If you have an unprotected custom repo that contains a package whose name matches the name of a protected custom repo, requests for that package will be protected by the certificates of the protected repo. Example: foo is a protected repo bar is a unprotected repo that contains a package called foo requests for package foo from bar are denied. The name does not have to match exactly. If the protected repo was called foo and the package was called foobar, the bug would still apply.
pulp rhui branch commit ee4ae4536d79d09d2107d1a114a94419d14fb6bd
Probably the easiest way to test this is to create a protected repo with the same name (and entitlement path) as the name of a rpm you already have...."kernel" for example. Then upload an rpm named kernel (grab one from fedora if need be) to an *unprotected* repositoriy and verify a client can download the package without using an entitlement certificate from the unprotected repository.
Created attachment 603484 [details] screen log from verification
Confirmed. Screen log is in attachment. Moving bug to VERIFIED.
Created attachment 603521 [details] screen log - without client's certificates This is a screen log, where client doesn't have certificates for protected repositories. Package "custom_repo_1" which has the same name as protected repository is available.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-1205.html