Is your feature request related to a problem? Please describe.
We already enforce that the same distribution cannot be used for uploaded and cached content by validating on remote and allow_uploads. This is a measure to enforce security, e.g. you want to avoid situations where uploaded content conflicts with content that we want to cache, or content from the index conflicting with (or overriding) content in the private index, which could be exploited to attack internal infrastructure downstream of the private registry.
The question is whether we should somehow go further and enforce that different repositories must be used for a pull-through cache + private repo setup, that you cannot just use two distributions pointing at one shared repository.
Describe the solution you'd like
Describe alternatives you've considered
Additional context
Is your feature request related to a problem? Please describe.
We already enforce that the same distribution cannot be used for uploaded and cached content by validating on
remoteandallow_uploads. This is a measure to enforce security, e.g. you want to avoid situations where uploaded content conflicts with content that we want to cache, or content from the index conflicting with (or overriding) content in the private index, which could be exploited to attack internal infrastructure downstream of the private registry.The question is whether we should somehow go further and enforce that different repositories must be used for a pull-through cache + private repo setup, that you cannot just use two distributions pointing at one shared repository.
Describe the solution you'd like
Describe alternatives you've considered
Additional context