Re: Idea for structure of Apt-Get
Hello.
This thought looks pretty interesting. I wonder if I could trust p2p... I'll
explain myself:
what would happen if someone changed the source code of a chunk of an
application, I mean, I trust the servers from where I download the packages,
but can I trust any user that offer me a chunk?
In Spain internet is worse... (we upload at 15 k/s with our affordable ADSL).
--
Javier Fernández García (a.k.a calvin)
Presidente de Core Dumped
http://hal9000.eui.upm.es
El Domingo, 20 de Marzo de 2005 00:44, Nat Tuck escribió
> The security issues in this plan are solved pretty well. If you used the
> actual bittorrent protocol then it would be as secure as the mirrors are
> now - if not slightly more secure.
>
> The biggest issues here are
> A.) unexpected bandwidth usage.
> B.) horrible latency
>
> The first issue is mostly a real issue from a bad press perspective. People
> will see not using upstream bandwidth as a feature and try to avoid/cheat
> the system. I actually wish bittorrent-style update mechanisms were more
> common - people might stop paying for connections with horrible upload
> speeds.
>
> The second issue is most likely an engineering problem. The existing
> bittorrent protocol has a bit of a delay finding peers and convincing them
> to share - until you have a chunk or two of the file, you'll be stuck at a
> super-low download rate (typically 1kb/sec). Since a bittorrent "chunk" is
> a good percentage of the size of the average Debian package, some sort of
> custom bittorrent-like protocol would need to be developed.
>
> I guess the real question is as follows:
> - Is there a big enough shortage in donated mirror bandwidth to put the
> effort into developing a peer to peer package distribution system and
> convincing a large percentage of users to share their bandwidth?
>
> -- Nat Tuck
>
> On Saturday 19 March 2005 02:21 pm, James Titcumb wrote:
> > Patrick,
> >
> > It seems a good idea, but I dont think it could work in practise for a
> > few reasons...
> >
> > Firstly, the UK internet is terrible. There are bandwidth constraints on
> > 90% of home users now, which means that we'd have to pay for more
> > bandwidth every month due to the number of uploads... Also, the price of
> > symmetrical DSL is not yet affordable for home users like myself, so
> > most of us are stuck on ADSL, with upload speeds of only around 30k/s.
> > Not to mention the appauling contention ratios of anywhere up to
> > 100:1... I'm lucky enough to live in the countryside where there are
> > only about 5 other users on the local exchange :)
> >
> > Secondly, as you said, I can see security issues galore :(... especially
> > for server systems which would supposedly be secure, yet a user may
> > hypothetically be able to start downloading other files... unless of
> > course the theoretical apt-get "uploader" limits it to one directory.
> >
> > Its a nice concept, granted, but I think people are so used to mirrors
> > now.... As that saying goes "if it ain't broke, don't fix it"... which I
> > never abide by, because I like to tinker with things, break them then
> > fix them again... </geek> :)
> >
> > James
> >
> > Patrick Carlson wrote:
> > >Hello. I'm not sure if anyone has suggested something like this or
> > >not but I was thinking about the apt-get system and bittorrent today.
> > >What if the apt-get system was redesigned so that users could download
> > >updates and upgrades from other users? This way they would trickle
> > >out to people, slowly at first, but then more and more people would
> > >have the update and thus more people could get it faster. I know
> > >there would probably be a lot of security issues involved but then
> > >maybe people wouldn't have to worry about setting up .deb mirrors and
> > >trying to get the latest upgrades. Just a thought. If it's a bad
> > >one, let me know. :)
> > >
> > >-Patrick
Reply to: