Re: Idea for structure of Apt-Get
The security issues in this plan are solved pretty well. If you used the
actual bittorrent protocol then it would be as secure as the mirrors are now
- if not slightly more secure.
The biggest issues here are
A.) unexpected bandwidth usage.
B.) horrible latency
The first issue is mostly a real issue from a bad press perspective. People
will see not using upstream bandwidth as a feature and try to avoid/cheat
the system. I actually wish bittorrent-style update mechanisms were more
common - people might stop paying for connections with horrible upload
speeds.
The second issue is most likely an engineering problem. The existing
bittorrent protocol has a bit of a delay finding peers and convincing them
to share - until you have a chunk or two of the file, you'll be stuck at a
super-low download rate (typically 1kb/sec). Since a bittorrent "chunk" is a
good percentage of the size of the average Debian package, some sort of
custom bittorrent-like protocol would need to be developed.
I guess the real question is as follows:
- Is there a big enough shortage in donated mirror bandwidth to put the effort
into developing a peer to peer package distribution system and convincing a
large percentage of users to share their bandwidth?
-- Nat Tuck
On Saturday 19 March 2005 02:21 pm, James Titcumb wrote:
> Patrick,
>
> It seems a good idea, but I dont think it could work in practise for a
> few reasons...
>
> Firstly, the UK internet is terrible. There are bandwidth constraints on
> 90% of home users now, which means that we'd have to pay for more
> bandwidth every month due to the number of uploads... Also, the price of
> symmetrical DSL is not yet affordable for home users like myself, so
> most of us are stuck on ADSL, with upload speeds of only around 30k/s.
> Not to mention the appauling contention ratios of anywhere up to
> 100:1... I'm lucky enough to live in the countryside where there are
> only about 5 other users on the local exchange :)
>
> Secondly, as you said, I can see security issues galore :(... especially
> for server systems which would supposedly be secure, yet a user may
> hypothetically be able to start downloading other files... unless of
> course the theoretical apt-get "uploader" limits it to one directory.
>
> Its a nice concept, granted, but I think people are so used to mirrors
> now.... As that saying goes "if it ain't broke, don't fix it"... which I
> never abide by, because I like to tinker with things, break them then
> fix them again... </geek> :)
>
> James
>
> Patrick Carlson wrote:
> >Hello. I'm not sure if anyone has suggested something like this or
> >not but I was thinking about the apt-get system and bittorrent today.
> >What if the apt-get system was redesigned so that users could download
> >updates and upgrades from other users? This way they would trickle
> >out to people, slowly at first, but then more and more people would
> >have the update and thus more people could get it faster. I know
> >there would probably be a lot of security issues involved but then
> >maybe people wouldn't have to worry about setting up .deb mirrors and
> >trying to get the latest upgrades. Just a thought. If it's a bad
> >one, let me know. :)
> >
> >-Patrick
Reply to: