[Gllug] Bittorrent and security?
Richard Hall
r.j.hall at rhul.ac.uk
Mon Aug 23 15:22:14 UTC 2004
There is no need to encrypt the data as it is publicly available. So
long as it is either Digitally signed or hashed using a reasonable
hashing function like MD5, and the MD5 checksums are available from a
trusted source.
I think they are only distributing the CD images of the main releases
with BT as it is almost impossible to manage the file concurrency across
a multi peer system like BT. A new torrent would need to be created
and a completely different CD image seeded daily to keep up with the
nightly builds. This would lead to not many people seeding the
appropriate image as they would be seeding an out of date one within
24h, possibly before they even finished downloading it.
That's why they are pushing Jigdo for the nightly images.
=== === === === === === === === ===
Richard Hall
Systems Administrator
Information Security Group
Royal Holloway, University of London
Tel: +44 (0)1784 44 3111
Fax: +44 (0)1784 430766
gpg Key fingerprint:
D3AC 1999 9ECC F458 DFCC FF00 1ACA 8812 F055 BF2F
=== === === === === === === === ===
Chris Bell wrote:
> On Mon 23 Aug, Russell Howe wrote:
>
>
>>This is unlikely to happen for nightly builds or anything like that, but
>>for releases I'd expect them to do something like this.
>>
>>(There's no reason that it has to be PGP/GPG and MD5, but that's what
>>I've seen the Debian people using in the past)
>>
>
> I do not expect any less security in the nightly builds, the intention is
> to always encrypt data.
>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list