Paul Gilmartin wrote:
<snip>
Can the HMC be configured, then, as an FTP server usable for RECEIVE FROMNETWORK
given suitable SMPSRVR definition, and is the DVD in GIMZIPped format? If all
these
are true, then SMP/E can do it all in one RECEIVE step, as Ed hopes. Has IBM
done
PoC?
GIMZIP format is protected by SHA-1 checksums. These might be delivered via an
independent secure channel (voice phone call?)
So, not necessarily in the order these things have come up:
- SHA-1 checksums used by GIMZIP/GIMUNZIP/GIMGTPKG were not intended to
be regarded as secure signatures. IBM packages cannot really be
described as "signed." Also, NIST has deprecated SHA-1 for such a
purpose for some time. Whether the SHA-1 hash value used to verify a
package's integrity is just the one that comes with it or whether it's
verfied by telephone, Registered Mail, or carrier pigeon truly matters
not from a security point of view. SSL is more reliable for that
purpose, as someone else suggested in this thread. The combination of
SHA-1 for integrity and SSL for connection verification seems reasonably
secure to yours truly, but I am not security guy so take my opinion for
what it's worth.
- We have not tested using the HMC functions for accessing the DVD drive
for processing PTF orders, ServerPac orders, or CBPDO orders as far as I
know (and, I would probably know). If sufficient interest develops, we
might be convinced to, but we have no current plans. That said, I don't
yet know of any reason it would not work.
- SMP/E will allocate the same data sets it always did, and not allocate
the data sets it never did, whether you use tape, DVD, or Internet to
get an installable set of SYSMODs. So if you RECEIVE one or more
products from a CBPDO order, for example, it will create the SMPTLIB
data sets from the RELFILEs. But allocating the target and distribution
library data sets will be up to you, as has been the case since the
Beginning of Time.
- ServerPac is insensitive to how things get to the z/OS UNIX file
system. Its existing installation process will allocate all the data
sets needed for the products in the order just as it has since its
availability in 1996.
- ServerPac and RECEIVE FROMNET both expect GIMZIP format packages.
--
John Eells
IBM Poughkeepsie
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
