Stuff we've discussed on IRC.
Posted by ats at 2007-03-03 19:01
"If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately."
Hardly a new class of attack -- I remember this happening to irssi a few years ago -- but...
Why don't software authors cryptographically sign their packages as a matter of course?
It takes about ten seconds, and means that users can verify that this sort of thing hasn't happened.