[Yum-devel] Encrypted / authenticated access to a yum repository?
James Antill
james at fedoraproject.org
Thu Mar 4 22:28:55 UTC 2010
On Thu, 2010-03-04 at 13:11 -0800, Mike Wilson wrote:
> Hello!
>
> I work for a company which is preparing to distribute rpm's through yum.
> We are interested in protecting our rpm's, and also distributing (freely)
> 3rd party open source packages as well. We are looking for a way to protect
> these packages, such that only paying (licensed) customers have access to
> these protected packages. Our customer base is small, the products are high
> end (expensive).
>
> Possibilities that I see:
> 1.) Authenticate user's access to the database. Suseptible to
> eavesdropping.
Use https and it can't be eavesdropped on.
Alternatively require one of the versions of yum with sslclientcert
support (latest RHEL-5 and upstream/Fedora), which also should be fine
from eavesdripping without https.
> 2.) Encrypt the (protected) rpm payloads (contents).
If you want to do this, I don't think you want to use rpms+yum.
--
James Antill - james at fedoraproject.org
http://yum.baseurl.org/wiki/releases
http://yum.baseurl.org/wiki/whatsnew/3.2.27
http://yum.baseurl.org/wiki/YumMultipleMachineCaching
More information about the Yum-devel
mailing list