| 1 |
On Friday 11 April 2003 00:54, Mark Farver wrote: |
| 2 |
> This is more an idea on how to help mirroring.. but I'll throw it into this |
| 3 |
discussion since it could |
| 4 |
> also be used for sharing binary tarballs. |
| 5 |
> |
| 6 |
> How about someone creating an module that automatically shares the contents |
| 7 |
of /usr/portage/distfiles |
| 8 |
> (or packages) over a peer to peer network like gnutella. |
| 9 |
> Everytime someone trys to emerge a package, portage checks the peer network |
| 10 |
to see if someone |
| 11 |
> has a binary package already built (with the same USE flags set) and if not |
| 12 |
it looks for a nearby |
| 13 |
> copy of the tarball. This could be used to spread the ibiblio/oregonstate |
| 14 |
load out a bit... |
| 15 |
|
| 16 |
Wrt. distfiles: |
| 17 |
For an intranet, is that much better than having one box serve them centrally? |
| 18 |
For the internet, sharing distfiles/ on a p2p network requires a _good_ |
| 19 |
uplink. Again, not the 56k dialup people. And those who have such an uplink |
| 20 |
probably don't worry too much about fetch times anyway. (Remember to use |
| 21 |
alternative mirrors, not ibiblio) |
| 22 |
|
| 23 |
> The big drawback for the binaries is there is no guarentee they are what |
| 24 |
they say they are, unlike |
| 25 |
> the tarballs that at least have the MD5 from the ebuild. |
| 26 |
|
| 27 |
On an intranet you might take such a risk. On the internet I'd never agree for |
| 28 |
my machine to use an untrusted, anonymous source for binaries. |
| 29 |
|
| 30 |
BUT: once we have pgp digest signing in place, you'll be able to specify |
| 31 |
trusted pgp keys and accept packages signed by them (or rather whose digests |
| 32 |
have been signed by them) and that is the perfect situation for building a |
| 33 |
pgp web of trust among gentoo users - assuming people really do follow the |
| 34 |
strict pgp rules of verifying identity before trusting a key. |
| 35 |
|
| 36 |
But still, not for 56k people, not if you expect them to upload anything in |
| 37 |
return anyway. |
| 38 |
|
| 39 |
-- |
| 40 |
Dan Armak |
| 41 |
Gentoo Linux developer (KDE) |
| 42 |
Matan, Israel |
| 43 |
Public GPG key: http://cvs.gentoo.org/~danarmak/danarmak-gpg-public.key |
Archives