[OS X TeX] [OT] All about P2P (was: MacTeX-2008 Status)

[Thomas Bohn]

On 4 Sep 2008, at 05:09, Adam R. Maxwell wrote:

> Requesting data from an http/ftp/nntp server is a bit different from  
> opening up your filesystem to people all over the world,

You don't. At least not with BitTorrent, this protocol gives access to  
the file(s) in question nothing else. It is to my knowledge not  
possible to access other files, except those described in the  
BitTorrent file.

> hoping the program doesn't have a buffer overflow or a back door  
> that gives someone full access (assuming it was configured securely  
> in the first place).

This can be a problem if someone is spreading a manipulated BitTorrent  
file and this can be as dangerous as open a manipulated JPEG in a  
browser. But who runs such a software or any software for that matter  
as root or admin? I think you get the "old" way of P2P like Napster  
and Gnutella confused with BitTorrent.

> In the present case of MacTeX, it not necessary to use p2p, so  
> there's no justification for it.

P2P can help to reduce the load of the servers and get MacTeX faster  
to the people who wants it. You actually can distribute it to the  
public and to the mirrors at the same time.

> As far as I'm concerned, the bottom line is that the risk to  
> personal or other sensitive information on your system should be  
> carefully weighed before installing p2p software.

I think it is very important to know what actually runs on your own  
computer. (Freaking English language, this sentence sounds like I  
wanted to know what runs on your computer.) But I think you should  
know the difference between P2P protocols too. For me the decision to  
download 1.15 GB with Safari or BitTorrent was not hard to make.

Thomas