Good point. The easiest way to secure it would be for the service to trust the other machines based on their root password. If they don't match, don't trust; if they do, then they're either controlled by the same person or at least one of the admins is a moron. I was also assuming you would only trust packages signed by your distro, in which case, even if someone broke into your house and put a machine on your network, its rogue packages would easily be detected and ignored.
Local repositories have to be set up, and maintained by people. The package manager is 'just there'. I'm surprised the main distros haven't came up with a clever way like this to save on their bandwidth bills.
On 9/20/07, Kyle Sexton <ks@mocker.org> wrote:
"Billy Crook" <billycrook@gmail.com> writes:
> Has anyone ever heard of a package manager that 'scans' other machines within its subnet or within specified subnets
> for updates before using the official repositories? There would either have to be some service advertisement protocol
> lime MDNS or each machine would literally have to scan for a designated port number listening for these requests on all
> machines. Once they locate each other, the idea would be ome machine downloads 500MB of updates from the repo, and
> from there on, every other machine (with the same distro and arch) just pulls from the faster local machine, rather
> than using up inet bandwidth.
>
> Any suggestions (Other than a dedicated local repository mirror)?
>
I haven't heard of anything like this before, but a problem I see is
that you'd have to authenticate which of the servers are allowed to
contain updates. Otherwise someone could put a box up w/ rouge packages
and get them pushed out (granted package signing probably solves this a
little).
Can I ask what the advantage of this as opposed to a local repository
is?
--
Kyle Sexton