id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
18577	Updates and downloads should be signed or delivered securely	wplid		"All channels for downloading Wordpress installations and plugins (e.g. from downloads.wordpress.org) should either be signed or delivered securely (e.g. via SSL) to mitigate man-in-the-middle attacks. Such attacks can lead to arbitrary code execution.

It appears that currently, downloads and automatic updates are neither signed nor delivered securely."	enhancement	new	normal	Awaiting Review	Upgrade/Install		normal		2nd-opinion	johnbillion@…