As part of our upgrade to Pulp3 in the next couple of releases we have some decisions to make. In pulp2 all content was protected with a subscription-based cert authorization. This makes sense for yum since subscription-manager manages all of this for you. However it also protected all other content with this same mechanism. I’m not entirely sure this makes sense. With pulp2 if you wanted to fetch file content without this type of cert that only subscription-manager could request, you could only do so over http (port 80). Pulp 3 is much more configurable and lets you have more fine grained control over what types of protection a repository has.
I wanted to poll Katello users about their usage of this protection with File content specifically. My current thinking is that we drop this subscription-based cert protection from file content if its not important.
- I use file content and would like subscription-based cert protection
- I use file content and would like simple client cert protection
- I use file content and don’t need any protection (it does not bother me that file content is wide open and available without authentication)
- I’d like some other kind of way to protect file content