[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Distributed Debian Distribution Development

On Thu, Sep 2, 2010 at 1:44 PM, Oscar Morante <spacepluk@gmail.com> wrote:
> Have you seen this project [1]? It looks like they have been already
> thinking about the git+bittorrent idea.
> [1] http://code.google.com/p/gittorrent/

 yes.  it's effectively shelved.  the name "gittorrent" was abandoned
and the name "mirrorsync" selected, because the people working on it
decided that bittorrent was an inappropriate protocol to use.  i got
them some slashdot coverage.  but, ultimately, i disagreed with them
that bittorrent isn't an appropriate protocol, so that's why i did the
thingy and proved that it's an effective transfer / distribution
mechanism.  thingy.  haven't even picked a name for it! :)
suggestions welcome.

 i want to see how far i can get away with leaving the bittorrent
protocol _entirely_ unchanged, by virtue of doing everything through
this "vfs layer" jobbie.  only if it becomes absolutely absolutely
necessary, _then_ start making changes.

good reasons to make changes:

a) the 256k chunk size becomes blindingly obviously completely
unacceptable.  for example: cameron dale did a study of the .deb
archives and found that a very large percentage are under 32k in size.
 this was the primary reason why he abandoned the bittorrent protocol
(baby? bathwater?? *sigh*...) even after modifying it to be able to
negotiate chunk sizes and he designed apt-p2p instead.

b) ISPs start doing packet-filtering (fuckers) so it becomes necessary
to change headers, port numbers, permanently enable encryption at a
fundamental level such that deep packet inspection becomes impossible,
e.g. move to SSL and so on.

c) digital signing of individual commits becomes necessary, and...
somehow (i don't know how yet) it *hand-waving* becomes necessary to
integrate the GPG signature verification on git "packs" at the
bittorrent-protocol-level.  haven't got to that bit, yet - the
project's only been going for 4 days!  sam vilain solved this by
simply creating refs with the signers' 32-bit GPG fingerprint, but he
didn't get as far as actually _checking_ it :)


Reply to: