I did not intend to start a complete discussion about security and adequate technologies to mitigate risks. I just personally tried to implement such a scheme for .deb packages years ago, only to discover that there already existed some projects doing it very well [[apt-p2p]][[debtorrent]], but none gained traction within debian or ubuntu community. I cannot stress this enough: there are several perfectly working implementation that nobody uses.
Well, it is an interesting discussion also, these working
implementations are for debian, which doesn’t build private files (well…
most of the time, and I’d guess when it doesn’t these implementations
aren’t safe to use).
OTOH, nix also builds the configuration, including private stuff,
meaning we do need some security-specific improvements.
Before arguing more, we should wonder why this idea pops every once in a while, gets sometimes implemented but never used ? And what makes Nix different from deb-based distros ?
Well, NixOS does have the advantage of being also a configuration
management system. Meaning that turning the thing on could be a simple
on-off switch, while on deb-based distros it’s likely a big time
investment to get things to work. Actually, we could even make it a
1-character deletion, if it came commented in the default
Here, the drawback (requiring a specific P2P system) becomes the
advantage: people much more likely to actually do it.
And the important thing about P2P systems is that people actually do
it. Without it there’s no reason to use them, as it’ll usually just be
slower than downloading from a CDN.
From what I could gather, there is simply no traction to switch to p2p when there are reliable mirrors everywhere on the planet. These mirrors are a kind of p2p by themselves, just less decentralised.
And then, all these nasty issues of information disclosure kick in, and the project stall and dies before really getting used.
I understand how this idea appeals to a programmer, but in real-life we have CDNs, and torrents are only used for iso images, to allow recovery of network instability. Somehow, there must be a reason.
Well… if I was able to painlessly share the downloads between my
computers over my LAN, I’d be happy to do it. But I don’t because I’m
too lazy to setup a cache.
The whole idea would be to make turning on P2P much less work than
setting up a cache (because everyone would detect everyone else anyway),
and potentially even more secure too (because #47860, people just can’t
be trusted to actually keep their caches private when they need be).
So yes, there must be a reason. I believe this reason is complexity of
setting up the P2P system and non-discoverability of it by newcomers,
two issues NixOS could solve.