8 years ago
I like trusted sources.
Somewhat underway as it seems. Check in on Deb-torrent. Several problems trying to keep the background network traffic low and the files up to date. Anyways I support the idea but think the same problems will still happen.
It would require a custom client for dissemination, which would connect to a dedicated "traffic control" server that would verify both package integrity via the checksum system already in place, as well as the redundancy measures needed to ensure package availability. for example, users would need to host a handful of packages. the packages that a user would host would be based both on demand for those packages, as well as the user's connection reliability. the user would retrieve package information the same way as now, but the traffic control server would check to see which users has the file needed, the amount of traffic that users are dealing with, and running security tests on the client side - with their permission, of course - in order to open up that user's client to other package peers.
another benefit from this system is that developers need only use the client for distribution of their software, and would simply get clearance from the administrators of the traffic control server to allow their packages to be listed in the repository database.
another excellent white paper was done on this idea, laying out all the details.
I'm not sure that mint could do this by itself but it's an intriguing idea, gets my vote.
I dunno about the security of this but it's an intriguing idea. One of the intentions of having repositories is that they are supposed to be secure and stable.