From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30290 invoked by uid 1002); 24 Jul 2003 06:36:59 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 6489 invoked from network); 24 Jul 2003 06:36:59 -0000 Date: Thu, 24 Jul 2003 01:35:09 -0500 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Mime-Version: 1.0 (Apple Message framework v552) From: bdharring To: gentoo-dev@gentoo.org Content-Transfer-Encoding: quoted-printable In-Reply-To: <20030724015453.5079e993.rbilbao@inzignia.cl> Message-Id: X-Mailer: Apple Mail (2.552) Subject: Re: [gentoo-dev] (crazy?) proposal to reduce load and disk on mirrors X-Archives-Salt: 6974c471-b6de-4747-a13f-78ecad33733a X-Archives-Hash: e9f9bdf308db7a02fa6b653d116ffca2 On Thursday, July 24, 2003, at 12:54 AM, Raimundo Bilbao wrote: > On Thu, 24 Jul 2003 09:35:04 +0200 > H=E5vard Wall wrote: > > [...] > >> How about implementing a file-sharing propram taylored for gentoo?=20 >> Users >> could voluntarily share their /usr/portage/distfiles, or whatever=20 >> would >> benefit mirrors. This would potentially let us keep huge=20 >> (gaming-)files >> on their (faulty) hosts. When the original host is down, there would >> probably already be some users online which have a copy and is=20 >> sharing it. >> > [...] > > Sound great, a P2P gentoo (?), but how do you protect against trojans,=20= > malware and stuffs like that?, is MD5 (AFAIK, currently the only=20 > checksum used) good enough?. Famous last words, but if there was a trusted central listing of md5's,=20= it is a strong enough hash to identify if the downloaded distfile is=20 original or not. I would guess that it is *possible* to have a different dataset that=20 produces an identical md5, but to actually do this isn't even remotely=20= feasible, let alone having the code *actually* do something nefarious. Of course I'm not a cryptologist/mathematician, but suffice it to say=20 there is a reason most downloaded sources maintain an md5 sig=20 alongside... I realize this particular horse has been beaten well past it's death,=20 but why create a separate p2p system instead of using bit torrent? =20 Just curious, I'm aware of how bit torrent is structured, but that's=20 about it... Other then that, you've mentioned that you're attempting a proof of=20 concept, care to elaborate on some of the aspects of the particular p2p=20= system you're attempting to create/test? ~bdh -- gentoo-dev@gentoo.org mailing list