[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks

WordPress Trac noreply at wordpress.org
Wed Oct 23 02:01:33 UTC 2019


#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------------
 Reporter:  paragoninitiativeenterprises  |       Owner:  pento
     Type:  task (blessed)                |      Status:  reopened
 Priority:  normal                        |   Milestone:  Future Release
Component:  Upgrade/Install               |     Version:  4.8
 Severity:  critical                      |  Resolution:
 Keywords:  has-patch                     |     Focuses:
------------------------------------------+-----------------------------

Comment (by mbaynton):

 > Ideally, there would be package signing libraries that would handle a
 lot of the process around this, particularly with regards to key expiry
 dates, forcing early expiration, and trusting key chains. (Is anyone aware
 of such a library we could use?

 Drupal is building site-side code and infrastructure side tooling around
 https://github.com/drupal/php-signify, which is what we've come up with to
 address some of those concerns. It's worth a mention here. In general I
 think it'd be great if we had lots of communication and collaboration
 around these issues.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:102>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list