[aur-general] bit torrent AUR

Storm Dragon stormdragon2976 at gmail.com
Sat Jul 25 05:06:01 UTC 2020


Howdy,

The recent AUR migration got me to wondering how difficult it would be to set up the AUR as a p2p model with something like bit torrent. I am not at this point even suggesting that it be implemented, I am more just curious about the challenges of such a thing.

Thinking about it, there would have to be some kind of security process in place to make sure PKGBUILDs were not modified and retrieved from only one source. Maybe a way to mark certain machines as trusted, and/or setting a minimum of distributers that must agree on the validity of the PKGBUILD in question.

I am by no means an expert on this stuff but if something like this were done, and if it worked, it could even be expanded to community packages as well, meaning that any machine with a cache could also serve as a mirror for those packages. So, is something like this feasible?

Thanks,
Storm

-- 
⛈🐲
Accessible low cost computers for everyone! https://stormux.org
Get my public PGP key: gpg --recv-key 43DDC193
The great thing about Object Oriented code is that it can make small, simple problems look like large, complex ones.
"I've seen the tempest in darkest nights I've faced the eyes of Thor"
Stormwarrior - Heading Northe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20200725/f910c837/attachment.sig>


More information about the aur-general mailing list