Currently Joomla! Updates are not secured by cryptographic signatures. Signing updates would ensure the legitimacy of the updates. We plan to implement “The Update Framework” (TUF), a framework designed to deliver signed updates for all kinds of software. Integrating it into Joomla will make sure that no contaminated version of the CMS and its extensions are installed.
The goal of the project is to create a PoC for a Joomla!-implementation of TUF which also can be adapted by other Open Source Software.
This includes to feed back fixed issues and finished features for TUF.
Everyone who is interested in looking beyond the horizon and working with a community driven CMS. If you have some experience with PHP, working with a framework, are interested in security or always wanted to know how secure updates should work, you’re very welcome to join this project.