---
date: 2025-01-14T18:39:03+00:00
modified: 2025-01-14T18:39:03+00:00
permalink: https://kaspars.net/note/mastodon-social-113828635854266178
post_type: note
author:
  name: Kaspars
  avatar: https://reverse.kaspars.net/gravatar/avatar/92bfcd3a8c3a21a033a6484d32c25a40b113ec6891f674336081513d5c98ef76?s=96&d=mm&r=g
---

# On January 14, 2025 at 20:39

3\. For the first install of any plugin or theme, users would need to explicitly specify the trusted key for the vendor. Each download page would prominently display the public key for users to specify.

4\. Key rotation could be automated via custom HTTP headers with signed payloads. A single valid public key would ensure that revoked or invalid keys stop working immediately.