[Yum-devel] Encrypted / authenticated access to a yum repository?
Mike Wilson
mikew at tonecommander.com
Thu Mar 4 21:11:36 UTC 2010
Hello!
I work for a company which is preparing to distribute rpm's through yum.
We are interested in protecting our rpm's, and also distributing (freely)
3rd party open source packages as well. We are looking for a way to protect
these packages, such that only paying (licensed) customers have access to
these protected packages. Our customer base is small, the products are high
end (expensive).
Possibilities that I see:
1.) Authenticate user's access to the database. Suseptible to
eavesdropping.
2.) Encrypt the (protected) rpm payloads (contents).
3.) Use a protected (encrypted and authenticated) channel for accessing
the repository.
Of course, we would rather not re-invent the wheel. I am quite naive,
having just been introduced to rpm creation this week. I have used yum
extensively for the last 3 weeks :)
Could we provide access through some type of SSH (with authentication)
communication?
Does yum lend itself (with possible modification, i.e. an add-on) to
such a scheme? If that seems within reach, please give me pointers on how to
accomplish that. ( I am an experienced software developer, just not in
package management.)
Do you know a better way? I don't know what I don't know...
Your time is greatly appreciated.
Mike
More information about the Yum-devel
mailing list