[Yum-devel] Encrypted / authenticated access to a yum repository?

James Antill james at fedoraproject.org
Thu Mar 4 22:28:55 UTC 2010


On Thu, 2010-03-04 at 13:11 -0800, Mike Wilson wrote:
> Hello!
> 
>     I work for a company which is preparing to distribute rpm's through yum. 
> We are interested in protecting our rpm's, and also distributing (freely) 
> 3rd party open source packages as well. We are looking for a way to protect 
> these packages, such that only paying (licensed) customers have access to 
> these protected packages. Our customer base is small, the products are high 
> end (expensive).
> 
> Possibilities that I see:
>     1.) Authenticate user's access to the database. Suseptible to 
> eavesdropping.

 Use https and it can't be eavesdropped on.
 Alternatively require one of the versions of yum with sslclientcert
support (latest RHEL-5 and upstream/Fedora), which also should be fine
from eavesdripping without https.

>     2.) Encrypt the (protected) rpm payloads (contents).

 If you want to do this, I don't think you want to use rpms+yum.

-- 
James Antill - james at fedoraproject.org
http://yum.baseurl.org/wiki/releases
http://yum.baseurl.org/wiki/whatsnew/3.2.27
http://yum.baseurl.org/wiki/YumMultipleMachineCaching


More information about the Yum-devel mailing list