Adam wrote:
On Mon, 01 May 2006 16:08:11 -0400 Daniel Ouellet <[EMAIL PROTECTED]> wrote:
And I am not talking about Torrents, as I prefer getting my data from a
trusted source thank you.
As irrelivant as this discussion is, why do people make comments like
this? What makes downloading through http or ftp so magically secure?
Bittorrent checks the checksum provided by the tracker server. So you
have to trust you are getting the right data from an http or ftp server,
or you have to trust that you are getting the right data from a tracker
server. What's the difference?
I don't want to turn this into a debate. I didn't imply that ftp or http
was more secure then Bittorrent, but it provide the checksum as well as
the files from the same source. But getting my files from example:
[EMAIL PROTECTED]:/cvs
or
[EMAIL PROTECTED]:/cvs
where Maintained by Todd Miller.
or from
[EMAIL PROTECTED]:/cvs
Maintained by Bob Beck
or
[EMAIL PROTECTED]:/cvs
Maintained by Michael Shalayeff.
just to take a few only and that doesn't put a judgment on the other
maintainers of other source, is more likely to be more secure and more
trusted with many more eyeballs looking at it then a bittorrent from
someone that I don't know or may not have been on the lists for many
years contributing and helping others as well with track records coming
from long ago.
It was a simple statement on the likely hood to make more trusted source
file form well known source maintain by trusted people known to the
project. After all they have cvs rights, so that must mean something no?
If a dev with cvs right setup a bittorrent for distributions, or someone
with many years of track records on the lists setup that, then I am more
likely to trust it, or not.
I am not saying anything bad about anyone that may want to help with
bittorrent, if you took it as an insult, then my apology for that. Sure
wasn't my intentions here.
If the pkg_add for example was always comparing the checksum of any
download source with a reference at checksum.openbsd.org for example via
ssh, or what not, then I would say, yes, we can trust any download
source as when it take it, it will automatically kill it if it is not
right. But it is not how it is really.
Now, I don't need the answer to this and I don't want to extend this
more either. so I will stop here, no more reply either on the subject,
but may be a user may check the checksum of the files when download with
the listed one, but how many actually go check the main site as well to
get the checksum from that site.
I bet you many just use pkg_add and thing it does check the checksum by
itself and if you have something on bittorrent that is tinted, but the
checksum actually reflect the file, even if it doesn't reflect the main
site, I would be curious to know how long this would go before it's been
notice.
Anyway, sorry for my statement in the first post. I main a mistake to
express it there and it shadow the real question that was if there was a
need for more capacity for packages for example.
I was offering that, but it got miss receive and my apology for that.
In the end, I conclude that there isn't any need for more capacity as it
wasn't express as been needed.
Sorry for the noise.
Daniel
