> Creating an open registry would be nice, or even for developers to be able to ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sangnoir on Oct 14, 2024 \| parent \| context \| favorite \| on: ACF Plugin no longer available on WordPress.org > Creating an open registry would be nice, or even for developers to be able to host their own repos for others to install plugins from (à la Linux package managers), to avoid such centralisation. The security trade offs for this would not be worth it, IMO, considering WPs auto-updating features.

ChocolateGod on Oct 14, 2024 [–]

One could create a registry that uses PSK similar to mobile applications so a install only auto accepts an updated package if it's signed by the author.

Would prevent the issue above.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact