The security issues in this plan are solved pretty well. If you used the actual bittorrent protocol then it would be as secure as the mirrors are now - if not slightly more secure.
The biggest issues here are A.) unexpected bandwidth usage. B.) horrible latency The first issue is mostly a real issue from a bad press perspective. People will see not using upstream bandwidth as a feature and try to avoid/cheat the system. I actually wish bittorrent-style update mechanisms were more common - people might stop paying for connections with horrible upload speeds. The second issue is most likely an engineering problem. The existing bittorrent protocol has a bit of a delay finding peers and convincing them to share - until you have a chunk or two of the file, you'll be stuck at a super-low download rate (typically 1kb/sec). Since a bittorrent "chunk" is a good percentage of the size of the average Debian package, some sort of custom bittorrent-like protocol would need to be developed. I guess the real question is as follows: - Is there a big enough shortage in donated mirror bandwidth to put the effort into developing a peer to peer package distribution system and convincing a large percentage of users to share their bandwidth? -- Nat Tuck On Saturday 19 March 2005 02:21 pm, James Titcumb wrote: > Patrick, > > It seems a good idea, but I dont think it could work in practise for a > few reasons... > > Firstly, the UK internet is terrible. There are bandwidth constraints on > 90% of home users now, which means that we'd have to pay for more > bandwidth every month due to the number of uploads... Also, the price of > symmetrical DSL is not yet affordable for home users like myself, so > most of us are stuck on ADSL, with upload speeds of only around 30k/s. > Not to mention the appauling contention ratios of anywhere up to > 100:1... I'm lucky enough to live in the countryside where there are > only about 5 other users on the local exchange :) > > Secondly, as you said, I can see security issues galore :(... especially > for server systems which would supposedly be secure, yet a user may > hypothetically be able to start downloading other files... unless of > course the theoretical apt-get "uploader" limits it to one directory. > > Its a nice concept, granted, but I think people are so used to mirrors > now.... As that saying goes "if it ain't broke, don't fix it"... which I > never abide by, because I like to tinker with things, break them then > fix them again... </geek> :) > > James > > Patrick Carlson wrote: > >Hello. I'm not sure if anyone has suggested something like this or > >not but I was thinking about the apt-get system and bittorrent today. > >What if the apt-get system was redesigned so that users could download > >updates and upgrades from other users? This way they would trickle > >out to people, slowly at first, but then more and more people would > >have the update and thus more people could get it faster. I know > >there would probably be a lot of security issues involved but then > >maybe people wouldn't have to worry about setting up .deb mirrors and > >trying to get the latest upgrades. Just a thought. If it's a bad > >one, let me know. :) > > > >-Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]