This talk will cover a brief history of package management in WordPress, why centralized distribution was necessary, and why it’s time to decentralize now to address risk management for the supply chain needed for enterprise WordPress to continue growing. I’ll consider some security risks inherent in a federated repository model and some of the available mitigation strategies.
Lastly, I’ll provide an overview from inside of the approach being taken by AspirePress and FAIR to provide the community with decentralized, secure, and robust package management for WordPress, including some specific advantages for the enterprise, for the ecosystem, and for end users.