On 25/07/2020 10:49, Kusoneko wrote: > On July 25, 2020 5:06:01 AM UTC, Storm Dragon via aur-general > <[email protected]> wrote: >> Howdy, >> >> The recent AUR migration got me to wondering how difficult it would be >> to set up the AUR as a p2p model with something like bit torrent. I am >> not at this point even suggesting that it be implemented, I am more >> just curious about the challenges of such a thing. >> >> Thinking about it, there would have to be some kind of security process >> in place to make sure PKGBUILDs were not modified and retrieved from >> only one source. Maybe a way to mark certain machines as trusted, >> and/or setting a minimum of distributers that must agree on the >> validity of the PKGBUILD in question. >> >> I am by no means an expert on this stuff but if something like this >> were done, and if it worked, it could even be expanded to community >> packages as well, meaning that any machine with a cache could also >> serve as a mirror for those packages. So, is something like this >> feasible? >> >> Thanks, >> Storm >> >> -- >> ⛈🐲 >> Accessible low cost computers for everyone! https://stormux.org >> Get my public PGP key: gpg --recv-key 43DDC193 >> The great thing about Object Oriented code is that it can make small, >> simple problems look like large, complex ones. >> "I've seen the tempest in darkest nights I've faced the eyes of Thor" >> Stormwarrior - Heading Northe > > Probably feasible, but it'd be a pain in the ass to update PKGBUILDs for AUR > packages and so, not really a great idea. Plus, git already does most of > what's needed. Likely, anyone could set up a mirror for the AUR by crawling > through it and cloning all the packages, so it's really only centralized > because no one bothers mirroring it. I really don't see why you'd want to > share it over bit torrent to be honest. >
If you want to setup a mirror talk with arch-devops on either irc/mail. Don't abuse our services please :)
