| 1 |
On Thursday, July 24, 2003, at 12:54 AM, Raimundo Bilbao wrote: |
| 2 |
|
| 3 |
> On Thu, 24 Jul 2003 09:35:04 +0200 |
| 4 |
> Håvard Wall <haavardw@×××××××.no> wrote: |
| 5 |
> |
| 6 |
> [...] |
| 7 |
> |
| 8 |
>> How about implementing a file-sharing propram taylored for gentoo? |
| 9 |
>> Users |
| 10 |
>> could voluntarily share their /usr/portage/distfiles, or whatever |
| 11 |
>> would |
| 12 |
>> benefit mirrors. This would potentially let us keep huge |
| 13 |
>> (gaming-)files |
| 14 |
>> on their (faulty) hosts. When the original host is down, there would |
| 15 |
>> probably already be some users online which have a copy and is |
| 16 |
>> sharing it. |
| 17 |
>> |
| 18 |
> [...] |
| 19 |
> |
| 20 |
> Sound great, a P2P gentoo (?), but how do you protect against trojans, |
| 21 |
> malware and stuffs like that?, is MD5 (AFAIK, currently the only |
| 22 |
> checksum used) good enough?. |
| 23 |
Famous last words, but if there was a trusted central listing of md5's, |
| 24 |
it is a strong enough hash to identify if the downloaded distfile is |
| 25 |
original or not. |
| 26 |
I would guess that it is *possible* to have a different dataset that |
| 27 |
produces an identical md5, but to actually do this isn't even remotely |
| 28 |
feasible, let alone having the code *actually* do something nefarious. |
| 29 |
Of course I'm not a cryptologist/mathematician, but suffice it to say |
| 30 |
there is a reason most downloaded sources maintain an md5 sig |
| 31 |
alongside... |
| 32 |
|
| 33 |
I realize this particular horse has been beaten well past it's death, |
| 34 |
but why create a separate p2p system instead of using bit torrent? |
| 35 |
Just curious, I'm aware of how bit torrent is structured, but that's |
| 36 |
about it... |
| 37 |
Other then that, you've mentioned that you're attempting a proof of |
| 38 |
concept, care to elaborate on some of the aspects of the particular p2p |
| 39 |
system you're attempting to create/test? |
| 40 |
~bdh |
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-dev@g.o mailing list |
Archives