Make WordPress Core

Opened 3 years ago

Last modified 13 days ago

#47315 new defect (bug)

Download authenticity message has no actionability

Reported by: jipmoors Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 5.2
Component: Upgrade/Install Keywords: needs-patch needs-copy-review
Focuses: ui, accessibility, administration, ui-copy Cc:



While testing some upgrades of themes I noticed the following message:

The authenticity of twentynineteen.1.4.zip could not be verified as no signature was found.

As a user I have no idea what this means and more importantly, what I can do about it.

Proposed solution

Add more context about what it means, why it is a not a blocker (soft-fail) when this is the case.
This could be a page on WordPress.org or explained in-line.

Provide a context on where this should be solved, locally/server/WordPress.org


I would have expected the theme update to be verified as it is downloaded from WordPress.org directly.

Change History (11)

This ticket was mentioned in Slack in #accessibility by afercia. View the logs.

2 years ago

#3 @karmatosed
2 years ago

  • Keywords needs-design-feedback added

#4 @afercia
2 years ago

  • Keywords needs-copy-review added; needs-design-feedback removed
  • Milestone changed from Awaiting Review to Future Release

Discussed during today's accessibility bug-scrub. Pinging @pento as the Upgrade/Install component maintainer.

Also relevant:

Copy could be improved here. The part The authenticity of twentynineteen.1.4.zip could not be verified is already a bit hard to get for non-tech-savvy users. Then, when it comes to signature, it's probably a bit too much technical :)

Pinging also @marybao

Version 0, edited 2 years ago by afercia (next)

#5 @Hareesh Pillai
2 years ago

  • Focuses ui-copy added

#6 @SergeyBiryukov
14 months ago

#51428 was marked as a duplicate.

#7 @SergeyBiryukov
14 months ago

#47343 was marked as a duplicate.

#8 @SergeyBiryukov
13 months ago

#51672 was marked as a duplicate.

#9 @bridgetwillard
9 months ago

Happy to write copy, y'all. I'll need a bit more information.

What does it mean that the file wasn't verified?
What is the signature?
What is the solution?


#10 @s0what
8 months ago

Is this fixed now? Because I got this message when upgrading to 5.7
If this is not fixed, please remove the message!

#11 @SergeyBiryukov
13 days ago

#54495 was marked as a duplicate.

Note: See TracTickets for help on using tickets.