Support » Requests and Feedback » signed one-click upgrades?

  • viewshort


    A while ago, someone observed, on, “<i>If is hacked, again [], their one-click upgrade feature means instant ownage for all WordPress blogs everywhere.</i>”. Someone responded to that by saying this:

    Haven’t they ever heard of signed patches?

    Why can’t they make the one-click upgrade verify a GPG signature before performing the installation of the code contained in the upgrade file?

    My question is… why doesn’t WordPress do this? Here’s a class WordPress could use to do this:*checkout*/phpseclib/phpseclib/Crypt/RSA.php

    The wordpress devs sign with their private (encrypted) key – a key that could only be obtained through having their own personal computer hacked – and wordpress then verifies that the release was signed with the private key with Crypt_RSA. To make it even harder for an attacker to get the private key secret sharing could be employed.

  • The topic ‘signed one-click upgrades?’ is closed to new replies.