[erlang-questions] Rough thought on a P2P package distribution model for Erlang
Wed Sep 14 04:01:35 CEST 2011
In my previous email I said that I thought P2P package distribution
system would be a good idea. This was due to it elimination the single
points of failure with relying of the future of websites. There are a
number of problems with using a P2P module. Chief among these are how to
get packages into the system and how to know that these packages are
With that in mind here's some rough thoughts on a P2P module repository
Publisher: the person who maintains the package. Typically, the author
of the module being published.
Node: a server which is a member of the P2P module repository system
Indexer: a person who creates an index of packages that they say meets
some criteria ie, they vouch for the packages.
Administrator: the person who looks after a node
The process would work something like this,
Some one writes a wonderful module the one everyone has been waiting for.
Either the original author or someone on their behalf packages it up.
The Publisher then makes this publicly available on a website or through
The Publisher notifies one or more indexers.
Each Indexers check that the package meets their criteria.
The Indexer then injects the package into the p2p distribution system
along with an updated signed versioned index file.
This index file lists which packages the Indexer has verified and the
cryptographic hash for each package.
The Administrators of other nodes select which Indexers they wish to
follow and keep copies each Indexers public key (obtained out of band).
The Nodes then replicates the index file of each Indexer of interest and
the packages listed by those index files.
These nodes then make this information available of ftp/http/p2p or
other means to other nodes and end developers.
Using an Indexer has a couple of advantages:
1) it eliminates the need for everyone to have certificates. Making
the system cleaner to use and lowering the barrier to entry of package
maintainers allow them to easily submit their work without distraction.
2) It maintains a concept similar to existing repositories with which
people are familiar. This makes it easy for people to bring up and
maintain additional nodes. It also means that the number of people that
have to wade though all the packages out there is reduced down to the
Indexer. You simple select the Indexer who has a package criteria which
reflects your own.
This is separate what packages are and who Erlang handles dependances.
This is merely a distribution model.
Excuse the broad description I merely intend this to give people ideas.
More information about the erlang-questions