1 |
On Thursday, July 24, 2003, at 12:54 AM, Raimundo Bilbao wrote: |
2 |
|
3 |
> On Thu, 24 Jul 2003 09:35:04 +0200 |
4 |
> Håvard Wall <haavardw@×××××××.no> wrote: |
5 |
> |
6 |
> [...] |
7 |
> |
8 |
>> How about implementing a file-sharing propram taylored for gentoo? |
9 |
>> Users |
10 |
>> could voluntarily share their /usr/portage/distfiles, or whatever |
11 |
>> would |
12 |
>> benefit mirrors. This would potentially let us keep huge |
13 |
>> (gaming-)files |
14 |
>> on their (faulty) hosts. When the original host is down, there would |
15 |
>> probably already be some users online which have a copy and is |
16 |
>> sharing it. |
17 |
>> |
18 |
> [...] |
19 |
> |
20 |
> Sound great, a P2P gentoo (?), but how do you protect against trojans, |
21 |
> malware and stuffs like that?, is MD5 (AFAIK, currently the only |
22 |
> checksum used) good enough?. |
23 |
Famous last words, but if there was a trusted central listing of md5's, |
24 |
it is a strong enough hash to identify if the downloaded distfile is |
25 |
original or not. |
26 |
I would guess that it is *possible* to have a different dataset that |
27 |
produces an identical md5, but to actually do this isn't even remotely |
28 |
feasible, let alone having the code *actually* do something nefarious. |
29 |
Of course I'm not a cryptologist/mathematician, but suffice it to say |
30 |
there is a reason most downloaded sources maintain an md5 sig |
31 |
alongside... |
32 |
|
33 |
I realize this particular horse has been beaten well past it's death, |
34 |
but why create a separate p2p system instead of using bit torrent? |
35 |
Just curious, I'm aware of how bit torrent is structured, but that's |
36 |
about it... |
37 |
Other then that, you've mentioned that you're attempting a proof of |
38 |
concept, care to elaborate on some of the aspects of the particular p2p |
39 |
system you're attempting to create/test? |
40 |
~bdh |
41 |
|
42 |
|
43 |
-- |
44 |
gentoo-dev@g.o mailing list |