Question about moving from 5733OPS to yum based repo
Apologies if this is the wrong place to ask a question, but it was suggested by IBM support. As a current user of some open source packages on IBM i via the 5733OPS licensed program and PTFs I'm quite keen to migrate over to the new yum based delivery method to take advantage of the additional range of packages and up to date versions. However our information security team are asking me to check that code/packages are coming from a secure and trusted source. I believe the repo is hosted on server public.dhe.ibm.com which being an IBM hosted server sounds fine (though a secure protocol rather than ftp would be preferable), but are the packages that are added to the repo verified or checked in any way to ensure no malicious or vulnerable code is added that could end up on customers systems?
Thanks, Mark.
Comments (3)
-
-
reporter Thanks Jesse. That's great, and just the sort of information we were looking for. I'll mark this resolved.
-
reporter - changed status to resolved
Question answered.
- Log in to comment
Hi, Mark. Here are the data points that can be used to show the software is coming from a secure+trusted source:
ibm.com
site (as you noticed). We havehttps
support but haven't switched the installer over yet.Hope this helps! Feel free to ask any further questions you may have.