On July 25, 2020 5:06:01 AM UTC, Storm Dragon via aur-general <[email protected]> wrote: >Howdy, > >The recent AUR migration got me to wondering how difficult it would be >to set up the AUR as a p2p model with something like bit torrent. I am >not at this point even suggesting that it be implemented, I am more >just curious about the challenges of such a thing. > >Thinking about it, there would have to be some kind of security process >in place to make sure PKGBUILDs were not modified and retrieved from >only one source. Maybe a way to mark certain machines as trusted, >and/or setting a minimum of distributers that must agree on the >validity of the PKGBUILD in question. > >I am by no means an expert on this stuff but if something like this >were done, and if it worked, it could even be expanded to community >packages as well, meaning that any machine with a cache could also >serve as a mirror for those packages. So, is something like this >feasible? > >Thanks, >Storm > >-- >⛈🐲 >Accessible low cost computers for everyone! https://stormux.org >Get my public PGP key: gpg --recv-key 43DDC193 >The great thing about Object Oriented code is that it can make small, >simple problems look like large, complex ones. >"I've seen the tempest in darkest nights I've faced the eyes of Thor" >Stormwarrior - Heading Northe
Probably feasible, but it'd be a pain in the ass to update PKGBUILDs for AUR packages and so, not really a great idea. Plus, git already does most of what's needed. Likely, anyone could set up a mirror for the AUR by crawling through it and cloning all the packages, so it's really only centralized because no one bothers mirroring it. I really don't see why you'd want to share it over bit torrent to be honest.
signature.asc
Description: PGP signature
