Ian Clarke schrieb:
> 
> So it seems that Oskar and Tavin are now arguing that it is fine if
> users download Freenet, start the installation, are manually directed by
> the installation to the Freenet website where they can obtain some seed
> node addresses which they must manually enter into the installation
> process - but it is the root of all evil to automate this process
> (having informed the user of what will happen and any risks involved)?
> 
> Is it just me or is this looking more ridiculous by the minute?

I have to agree with Ian, that this approach is not much safer in the
first place. You would still have to rely on the freenetproject.org
webpage, which can be changed (in contrast to the code even unoticed for
quite some time) by anybody with CVS access. The webserver can be
overtaken or shut down by legal means.

But just take a step back, I think Brandon summarized the issues quite
well:
B> The real issues at hand are 1) how do they get the list of nodes, and
B> 2) how is the list of nodes generated.

As for 1) we have three choices: 
 a) Getting an address through "safe ways" (friends, etc...),
 b) Downloading locally together with the distribution, or
 c) getting them via some web mechanisms (automatic or manually)
     ci) via manual Website visit
    cii) automated script
   ciii) search machines

As for 2) I can see:
 a) editable by all new nodes (inform.php)
 b) address harvesting by a couple of trusted, but unknown submitting to
a central place (Ian's suggestion)
 c) Providing one or more central addresses
(freenetproject.org:19114,...)

1a) is surely the preferred way and should be offered in any case, no
question, but how to proceed alternatively?
I like Ians suggestion on harvesting addresses without new nodes having
a chance to influence the selection, but it is not at all related to the
issues in 1) how to get this list of nodes, which is what Tavin and
Oskar argue about. So you might not actually talk about exactly the same
problems here. BTW the harvesting mechanism will also require absolutely
trusted nodes and who should run them?

Sebastian

_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl

Reply via email to