milestone: 5.2 => Future Release
Comment:
Thank you for your patience on this, @paragoninitiativeenterprises. Given
that our current options are fairly daunting, @tellyworth just published
[https://make.wordpress.org/core/2019/08/16/ssl-for-auto-updates/ a
proposal on make/core for a way forward] on this. I'd appreciate your
feedback on the proposal as an interim step towards a complete
implementation of package signing.
I do want to reiterate that I want to see package signing come to
fruition, so rolling back the current implementation is primarily about
clearing the way to ensure it's done properly, rather than trying to rush
a half-baked solution.
I think our next step is to see how Gossamer could work. Given that
there's no longer a time pressure, it's reasonable for you to be able to
finish your formal proof and submit it for peer review before we look at
implementation.
How does this plan sound to you?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:97>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list