On Friday 11 April 2003 00:54, Mark Farver wrote:
> This is more an idea on how to help mirroring.. but I'll throw it into this 
discussion since it could
> also be used for sharing binary tarballs. 
> 
> How about someone creating an module that automatically shares the contents 
of /usr/portage/distfiles
> (or packages) over a peer to peer network like gnutella.  
> Everytime someone trys to emerge a package, portage checks the peer network 
to see if someone
> has a binary package already built (with the same USE flags set) and if not 
it looks for a nearby
> copy of the tarball.  This could be used to spread the ibiblio/oregonstate 
load out a bit... 

Wrt. distfiles:
For an intranet, is that much better than having one box serve them centrally?
For the internet, sharing distfiles/ on a p2p network requires a _good_ 
uplink. Again, not the 56k dialup people. And those who have such an uplink 
probably don't worry too much about fetch times anyway. (Remember to use 
alternative mirrors, not ibiblio)

> The big drawback for the binaries is there is no guarentee they are what 
they say they are, unlike
> the tarballs that at least have the MD5 from the ebuild.

On an intranet you might take such a risk. On the internet I'd never agree for 
my machine to use an untrusted, anonymous source for binaries.

BUT: once we have pgp digest signing in place, you'll be able to specify 
trusted pgp keys and accept packages signed by them (or rather whose digests 
have been signed by them) and that is the perfect situation for building a 
pgp web of trust among gentoo users - assuming people really do follow the 
strict pgp rules of verifying identity before trusting a key.

But still, not for 56k people, not if you expect them to upload anything in 
return anyway. 

-- 
Dan Armak
Gentoo Linux developer (KDE)
Matan, Israel
Public GPG key: http://cvs.gentoo.org/~danarmak/danarmak-gpg-public.key