[Pulp-dev] pulp3: Publishing Proposal

Michael Hrivnak mhrivnak at redhat.com
Thu Jun 29 22:48:15 UTC 2017

On Thu, Jun 29, 2017 at 5:17 PM, Brian Bouterse <bbouters at redhat.com> wrote:

> Also what about content protection? Are we going to use redirects with
> time-bombed urls? Or are we expecting the cert verification to occur twice
> (once for the initial request, and again to follow the 301 redirect)?

I don't think there will be any redirects for normal use cases, such as
serving RPMs. The initial request will receive a response that contains the
file. The underlying mechanism will either be the x-sendfile one, or an
inefficient python one as you described.

> I also want to make a similar point here about carrying a content
> protection feature in Pulp and not relying on Apache exclusively for it. As
> a developer I should be able to have the same content protection features
> with runserver as you do with Apache so that developer environment are
> fully functional with runserver.

This is tricky. Trying to do our own SSL logic has been difficult in the
past, which is why we did our best to offload client certificate
authentication to httpd. I'm happy to explore the options, but I don't
think we need to re-implement every httpd feature we want to use,
especially when it comes to authentication. Speaking of, we are also
planning to use httpd modules to integrate with third-party identity
management for REST API authentication, and I similarly don't think we need
to re-implement that in python.

But I'm with you that we should try to keep the development server useful,
and also retain the option to run Pulp with something other than httpd.


Michael Hrivnak

Principal Software Engineer, RHCE

Red Hat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20170629/45402697/attachment.htm>

More information about the Pulp-dev mailing list