id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
18577,Updates and downloads should be signed or delivered securely,wplid,,"All channels for downloading Wordpress installations and plugins (e.g. from downloads.wordpress.org) should either be signed or delivered securely (e.g. via SSL) to mitigate man-in-the-middle attacks. Such attacks can lead to arbitrary code execution.

It appears that currently, downloads and automatic updates are neither signed nor delivered securely.",enhancement,new,normal,Awaiting Review,Upgrade/Install,,normal,,2nd-opinion,johnbillion@…