[Pulp-list] Pulp 2.6 vs 2.8 event notifier question
Bryan Kearney
bkearney at redhat.com
Wed Feb 3 16:30:23 UTC 2016
On 02/03/2016 09:55 AM, Eric Helms wrote:
>
>
> ----- Original Message -----
>> From: "Randy Barlow" <rbarlow at redhat.com>
>> To: "Eric Helms" <ehelms at redhat.com>
>> Cc: "Jeremy Cline" <jcline at redhat.com>, pulp-list at redhat.com
>> Sent: Wednesday, February 3, 2016 9:46:20 AM
>> Subject: Re: [Pulp-list] Pulp 2.6 vs 2.8 event notifier question
>>
>> On Wed, Feb 03, 2016 at 09:40:09AM -0500, Eric Helms wrote:
>>> Not to be argumentative, but that seems like a cop out. I would think as a
>>> user I should be able to provide you with the CA certificate that should
>>> be used for verification for a given event notification. I realize this is
>>> a deprecated feature and my intent is not to incur more work. However, I
>>> do find value in having the right solution in place.
>>
>> Isn't it the case that Katello is not in this situation? I.e., Katello
>> has the power to install the ca trust for the call back? Also, it
>> doesn't make sense to use https:// if you don't want trust to happen.
>> TLS is for two things: trust and privacy, and you can't have privacy
>> without trust.
>
> Katello isn't - but I never said I was arguing for Katello's specific deployment scenario. I am looking at this from the general use case. If there is a Pulp installed over on Server A, and I have access to use it via the CLI or API and want to set up an event notifier to hit my box running on Server B that is running via HTTPS I cannot, at present, do this because I have to implant my server CA certificate on Server A which I may not have control over. Unless I am missing something fundamental to this workflow?
>
I tend to agree.. I htink it would be good to completely configure a
repo from the API. However, I do realize that openssl makes things super
sucky in order to increase security.
-- bk
More information about the Pulp-list
mailing list