On 02/03/2016 09:55 AM, Eric Helms wrote:
----- Original Message -----
From: "Randy Barlow" <[email protected]>
To: "Eric Helms" <[email protected]>
Cc: "Jeremy Cline" <[email protected]>, [email protected]
Sent: Wednesday, February 3, 2016 9:46:20 AM
Subject: Re: [Pulp-list] Pulp 2.6 vs 2.8 event notifier question
On Wed, Feb 03, 2016 at 09:40:09AM -0500, Eric Helms wrote:
Not to be argumentative, but that seems like a cop out. I would think as a
user I should be able to provide you with the CA certificate that should
be used for verification for a given event notification. I realize this is
a deprecated feature and my intent is not to incur more work. However, I
do find value in having the right solution in place.
Isn't it the case that Katello is not in this situation? I.e., Katello
has the power to install the ca trust for the call back? Also, it
doesn't make sense to use https:// if you don't want trust to happen.
TLS is for two things: trust and privacy, and you can't have privacy
without trust.
Katello isn't - but I never said I was arguing for Katello's specific
deployment scenario. I am looking at this from the general use case. If there
is a Pulp installed over on Server A, and I have access to use it via the CLI
or API and want to set up an event notifier to hit my box running on Server B
that is running via HTTPS I cannot, at present, do this because I have to
implant my server CA certificate on Server A which I may not have control over.
Unless I am missing something fundamental to this workflow?
I tend to agree.. I htink it would be good to completely configure a
repo from the API. However, I do realize that openssl makes things super
sucky in order to increase security.
-- bk
_______________________________________________
Pulp-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pulp-list
