[wp-testers] Re: 2.2 Tagged

Alex Günsche ag.ml2007 at zirona.com
Tue May 15 23:38:31 GMT 2007


On Tue, 2007-05-15 at 19:14 -0400, Brian Layman wrote:
> For script that pull off of http://wordpress.org/latest.tar.gz could we
> have one more dynamic link and have
> http://wordpress.org/latest.md5 always pull the current md5 file?

How about
http://wordpress.org/latest.tar.gz.md5
http://wordpress.org/latest.zip.md5

and

http://wordpress.org/wordpress-<version>.tar.gz.md5
http://wordpress.org/wordpress-<version>.zip.md5

Really, it would be cool to have md5 sums for the zips, too. For
example, the InstantUpgrade uses zip (I don't know of a tar.gz unpacker
written in PHP), and checksums would definitively improve security.

Maybe one could even think about GPG signing the checksums, which would
result in a file like 

http://wordpress.org/latest.tar.gz.md5.asc

This could be very useful next time somebody hacks the WP download
server. ;)


Best,
Alex

-- 
Alex Günsche, Zirona OpenSource-Consulting
http://www.zirona.com/ | Hilfe für das HQ AC: http://www.prohq.de
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc



More information about the wp-testers mailing list