For a while now, we have been working on the distribution servlet, which is basically designed to allow people to give copies of Freenet, together with seednodes, to their friends - effectively augmenting the current centralized pull model of software distribution with a decentralized push model.
There is at least one question that hasn't been answered yet : when you push a copy of Freenet to your neighbor - should it be the latest jar (perhaps distributed over Freenet using a DBR), or should it be the jar that you are using? The advantage of distributing the latest jar is obvious, but the disadvantage is that it creates a danger that whoever has the private key with which these jars are inserted - could be compromized, allowing future Freenet jars to be corrupted. IF we do the latter (or even just offer the latter as an option), we need a way to defend against a situation where the jar is compromized. One way would be to give a number of people "veto" rights over a jar. So lets say I or Oskar noticed that the current jar was corrupt in some way - we could veto it by inserting a message into our private veto-subspaces. This message could possibly contain a new subspace which nodes should use instead. If multiple veto subspaces are disagreeing with each-other, then the subspace given by the majority of those veto subspaces should be used. Thoughts? Ian. -- Ian Clarke ian@[freenetproject.org|locut.us|cematics.com] Latest Project http://cematics.com/kanzi Personal Homepage http://locut.us/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021111/10c39d1d/attachment.pgp>
