[Yum-devel] enable yum to pass http data to repository
David Lutterkort
dlutter at redhat.com
Sun Nov 20 01:17:20 UTC 2005
On Sat, 2005-11-19 at 09:34 -0500, Bryan Mills wrote:
> Scott Russell wrote:
>
> > Gotta chime in here and say that I would love to see userid and
> > password config options for yum repos. That said, the above while it
> > works is less than ideal. The idea of storing a password in the yum
> > config file isn't the best practice.
> >
> I tend to agree. I'll brainstorm a bit.
I wouldn't sweat this issue too much; either way, you will wind up
sending the user/password in cleartext across the wire, where it is
trivial to sniff. In my mind, making the yum config file readable by
root only is as secure as it will get with the authentication schemes
discussed, be they basic HTTP auth or auth through request parameters.
To make this truly secure, we would have to support at least HTTP digest
authentication or https with client certificates.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.baseurl.org/pipermail/yum-devel/attachments/20051119/15eaf7f8/attachment.pgp
More information about the Yum-devel
mailing list