incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Lohmaier <cl...@openoffice.org>
Subject Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Date Tue, 25 Oct 2011 12:38:07 GMT
Hi Robert, *,

On Tue, Oct 25, 2011 at 2:15 PM, Robert Burrell Donkin
<robertburrelldonkin@gmail.com> wrote:
> On Tue, Oct 25, 2011 at 12:36 PM, Christian Lohmaier
> <cloph@openoffice.org> wrote:
>> [...]
>> That doesn't make sense - integrity is assured by bittorrent by
>> providing sha1sums for each  chunk. And authenticity can be assured
>> just like it is with regular releases - just include a corresponding
>> signature file within the torrent.
>
> Better to download the signature over HTTPS but yes, I see no reason
> why this approach could not be made to work

With signature I meant a real signature (gpg signature), not a md5sum
or sha1sum file.
When it is a cryptographic signature, it doesn't matter how you
download it, as it cannot be faked.
(of course the user has to get the proper key, but that's a different issue)


>>> I may have dreamed it or I am mixing this up with something else.
>>
>> If those were the only reasons, then they were made-up arguments.
>
> When engaging with Infrastructure, expect to be challenged and to have
> to defend any proposal. These lists are open, so expect a range of
> cluefulness from contributors. The best way to impress the core
> infrastructure team is for plenty of clueful people from a project to
> show up and defend the proposal with well research arguments. Giving
> up and going away is the surest way to lose the argument...

With OOo the tracker network[1] was run independently anyway and not
hosted on the Oracle or OSUOSL hosted infrastructure. The main tracker
was Mike's at utwente, and that mirror also was the initial/main seed
for all the releases. There were other trackers linked together via a
tracker-hub (backup tracker as well as the hub were provided by
Harold).

So it is not a matter of infrastructure, but a matter of policy.

There's no need for the mechanism to change in my opinion. (torrents
are generated automatically as soon as they hit the mirror).

So if apache wants to setup their own bt network, they need one
capable machine (in terms of bandwidth) server to be the initial seed,
and one with almost no resources (can be the same machine of course)
to act as tracker.

[1] The trackers are *linked*, not separate, all trackers know about
every peer, so there is
no swarm fragmentation, and you got the fallback in case on of the
trackers is down
(TDF only uses one single tracker, but webseeds (traditional http/ftp
URLs) are included, so even when the tracker is down, the clients can
still use regular mirrors and DHT.)

ciao
Christian

Mime
View raw message