My biggest concern over having company specific repos is that you set up a box with a open port that updates all your other boxes. And you have no encryption through YUM. If the FTP server is misconfigured in anyway, you have a serious security problem. If the YUM box is at all accessible outside of the company, then anyone can possibly modify your RPMs. When you go and update, all your boxes now have the modified RPMs installed, which can create a company wide security problem. My biggest security fear now is a distributed denial of service via "spyware". Imagine if someone were to modify the spyware distributed on Yahoo! to do an immediate denial of service attack on a target. If you can imagine the large number of folks that hit Yahoo! every hour, that would bring down the target quickly. If the spyware was created with a good polymorphing ability, then you couldn't locate it through pattern searching. Brian > I'm gonna jump in here - and I might be way off > target (missed beginning > of thread) but I can see a need for > username/password authentication > with yum ... > > example case ... > > A company ships a linux distribution and wants to > make updates available > (through yum) only to those users who have paid for > ongoing support. The > yum server has a list of all 'valid' users. The yum > client on the user's > machine authenticates against the yum server with > their username and > password. If the username/password combo doesn't > match an entry in the > list on the yum server - updates are denied, > otherwise updates pass. > > This may already be possible, either through yum > itself, or with http > authentication, or whatever. I dunno - but if not - > I think it would be > a nice feature for yum to have. And in order to run > yum update in a cron > job - the authentication would need to be done > without prompting user > for password ... > > Feel free to discuss or abuse ... > > pantz > > -- > Before you criticize someone, walk a mile in their > shoes ... > That way when you do criticize them, you're a mile > away and you have their shoes! > > _______________________________________________ > Yum mailing list > Yum@xxxxxxxxxxxxxxxxxxxx > https://lists.dulug.duke.edu/mailman/listinfo/yum __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
