[repoman] A Simo Appears, and some commentary
Simo Leone
simo at archlinux.org
Wed Jul 18 01:26:12 EDT 2007
On Tue, Jul 17, 2007 at 12:34:47PM -0500, Simo Leone wrote:
>
> Also, for an upload mechanism. I'm thinking it would be cool to
> implement a custom FTP server that authenticates against the user
> database. This could optionally be tunneled through an ssl tunnel, but
> would allow any existing ftp client to be used to upload packages.
> SSL tunneling is No Big Deal (tm) thanks to simple, preexisting tools
> like stunnel or ftp-ssl. I *think* twisted might give us a way to do this
> fairly easily without learning the ins and outs of the ftp protocol.
> This solution also only requires running the daemon on the server
> system, as opposed to the complex total chroot jail idea that I think
> was being tossed around with the idea of using ssh.
>
> Well that's a start for now, I've gotta delve into this some more.
>
And delved I have. FTP tunnelling through SSL has some issues with the
fact that FTP opens a separate data channel, which is much more
difficult (and annoying) to encrypt than the control channel. So, after
some thought, I thought..well gee... what if a checksum or something was
sent through the encrypted channel, so that the data channel could
operate normally sans the ssl mess. There may be a few clever ways to do
this while maintaining compatibility with any ftp client, such as
appending the checksum to the filename specified with the STOR command,
and parsing it out on the server side.
I duno, I might be making a frickin mountain out of a mole hill, but the
gears are turning.
-S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://archlinux.org/pipermail/repoman/attachments/20070718/345aa95b/attachment.bin
More information about the repoman
mailing list