List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Friday 11 April 2003 00:54, Mark Farver wrote:
> This is more an idea on how to help mirroring.. but I'll throw it into this
discussion since it could
> also be used for sharing binary tarballs.
> How about someone creating an module that automatically shares the contents
> (or packages) over a peer to peer network like gnutella.
> Everytime someone trys to emerge a package, portage checks the peer network
to see if someone
> has a binary package already built (with the same USE flags set) and if not
it looks for a nearby
> copy of the tarball. This could be used to spread the ibiblio/oregonstate
load out a bit...
For an intranet, is that much better than having one box serve them centrally?
For the internet, sharing distfiles/ on a p2p network requires a _good_
uplink. Again, not the 56k dialup people. And those who have such an uplink
probably don't worry too much about fetch times anyway. (Remember to use
alternative mirrors, not ibiblio)
> The big drawback for the binaries is there is no guarentee they are what
they say they are, unlike
> the tarballs that at least have the MD5 from the ebuild.
On an intranet you might take such a risk. On the internet I'd never agree for
my machine to use an untrusted, anonymous source for binaries.
BUT: once we have pgp digest signing in place, you'll be able to specify
trusted pgp keys and accept packages signed by them (or rather whose digests
have been signed by them) and that is the perfect situation for building a
pgp web of trust among gentoo users - assuming people really do follow the
strict pgp rules of verifying identity before trusting a key.
But still, not for 56k people, not if you expect them to upload anything in
Gentoo Linux developer (KDE)
Public GPG key: http://cvs.gentoo.org/~danarmak/danarmak-gpg-public.key