I just realized that with distributed WordPress packages and signing, all vendor code must be isolated to avoid one trusted vendor from publishing an update with another vendor's package content which would overwrite it.
On January 15, 2025 at 14:48
I just realized that with distributed WordPress packages and signing, all vendor code must be isolated to avoid one trusted vendor from publishing an update with another vendor's package content which would overwrite it.