[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: final release



On Sat, May 15, 2004 at 02:52:42PM -0400, Jim Cornette wrote:

> I still feel uncomfortable with p2p transfers. Also, I don't like the 

You shouldn't. The integrity is asserted by the transport layer, you shall 
of course check digital signatures to assert you're downloading the genuine
thing (if you're paranoid that way, I personally don't bother to check at
this yellow-green threat level).

> idea of getting the download in fragments and then reconstructed. I 

TCP/IP does that, too. Are you uncomfortable with reading this mail as well?

> would rather get transfers from mirrors with a pretty good reputation, 
> instead of a bits and pieces download and reconstructed files.

If you want reputation tracking, use digital signatures to validate authenticity.
Anything else is easily fakeable.
 
> >Personally, I usually grab a copy via bittorrent and then give it to our
> >local mirror.

I personally much prefer to torrent, and leave the download session open for
at least a day, just to be a good bittorrentcitizen.

I only use http/ftp mirrors for those more braindead distributions who're not
into the wonders of P2P yet (hello? Debian? what gives?).

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

Attachment: pgp00059.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]