#54495 closed defect (bug) (duplicate)
The authenticity could not be verified as no signature was found when downloading WordPress 5.8.2
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 5.2 |
| Component: | Upgrade/Install | Keywords: | |
| Focuses: | Cc: |
Description
When installing 5.8.2 using the button on the update-core.php page, I got this message:
The authenticity of wordpress-5.8.2-no-content.zip could not be verified as no signature was found.
I tried using a different server and I got this message:
The authenticity of wordpress-5.8.2-partial-1.zip could not be verified as no signature was found.
Change History (5)
#2
@
3 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Version set to 5.2
Hi @henrywright,
This is actually intended behavior. [44954] added an experimental way to cryptographically sign WordPress updates as an extra level of security when updating plugins and themes. Because this was an experiment, signature verification was introduced as a "soft" requirement.
Because this has not been finalized, a signature is currently not returned, and that's the reason for the messages you are seeing.
You can read more about this in the tickets linked below, and the related developer note that was published when this change was originally made.
#3
@
3 years ago
Thanks for the explanation @desrosj. If a signature header isn't returned in the response and a signature file isn't made available then there's obviously no way to verify.
Should the "The authenticity of wordpress-5.8.2-no-content.zip could not be verified as no signature was found." message be removed? Not all developers would have read the developer note and in such cases the message could cause confusion
The install process was successful in both cases I should add.