[ubuntu-uk] Peer to peer apt

Anton Piatek anton at piatek.co.uk
Sun May 16 17:37:08 BST 2010 

On 15 May 2010 14:56, Rob Beard <rob at esdelle.co.uk> wrote:
> On 14/05/10 12:18, Samuel Toogood wrote:
>> First post for a while, and I don't usually start threads, but I've been
>> lurking, and I don't think this has appeared before.
>>
>> I recently had an idea for improving ubuntu: Wouldn't it be good if
>> packages could be distributed in a peer to peer manner, as .isos can be?
>> This would have several advantages, including:
>> 1. If you have more than one ubuntu machine, no need to download
>> everything multiple times, and no need to maintain an apt-mirror, it all
>> just happens.
>> 2. There are times, such as when a release first comes out, when the
>> repositories get huge spikes in demand, this would help with that.
>>
>> The potential downside would be the threat of packages containing
>> malware being propagated around, but this can be got around by
>> checksumming etc.
>>
>> Like most of my ideas, it appears someone else got there first. There is
>> a package in the repositories called apt-p2p which appears to be what I
>> am talking about. Its homepage is at http://www.camrdale.org/apt-p2p/ .
>> Has anyone used this? What do people think of the concept? Could it be
>> integrated into the GUI for managing sources?
>>
>> Hope that makes sense.
>>
>> Sam
>>
>
> Actually that isn't too bad an idea, at least assuming your ISP doesn't
> block/throttle P2P.  I guess it would be handy for folks who just want
> to upgrade between releases rather than download a fresh ISO and reinstall.
>
> I'm pretty certain there is some sort of signature check with Apt anyway
> and it warns you if you get unsigned packages so maybe that might limit
> the risk of getting any malware, at least on official packages.

Oh, apt will cope with the idea fine - pgp signatures on the release
file which contains sha1 hashes of each other file means that you
should be pretty secure with it all.

The question is whether you gain enough compared to the complexity and
overheads of p2p... (personally I like the idea of each ISP running a
mirror, but I suppose that doesn't scale for N distributions where as
p2p should)

Anton


-- 
Anton Piatek
email: anton at piatek.co.uk	
blog/photos:			http://www.strangeparty.com
pgp: [74B1FA37]	(http://www.strangeparty.com/anton.asc)
fingerprint: 7401 96D3 E037 2F8F 5965  A358 4046 71FD 74B1 FA37

No trees were destroyed in the sending of this message, however, a
significant number of electrons were terribly inconvenienced.

More information about the ubuntu-uk mailing list