[erlang-questions] Rough thought on a P2P package distribution model for Erlang

Fri Sep 16 20:51:40 CEST 2011

How is this different from the already-solved problem of peer-to-peer
authenticated file distribution?

Tracker-based systems like bittorrent, and fully peer-to-peer systems like
freenet have been around for a very long time, and solve all of those
problems, with different trade-offs for performance, security,
susceptibility, etc.

Sincerely,

jw

--
Americans might object: there is no way we would sacrifice our living
standards for the benefit of people in the rest of the world. Nevertheless,
whether we get there willingly or not, we shall soon have lower consumption
rates, because our present rates are unsustainable.

On Tue, Sep 13, 2011 at 7:01 PM, jm <jeffm@REDACTED> wrote:

> In my previous email I said that I thought P2P package distribution system
> would be a good idea. This was due to it elimination the single points of
> failure with relying of the future of websites. There are a number of
> problems with using a P2P module. Chief among these are how to get packages
> into the system and how to know that these packages are trust worthy.
>
> With that in mind here's some rough thoughts on a P2P module repository for
> Erlang:
>
> Publisher: the person who maintains the package. Typically, the author of
> the module being published.
> Node:       a server which is a member of the P2P module repository system
> Indexer:   a person who creates an index of packages that they say meets
> some criteria ie, they vouch for the packages.
> Administrator: the person who looks after a node
>
> The process would work something like this,
>
> Some one writes a wonderful module the one everyone has been waiting for.
> Either the original author or someone on their behalf packages it up.
> The Publisher then makes this publicly available on a website or through
> git/mercurial/etc
> The Publisher notifies one or more indexers.
> Each Indexers check that the package meets their criteria.
> The Indexer then injects the package into the p2p distribution system along
> with an updated signed versioned index file.
> This index file lists which packages the Indexer has verified and the
> cryptographic hash for each package.
> The Administrators of other nodes select which Indexers they wish to follow
> and keep copies each Indexers public key (obtained out of band).
> The Nodes then replicates the index file of each Indexer of interest and
> the packages listed by those index files.
> These nodes then make this information available of ftp/http/p2p or other
> means to other nodes and end developers.
>
> Using an Indexer has a couple of advantages:
>  1) it eliminates the need for everyone to have certificates. Making the
> system cleaner to use and lowering the barrier to entry of package
> maintainers allow them to easily submit their work without distraction.
> 2) It maintains a concept similar to existing repositories with which
> people are familiar. This makes it easy for people to bring up and maintain
> additional nodes. It also means that the number of people that have to wade
> though all the packages out there is reduced down to the Indexer. You simple
> select the Indexer who has a package criteria which reflects your own.
>
> This is separate what packages are and who Erlang handles dependances. This
> is merely a distribution model.
>
> Excuse the broad description I merely intend this to give people ideas.
>
> Jeff.
>
> ______________________________**_________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/**listinfo/erlang-questions<http://erlang.org/mailman/listinfo/erlang-questions>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110916/cd826171/attachment.htm>