[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Wed Oct 23 02:01:33 UTC 2019
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------------
Reporter: paragoninitiativeenterprises | Owner: pento
Type: task (blessed) | Status: reopened
Priority: normal | Milestone: Future Release
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------------
Comment (by mbaynton):
> Ideally, there would be package signing libraries that would handle a
lot of the process around this, particularly with regards to key expiry
dates, forcing early expiration, and trusting key chains. (Is anyone aware
of such a library we could use?
Drupal is building site-side code and infrastructure side tooling around
https://github.com/drupal/php-signify, which is what we've come up with to
address some of those concerns. It's worth a mention here. In general I
think it'd be great if we had lots of communication and collaboration
around these issues.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:102>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list