Opportunity cost minimization problem: >> No no no! Why not download the normal (signed) cabal list from the >> DHT (and optionally directly from hackage.haskell.org)? These are all >> the packages that would appear on the website. Why serve any other >> content? All nodes in the DHT may check and make sure the file (or >> fragment) being served is properly signed. >> >> Any desire for popularity or tagging capability should be separate. >> > Because single single hackage private key can be bruteforsed or stolen > far easier than lots and lots keys of random people. > > > >>> + User maintains list of trusted people's open keys, in order to >>> validate authenticity and see trusted ratings. >> >> This would need further explanation, but in general I'm against >> requiring user interaction on this level. > You choose who's moderating packages for you. Some well-known community > moderators and your trusted friends. If no one rated package yet, then > you download and rate, so people who trust you can make decision based > on your rate. > Kind of social network.
In short, P2P introduces non-determinism. Non-determinism is natural law and otherwise order is not permanent (e.g. ends in non-composability, errors, vulnerabilities, etc): http://www.haskell.org/pipermail/haskell-cafe/2009-November/068432.html What is needed is some way to set up upper bound to the level of non-determinism in some useful domain: http://www.haskell.org/pipermail/haskell-cafe/2009-October/068382.html (space determinism in Haskell) Which are really opportunity cost minimizations: http://forum.bittorrent.org/viewtopic.php?id=28 (my architectural comments about BitTorrent free loading) http://goldwetrust.up-with.com/technology-f8/computers-t112-15.htm#2189 (long winded, not so coherent brainstorming) _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe